Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update default minimum viewer protocol to TLSv1.2_2021 #117

Merged
merged 5 commits into from
Mar 19, 2024
Merged

Update default minimum viewer protocol to TLSv1.2_2021 #117

merged 5 commits into from
Mar 19, 2024

Conversation

venkatamutyala
Copy link
Contributor

what

By default deprecated protocols are being supported:

image

This change would disable support for viewers using TLS 1.1 and TLS 1.0.

why

1.0 and 1.1 are known to be deprecated/insecure. To save folks trouble by their security teams using the latest version seems the most appropriate.

references

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html

@venkatamutyala venkatamutyala requested review from a team as code owners March 14, 2024 05:06
@mergify mergify bot added the triage Needs triage label Mar 14, 2024
@joe-niland joe-niland added the patch A minor, backward compatible change label Mar 14, 2024
@joe-niland
Copy link
Member

Thanks @venkatamutyala

Could you please run the following and commit the result?

make init
make readme

@joe-niland joe-niland self-requested a review March 14, 2024 06:09
@venkatamutyala
Copy link
Contributor Author

Done. Let me know if you folks need anything else.

@joe-niland joe-niland removed the triage Needs triage label Mar 14, 2024
@joe-niland
Copy link
Member

/terratest

joe-niland
joe-niland reviewed Mar 15, 2024
View reviewed changes
Copy link
Member

@joe-niland joe-niland left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One suggestion

variables.tf Outdated Show resolved Hide resolved
@joe-niland joe-niland changed the title MAJOR: update TLS support to latest recommended from AWS TLSv1.2_2021 Update default minimum viewer protocol to latest recommended from AWS TLSv1.2_2021 Mar 15, 2024
@venkatamutyala @joe-niland
chore: update description/docs for viewer_minimum_protocol_version
aa93f5b 
Co-authored-by: Joe Niland <joe@originalmind.com.au>
@joe-niland
Copy link
Member

Thanks @venkatamutyala the latest change will require the readme to be updated again

@joe-niland
Copy link
Member

/terratest

@joe-niland joe-niland changed the title Update default minimum viewer protocol to latest recommended from AWS TLSv1.2_2021 Update default minimum viewer protocol to TLSv1.2_2021 Mar 19, 2024
@joe-niland joe-niland merged commit 8b9ca79 into cloudposse:main Mar 19, 2024
12 checks passed
@joe-niland
Copy link
Member

Thanks for your contribution @venkatamutyala

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joe-niland joe-niland joe-niland left review comments

@nitrocode nitrocode nitrocode approved these changes

@gberenice gberenice Awaiting requested review from gberenice gberenice is a code owner automatically assigned from cloudposse/contributors

Assignees
No one assigned
Labels
patch A minor, backward compatible change
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@venkatamutyala @joe-niland @nitrocode