You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
When I instantiate a default CloudFront distribution using the default domain name I see the error: [Error at /ss-stickb/ui/NextSite/Distribution/Distribution/Resource] AwsSolutions-CFR4: The CloudFront distribution allows for SSLv3 or TLSv1 for HTTPS viewer connections.. This is happening because of the line below:
Yes. The extended explanation on that rule has more information
Vulnerabilities have been and continue to be discovered in the deprecated SSL and TLS protocols. Help protect viewer connections by specifying a viewer certificate that enforces a minimum of TLSv1.1 or TLSv1.2 in the security policy. Distributions that use the default CloudFront viewer certificate or use 'vip' for the SslSupportMethod are non-compliant with this rule, as the minimum security policy is set to TLSv1 regardless of the specified MinimumProtocolVersion
Hi,
When I instantiate a default CloudFront distribution using the default domain name I see the error:
[Error at /ss-stickb/ui/NextSite/Distribution/Distribution/Resource] AwsSolutions-CFR4: The CloudFront distribution allows for SSLv3 or TLSv1 for HTTPS viewer connections.
. This is happening because of the line below:cdk-nag/src/rules/cloudfront/CloudFrontDistributionHttpsViewerNoOutdatedSSL.ts
Line 23 in 16dacb9
Is this intended behavior? I would expect it to be secure behavior to use default CloudFront domain.
The text was updated successfully, but these errors were encountered: