From 9715cf58622c6144933a2c9a2b742b953f53b273 Mon Sep 17 00:00:00 2001 From: Joshua Koo Date: Tue, 28 Nov 2023 00:57:41 +0000 Subject: [PATCH] Update CloudFront's upstream ECC Preference list - from s2n_ecc_pref_list_20140601 to s2n_ecc_pref_list_20230623 to include X25519 inline with CloudFront's documentation in https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-ciphers-cloudfront-to-origin.html --- tls/s2n_security_policies.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tls/s2n_security_policies.c b/tls/s2n_security_policies.c index 0ede9a44fdf..64517213b0a 100644 --- a/tls/s2n_security_policies.c +++ b/tls/s2n_security_policies.c @@ -180,7 +180,7 @@ const struct s2n_security_policy security_policy_cloudfront_upstream = { .cipher_preferences = &cipher_preferences_cloudfront_upstream, .kem_preferences = &kem_preferences_null, .signature_preferences = &s2n_signature_preferences_20140601, - .ecc_preferences = &s2n_ecc_preferences_20140601, + .ecc_preferences = &s2n_ecc_preferences_20230623, }; const struct s2n_security_policy security_policy_cloudfront_upstream_tls10 = { @@ -188,7 +188,7 @@ const struct s2n_security_policy security_policy_cloudfront_upstream_tls10 = { .cipher_preferences = &cipher_preferences_cloudfront_upstream_tls10, .kem_preferences = &kem_preferences_null, .signature_preferences = &s2n_signature_preferences_20140601, - .ecc_preferences = &s2n_ecc_preferences_20140601, + .ecc_preferences = &s2n_ecc_preferences_20230623, }; const struct s2n_security_policy security_policy_cloudfront_upstream_tls11 = { @@ -196,7 +196,7 @@ const struct s2n_security_policy security_policy_cloudfront_upstream_tls11 = { .cipher_preferences = &cipher_preferences_cloudfront_upstream_tls11, .kem_preferences = &kem_preferences_null, .signature_preferences = &s2n_signature_preferences_20140601, - .ecc_preferences = &s2n_ecc_preferences_20140601, + .ecc_preferences = &s2n_ecc_preferences_20230623, }; const struct s2n_security_policy security_policy_cloudfront_upstream_tls12 = { @@ -204,7 +204,7 @@ const struct s2n_security_policy security_policy_cloudfront_upstream_tls12 = { .cipher_preferences = &cipher_preferences_cloudfront_upstream_tls12, .kem_preferences = &kem_preferences_null, .signature_preferences = &s2n_signature_preferences_20140601, - .ecc_preferences = &s2n_ecc_preferences_20140601, + .ecc_preferences = &s2n_ecc_preferences_20230623, }; /* CloudFront viewer facing */