Skip to main content

lacework-global-126

CloudFront Origin SSL Protocols should not use insecure Cipher(s)

Description

It is recommended not to use vulnerable SSL ciphers for communicating between an CDN destination origin and CloudFront. A violation is triggered when the SSLv3 protocol is configured for CDN destination origin.

Remediation

Unset the Distribution Origin SSL Protocols SSLv3 checkbox.

  1. Log in to the AWS Management Console.

  2. Select Services.

  3. Select CloudFront.

  4. Select the Distribution to edit.

  5. Select the Origins tab.

  6. Select the Origin to edit and select Edit.

  7. Under Minimum origin SSL protocol, select a protocol other than SSLv3.

  8. Select Save changes.