File tree Expand file tree Collapse file tree 17 files changed +724
-0
lines changed
policy_snapshot/snapshots Expand file tree Collapse file tree 17 files changed +724
-0
lines changed Original file line number Diff line number Diff line change 1+ name: CloudFront-Upstream-2025
2+ min version: SSLv3
3+ rules:
4+ - Perfect Forward Secrecy: no
5+ - FIPS 140-3 (2019): no
6+ cipher suites:
7+ - TLS_AES_128_GCM_SHA256
8+ - TLS_AES_256_GCM_SHA384
9+ - TLS_CHACHA20_POLY1305_SHA256
10+ - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
11+ - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
12+ - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
13+ - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
14+ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
15+ - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
16+ - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
17+ - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
18+ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
19+ - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
20+ - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
21+ - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
22+ - TLS_RSA_WITH_AES_128_GCM_SHA256
23+ - TLS_RSA_WITH_AES_256_GCM_SHA384
24+ - TLS_RSA_WITH_AES_128_CBC_SHA256
25+ - TLS_RSA_WITH_AES_128_CBC_SHA
26+ - TLS_RSA_WITH_AES_256_CBC_SHA
27+ - TLS_RSA_WITH_3DES_EDE_CBC_SHA
28+ - TLS_RSA_WITH_RC4_128_MD5
29+ signature schemes:
30+ - ecdsa_sha256
31+ - ecdsa_sha384
32+ - ecdsa_sha512
33+ - legacy_ecdsa_sha224
34+ - rsa_pss_pss_sha256
35+ - rsa_pss_pss_sha384
36+ - rsa_pss_pss_sha512
37+ - rsa_pss_rsae_sha256
38+ - rsa_pss_rsae_sha384
39+ - rsa_pss_rsae_sha512
40+ - rsa_pkcs1_sha256
41+ - rsa_pkcs1_sha384
42+ - rsa_pkcs1_sha512
43+ - legacy_rsa_pkcs1_sha224
44+ - rsa_pkcs1_sha1
45+ - ecdsa_sha1
46+ curves:
47+ - secp256r1
48+ - x25519
49+ - secp384r1
Original file line number Diff line number Diff line change 1+ name: CloudFront-Upstream-2025-PQ
2+ min version: SSLv3
3+ rules:
4+ - Perfect Forward Secrecy: no
5+ - FIPS 140-3 (2019): no
6+ cipher suites:
7+ - TLS_AES_128_GCM_SHA256
8+ - TLS_AES_256_GCM_SHA384
9+ - TLS_CHACHA20_POLY1305_SHA256
10+ - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
11+ - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
12+ - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
13+ - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
14+ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
15+ - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
16+ - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
17+ - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
18+ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
19+ - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
20+ - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
21+ - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
22+ - TLS_RSA_WITH_AES_128_GCM_SHA256
23+ - TLS_RSA_WITH_AES_256_GCM_SHA384
24+ - TLS_RSA_WITH_AES_128_CBC_SHA256
25+ - TLS_RSA_WITH_AES_128_CBC_SHA
26+ - TLS_RSA_WITH_AES_256_CBC_SHA
27+ - TLS_RSA_WITH_3DES_EDE_CBC_SHA
28+ - TLS_RSA_WITH_RC4_128_MD5
29+ signature schemes:
30+ - mldsa44
31+ - mldsa65
32+ - mldsa87
33+ - ecdsa_sha256
34+ - ecdsa_sha384
35+ - ecdsa_sha512
36+ - legacy_ecdsa_sha224
37+ - rsa_pss_pss_sha256
38+ - rsa_pss_pss_sha384
39+ - rsa_pss_pss_sha512
40+ - rsa_pss_rsae_sha256
41+ - rsa_pss_rsae_sha384
42+ - rsa_pss_rsae_sha512
43+ - rsa_pkcs1_sha256
44+ - rsa_pkcs1_sha384
45+ - rsa_pkcs1_sha512
46+ - legacy_rsa_pkcs1_sha224
47+ - rsa_pkcs1_sha1
48+ - ecdsa_sha1
49+ curves:
50+ - secp256r1
51+ - x25519
52+ - secp384r1
53+ pq:
54+ - revision: 5
55+ - kem groups:
56+ -- X25519MLKEM768
57+ -- SecP256r1MLKEM768
58+ -- SecP384r1MLKEM1024
Original file line number Diff line number Diff line change 1+ name: CloudFront-Upstream-TLS-1-0-2025
2+ min version: TLS1.0
3+ rules:
4+ - Perfect Forward Secrecy: no
5+ - FIPS 140-3 (2019): no
6+ cipher suites:
7+ - TLS_AES_128_GCM_SHA256
8+ - TLS_AES_256_GCM_SHA384
9+ - TLS_CHACHA20_POLY1305_SHA256
10+ - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
11+ - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
12+ - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
13+ - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
14+ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
15+ - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
16+ - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
17+ - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
18+ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
19+ - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
20+ - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
21+ - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
22+ - TLS_RSA_WITH_AES_128_GCM_SHA256
23+ - TLS_RSA_WITH_AES_256_GCM_SHA384
24+ - TLS_RSA_WITH_AES_128_CBC_SHA256
25+ - TLS_RSA_WITH_AES_128_CBC_SHA
26+ - TLS_RSA_WITH_AES_256_CBC_SHA
27+ - TLS_RSA_WITH_3DES_EDE_CBC_SHA
28+ - TLS_RSA_WITH_RC4_128_MD5
29+ signature schemes:
30+ - ecdsa_sha256
31+ - ecdsa_sha384
32+ - ecdsa_sha512
33+ - legacy_ecdsa_sha224
34+ - rsa_pss_pss_sha256
35+ - rsa_pss_pss_sha384
36+ - rsa_pss_pss_sha512
37+ - rsa_pss_rsae_sha256
38+ - rsa_pss_rsae_sha384
39+ - rsa_pss_rsae_sha512
40+ - rsa_pkcs1_sha256
41+ - rsa_pkcs1_sha384
42+ - rsa_pkcs1_sha512
43+ - legacy_rsa_pkcs1_sha224
44+ - rsa_pkcs1_sha1
45+ - ecdsa_sha1
46+ curves:
47+ - secp256r1
48+ - x25519
49+ - secp384r1
Original file line number Diff line number Diff line change 1+ name: CloudFront-Upstream-TLS-1-0-2025-PQ
2+ min version: TLS1.0
3+ rules:
4+ - Perfect Forward Secrecy: no
5+ - FIPS 140-3 (2019): no
6+ cipher suites:
7+ - TLS_AES_128_GCM_SHA256
8+ - TLS_AES_256_GCM_SHA384
9+ - TLS_CHACHA20_POLY1305_SHA256
10+ - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
11+ - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
12+ - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
13+ - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
14+ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
15+ - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
16+ - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
17+ - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
18+ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
19+ - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
20+ - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
21+ - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
22+ - TLS_RSA_WITH_AES_128_GCM_SHA256
23+ - TLS_RSA_WITH_AES_256_GCM_SHA384
24+ - TLS_RSA_WITH_AES_128_CBC_SHA256
25+ - TLS_RSA_WITH_AES_128_CBC_SHA
26+ - TLS_RSA_WITH_AES_256_CBC_SHA
27+ - TLS_RSA_WITH_3DES_EDE_CBC_SHA
28+ - TLS_RSA_WITH_RC4_128_MD5
29+ signature schemes:
30+ - mldsa44
31+ - mldsa65
32+ - mldsa87
33+ - ecdsa_sha256
34+ - ecdsa_sha384
35+ - ecdsa_sha512
36+ - legacy_ecdsa_sha224
37+ - rsa_pss_pss_sha256
38+ - rsa_pss_pss_sha384
39+ - rsa_pss_pss_sha512
40+ - rsa_pss_rsae_sha256
41+ - rsa_pss_rsae_sha384
42+ - rsa_pss_rsae_sha512
43+ - rsa_pkcs1_sha256
44+ - rsa_pkcs1_sha384
45+ - rsa_pkcs1_sha512
46+ - legacy_rsa_pkcs1_sha224
47+ - rsa_pkcs1_sha1
48+ - ecdsa_sha1
49+ curves:
50+ - secp256r1
51+ - x25519
52+ - secp384r1
53+ pq:
54+ - revision: 5
55+ - kem groups:
56+ -- X25519MLKEM768
57+ -- SecP256r1MLKEM768
58+ -- SecP384r1MLKEM1024
Original file line number Diff line number Diff line change 1+ name: CloudFront-Upstream-TLS-1-1-2025
2+ min version: TLS1.1
3+ rules:
4+ - Perfect Forward Secrecy: no
5+ - FIPS 140-3 (2019): no
6+ cipher suites:
7+ - TLS_AES_128_GCM_SHA256
8+ - TLS_AES_256_GCM_SHA384
9+ - TLS_CHACHA20_POLY1305_SHA256
10+ - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
11+ - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
12+ - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
13+ - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
14+ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
15+ - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
16+ - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
17+ - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
18+ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
19+ - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
20+ - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
21+ - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
22+ - TLS_RSA_WITH_AES_128_GCM_SHA256
23+ - TLS_RSA_WITH_AES_256_GCM_SHA384
24+ - TLS_RSA_WITH_AES_128_CBC_SHA256
25+ - TLS_RSA_WITH_AES_128_CBC_SHA
26+ - TLS_RSA_WITH_AES_256_CBC_SHA
27+ - TLS_RSA_WITH_3DES_EDE_CBC_SHA
28+ - TLS_RSA_WITH_RC4_128_MD5
29+ signature schemes:
30+ - ecdsa_sha256
31+ - ecdsa_sha384
32+ - ecdsa_sha512
33+ - legacy_ecdsa_sha224
34+ - rsa_pss_pss_sha256
35+ - rsa_pss_pss_sha384
36+ - rsa_pss_pss_sha512
37+ - rsa_pss_rsae_sha256
38+ - rsa_pss_rsae_sha384
39+ - rsa_pss_rsae_sha512
40+ - rsa_pkcs1_sha256
41+ - rsa_pkcs1_sha384
42+ - rsa_pkcs1_sha512
43+ - legacy_rsa_pkcs1_sha224
44+ - rsa_pkcs1_sha1
45+ - ecdsa_sha1
46+ curves:
47+ - secp256r1
48+ - x25519
49+ - secp384r1
Original file line number Diff line number Diff line change 1+ name: CloudFront-Upstream-TLS-1-1-2025-PQ
2+ min version: TLS1.1
3+ rules:
4+ - Perfect Forward Secrecy: no
5+ - FIPS 140-3 (2019): no
6+ cipher suites:
7+ - TLS_AES_128_GCM_SHA256
8+ - TLS_AES_256_GCM_SHA384
9+ - TLS_CHACHA20_POLY1305_SHA256
10+ - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
11+ - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
12+ - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
13+ - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
14+ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
15+ - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
16+ - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
17+ - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
18+ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
19+ - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
20+ - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
21+ - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
22+ - TLS_RSA_WITH_AES_128_GCM_SHA256
23+ - TLS_RSA_WITH_AES_256_GCM_SHA384
24+ - TLS_RSA_WITH_AES_128_CBC_SHA256
25+ - TLS_RSA_WITH_AES_128_CBC_SHA
26+ - TLS_RSA_WITH_AES_256_CBC_SHA
27+ - TLS_RSA_WITH_3DES_EDE_CBC_SHA
28+ - TLS_RSA_WITH_RC4_128_MD5
29+ signature schemes:
30+ - mldsa44
31+ - mldsa65
32+ - mldsa87
33+ - ecdsa_sha256
34+ - ecdsa_sha384
35+ - ecdsa_sha512
36+ - legacy_ecdsa_sha224
37+ - rsa_pss_pss_sha256
38+ - rsa_pss_pss_sha384
39+ - rsa_pss_pss_sha512
40+ - rsa_pss_rsae_sha256
41+ - rsa_pss_rsae_sha384
42+ - rsa_pss_rsae_sha512
43+ - rsa_pkcs1_sha256
44+ - rsa_pkcs1_sha384
45+ - rsa_pkcs1_sha512
46+ - legacy_rsa_pkcs1_sha224
47+ - rsa_pkcs1_sha1
48+ - ecdsa_sha1
49+ curves:
50+ - secp256r1
51+ - x25519
52+ - secp384r1
53+ pq:
54+ - revision: 5
55+ - kem groups:
56+ -- X25519MLKEM768
57+ -- SecP256r1MLKEM768
58+ -- SecP384r1MLKEM1024
Original file line number Diff line number Diff line change 1+ name: CloudFront-Upstream-TLS-1-2-2025
2+ min version: TLS1.2
3+ rules:
4+ - Perfect Forward Secrecy: no
5+ - FIPS 140-3 (2019): no
6+ cipher suites:
7+ - TLS_AES_128_GCM_SHA256
8+ - TLS_AES_256_GCM_SHA384
9+ - TLS_CHACHA20_POLY1305_SHA256
10+ - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
11+ - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
12+ - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
13+ - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
14+ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
15+ - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
16+ - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
17+ - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
18+ - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
19+ - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
20+ - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
21+ - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
22+ - TLS_RSA_WITH_AES_128_GCM_SHA256
23+ - TLS_RSA_WITH_AES_256_GCM_SHA384
24+ - TLS_RSA_WITH_AES_128_CBC_SHA256
25+ - TLS_RSA_WITH_AES_128_CBC_SHA
26+ - TLS_RSA_WITH_AES_256_CBC_SHA
27+ - TLS_RSA_WITH_3DES_EDE_CBC_SHA
28+ - TLS_RSA_WITH_RC4_128_MD5
29+ signature schemes:
30+ - ecdsa_sha256
31+ - ecdsa_sha384
32+ - ecdsa_sha512
33+ - legacy_ecdsa_sha224
34+ - rsa_pss_pss_sha256
35+ - rsa_pss_pss_sha384
36+ - rsa_pss_pss_sha512
37+ - rsa_pss_rsae_sha256
38+ - rsa_pss_rsae_sha384
39+ - rsa_pss_rsae_sha512
40+ - rsa_pkcs1_sha256
41+ - rsa_pkcs1_sha384
42+ - rsa_pkcs1_sha512
43+ - legacy_rsa_pkcs1_sha224
44+ - rsa_pkcs1_sha1
45+ - ecdsa_sha1
46+ curves:
47+ - secp256r1
48+ - x25519
49+ - secp384r1
You can’t perform that action at this time.
0 commit comments