minimumProtocolVersion property

MinimumProtocolVersion? minimumProtocolVersion
final

Specify the security policy that you want CloudFront to use for HTTPS connections. A security policy determines two settings:

  • The minimum SSL/TLS protocol that CloudFront uses to communicate with viewers
  • The cipher that CloudFront uses to encrypt the content that it returns to viewers
We recommend that you specify TLSv1.1_2016 unless your users are using browsers or devices that do not support TLSv1.1 or later.

When both of the following are true, you must specify TLSv1 or later for the security policy:

  • You're using a custom certificate: you specified a value for ACMCertificateArn or for IAMCertificateId
  • You're using SNI: you specified sni-only for SSLSupportMethod
If you specify true for CloudFrontDefaultCertificate, CloudFront automatically sets the security policy to TLSv1 regardless of the value that you specify for MinimumProtocolVersion.

For information about the relationship between the security policy that you choose and the protocols and ciphers that CloudFront uses to communicate with viewers, see Supported SSL/TLS Protocols and Ciphers for Communication Between Viewers and CloudFront in the Amazon CloudFront Developer Guide.

Implementation

final MinimumProtocolVersion? minimumProtocolVersion;