Skip to main content

lacework-global-126

CloudFront Origin SSL Protocols should not use insecure Ciphers

Description

Best practices recommend not using vulnerable SSL ciphers for communicating between a Content Delivery Network (CDN) destination origin and CloudFront. Violations reported when using the SSLv3 protocol for CDN destination origin.

Remediation

Unset the Distribution Origin SSL Protocols SSLv3 checkbox.

  1. Log in to the AWS Management Console.

  2. Select Services.

  3. Select CloudFront.

  4. Select the Distribution to edit.

  5. Select the Origins tab.

  6. Select the Origin to edit and select Edit.

  7. Under Minimum origin SSL protocol, select a protocol other than SSLv3.

  8. Select Save changes.

Last updated on