Skip to content

Commit

Permalink
Merge pull request #1856 from JamesBelchamber/cloudfront-new-minimum-…
Browse files Browse the repository at this point in the history
…protocol-versions

Change the default minimum_protocol_version to TLSv1
  • Loading branch information
Ninir authored Oct 18, 2017
2 parents a2f482a + e331386 commit 1b6527c
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 5 deletions.
2 changes: 1 addition & 1 deletion aws/resource_aws_cloudfront_distribution.go
Original file line number Diff line number Diff line change
Expand Up @@ -484,7 +484,7 @@ func resourceAwsCloudFrontDistribution() *schema.Resource {
"minimum_protocol_version": {
Type: schema.TypeString,
Optional: true,
Default: "SSLv3",
Default: "TLSv1",
},
"ssl_support_method": {
Type: schema.TypeString,
Expand Down
12 changes: 8 additions & 4 deletions website/docs/r/cloudfront_distribution.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -355,10 +355,14 @@ The arguments of `geo_restriction` are:
this, `acm_certificate_arn`, or `cloudfront_default_certificate`.

* `minimum_protocol_version` - The minimum version of the SSL protocol that
you want CloudFront to use for HTTPS connections. One of `SSLv3` or `TLSv1`.
Default: `SSLv3`. **NOTE**: If you are using a custom certificate (specified
with `acm_certificate_arn` or `iam_certificate_id`), and have specified
`sni-only` in `ssl_support_method`, `TLSv1` must be specified.
you want CloudFront to use for HTTPS connections. One of `SSLv3`, `TLSv1`,
`TLSv1_2016`, `TLSv1.1_2016` or `TLSv1.2_2018`. Default: `TLSv1`. **NOTE**:
If you are using a custom certificate (specified with `acm_certificate_arn`
or `iam_certificate_id`), and have specified `sni-only` in
`ssl_support_method`, `TLSv1` or later must be specified. If you have
specified `vip` in `ssl_support_method`, only `SSLv3` or `TLSv1` can be
specified. If you have specified `cloudfront_default_certificate`, `TLSv1`
must be specified.

* `ssl_support_method`: Specifies how you want CloudFront to serve HTTPS
requests. One of `vip` or `sni-only`. Required if you specify
Expand Down

0 comments on commit 1b6527c

Please sign in to comment.