fix(cloudfront): Update Suported Security Protocol enum and set TLS_V1_2_2019 as a default version

packages/@aws-cdk/aws-cloudfront/README.md

@@ -101,7 +101,7 @@ your domain name, and provide one (or more) domain names from the certificate fo
 
 The certificate must be present in the AWS Certificate Manager (ACM) service in the US East (N. Virginia) region; the certificate
 may either be created by ACM, or created elsewhere and imported into ACM. When a certificate is used, the distribution will support HTTPS connections
-from SNI only and a minimum protocol version of TLSv1.2_2018.
+from SNI only and a minimum protocol version of TLSv1.2_2019.
 
 ```ts
 const myCertificate = new acm.DnsValidatedCertificate(this, 'mySiteCert', {

packages/@aws-cdk/aws-cloudfront/lib/distribution.ts

@@ -430,7 +430,7 @@ export class Distribution extends Resource implements IDistribution {
     return {
       acmCertificateArn: certificate.certificateArn,
       sslSupportMethod: SSLMethod.SNI,
-      minimumProtocolVersion: SecurityPolicyProtocol.TLS_V1_2_2018,
+      minimumProtocolVersion: SecurityPolicyProtocol.TLS_V1_2_2019,
     };
   }
 }
@@ -510,7 +510,8 @@ export enum SecurityPolicyProtocol {
   TLS_V1 = 'TLSv1',
   TLS_V1_2016 = 'TLSv1_2016',
   TLS_V1_1_2016 = 'TLSv1.1_2016',
-  TLS_V1_2_2018 = 'TLSv1.2_2018'
+  TLS_V1_2_2018 = 'TLSv1.2_2018',
+  TLS_V1_2_2019 = 'TLSv1.2_2019'
 }
 
 /**

packages/@aws-cdk/aws-cloudfront/lib/web_distribution.ts

@@ -247,7 +247,7 @@ export interface CustomOriginConfig {
   /**
    * The SSL versions to use when interacting with the origin.
    *
-   * @default OriginSslPolicy.TLSv1_2
+   * @default OriginSslPolicy.TLS_V1_2
    */
   readonly allowedOriginSSLVersions?: OriginSslPolicy[];
 
@@ -702,6 +702,7 @@ export class CloudFrontWebDistribution extends cdk.Resource implements IDistribu
     [SSLMethod.SNI]: [
       SecurityPolicyProtocol.TLS_V1, SecurityPolicyProtocol.TLS_V1_1_2016,
       SecurityPolicyProtocol.TLS_V1_2016, SecurityPolicyProtocol.TLS_V1_2_2018,
+      SecurityPolicyProtocol.TLS_V1_2_2019,
     ],
     [SSLMethod.VIP]: [SecurityPolicyProtocol.SSL_V3, SecurityPolicyProtocol.TLS_V1],
   };

packages/@aws-cdk/aws-cloudfront/package.json

@@ -138,6 +138,7 @@
       "docs-public-apis:@aws-cdk/aws-cloudfront.SecurityPolicyProtocol.TLS_V1_2016",
       "docs-public-apis:@aws-cdk/aws-cloudfront.SecurityPolicyProtocol.TLS_V1_1_2016",
       "docs-public-apis:@aws-cdk/aws-cloudfront.SecurityPolicyProtocol.TLS_V1_2_2018",
+      "docs-public-apis:@aws-cdk/aws-cloudfront.SecurityPolicyProtocol.TLS_V1_2_2019",
       "docs-public-apis:@aws-cdk/aws-cloudfront.ViewerCertificate.aliases",
       "docs-public-apis:@aws-cdk/aws-cloudfront.ViewerCertificate.props",
       "docs-public-apis:@aws-cdk/aws-cloudfront.ViewerCertificateOptions",

packages/@aws-cdk/aws-cloudfront/test/distribution.test.ts

@@ -98,7 +98,7 @@ test('exhaustive example of props renders correctly', () => {
       ViewerCertificate: {
         AcmCertificateArn: 'arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012',
         SslSupportMethod: 'sni-only',
-        MinimumProtocolVersion: 'TLSv1.2_2018',
+        MinimumProtocolVersion: 'TLSv1.2_2019',
       },
     },
   });
@@ -299,7 +299,7 @@ describe('certificates', () => {
         ViewerCertificate: {
           AcmCertificateArn: 'arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012',
           SslSupportMethod: 'sni-only',
-          MinimumProtocolVersion: 'TLSv1.2_2018',
+          MinimumProtocolVersion: 'TLSv1.2_2019',
         },
       },
     });