A security policy determines the SSL/TLS protocol that CloudFront uses to communicate with viewers, and the cipher that CloudFront uses to encrypt the content that it returns to viewers. The TLSv1.2_2019 policy sets the minimum negotiated Transport Layer Security (TLS) version to 1.2 and removes the CBC (cipher block chaining) block cipher modes. When you create a new distribution using a custom SSL certificate, TLSv1.2_2019 will be the default policy option selected. You may use the AWS Management Console, Amazon CloudFront APIs, or AWS CloudFormation to update your existing distribution configuration to use this new security policy.
The TLSv1.2_2019 security policy is available today. To learn more about this new policy and ciphers supported refer to CloudFront’s documentation. To get started with CloudFront, visit the CloudFront product page.