From 7f58da0a36a8875d4ee2b2466bf4b05e28f9d8f2 Mon Sep 17 00:00:00 2001 From: Michael Wittig Date: Tue, 24 Jan 2023 16:52:25 +0100 Subject: [PATCH] [Security] * - Require TLS 1.2 or higher --- static-website/static-website.yaml | 2 +- wordpress/wordpress-ha-aurora.yaml | 2 +- wordpress/wordpress-ha.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/static-website/static-website.yaml b/static-website/static-website.yaml index 6808d2ba3..02a2bd0e3 100644 --- a/static-website/static-website.yaml +++ b/static-website/static-website.yaml @@ -275,7 +275,7 @@ Resources: ViewerCertificate: AcmCertificateArn: !If [HasCreateAcmCertificate, !Ref Certificate, !If [HasAcmCertificateArn, !Ref ExistingCertificate, !Ref 'AWS::NoValue']] IamCertificateId: !If [HasIamCertificateId, !Ref ExistingCertificate, !Ref 'AWS::NoValue'] - MinimumProtocolVersion: 'TLSv1.1_2016' + MinimumProtocolVersion: 'TLSv1.2_2019' SslSupportMethod: 'sni-only' WebACLId: !If - HasWAF diff --git a/wordpress/wordpress-ha-aurora.yaml b/wordpress/wordpress-ha-aurora.yaml index a21469e52..44a6b99ec 100644 --- a/wordpress/wordpress-ha-aurora.yaml +++ b/wordpress/wordpress-ha-aurora.yaml @@ -1375,7 +1375,7 @@ Resources: ViewerCertificate: AcmCertificateArn: !Ref CloudFrontAcmCertificate SslSupportMethod: 'sni-only' - MinimumProtocolVersion: TLSv1 + MinimumProtocolVersion: 'TLSv1.2_2019' BackupVault: # cannot be deleted with data Condition: HasEFSBackupRetentionPeriod Type: 'AWS::Backup::BackupVault' diff --git a/wordpress/wordpress-ha.yaml b/wordpress/wordpress-ha.yaml index a6c99e36b..47a350c2c 100644 --- a/wordpress/wordpress-ha.yaml +++ b/wordpress/wordpress-ha.yaml @@ -1498,7 +1498,7 @@ Resources: ViewerCertificate: AcmCertificateArn: !Ref CloudFrontAcmCertificate SslSupportMethod: 'sni-only' - MinimumProtocolVersion: TLSv1 + MinimumProtocolVersion: 'TLSv1.2_2019' BackupVault: # cannot be deleted with data Condition: HasEFSBackupRetentionPeriod Type: 'AWS::Backup::BackupVault'