Amazon CloudFront launches TLS security policy with post-quantum support

Amazon CloudFront announces support for hybrid post-quantum key establishment across all existing Transport Layer Security (TLS) security policies, providing enhanced protection against future quantum computing threats for client-to-edge connections. Additionally, CloudFront launched a new TLS 1.3 only security policy that enhances TLS options between viewers and edge locations. These updates allow customers to leverage quantum-resistant encryption while having more flexibility in configuring their CloudFront distributions to meet specific security and compliance requirements.

The post-quantum cryptography (PQC) capabilities are automatically enabled for client-to-edge connections, providing future-proof encryption that ensures long-term data security and regulatory compliance readiness. PQC support is available on all existing security policies by default, requiring no customer configuration. The new TLS1.3_2025 policy, which supports TLS 1.3 only, enables customers to leverage the latest TLS protocol, which provides improved security and performance compared to earlier TLS versions. This is particularly useful for organizations that enforce using the most up-to-date security standards.

These PQC capabilities and new security policy are available in all CloudFront edge locations. There are no additional charges for using PQC or the TLS1.3_2025 policy. To learn more about Post Quantum Cryptography and this new TLS policy and how to implement them in your CloudFront distributions, visit the CloudFront documentation. CloudFront documentation.

Categories: general:products/amazon-cloudfront,marketing:marchitecture/networking-and-content-delivery

Source: Amazon Web Services

Latest Posts