lacework-global-126
CloudFront Origin SSL Protocols should not use insecure Ciphers
Description
Best practices recommend not using vulnerable SSL ciphers for communicating between a Content Delivery Network (CDN) destination origin and CloudFront. Violations reported when using the SSLv3 protocol for CDN destination origin.
Remediation
Unset the Distribution Origin SSL Protocols SSLv3 checkbox.
- Log in to the AWS Management Console.
- Select Services.
- Select CloudFront.
- Select the Distribution to edit.
- Select the Origins tab.
- Select the Origin to edit and select Edit.
- Under Minimum origin SSL protocol, select a protocol other than SSLv3.
- Select Save changes.