Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.

# Protocolli e cifrari supportati tra visualizzatori e CloudFront
<a name="secure-connections-supported-viewer-protocols-ciphers"></a>

Quando [richiedi l'HTTPS tra i visualizzatori e la tua CloudFront distribuzione](DownloadDistValuesCacheBehavior.md#DownloadDistValuesViewerProtocolPolicy), devi scegliere una [politica di sicurezza](DownloadDistValuesGeneral.md#DownloadDistValues-security-policy) che determini le seguenti impostazioni:
+ Il SSL/TLS protocollo minimo CloudFront utilizzato per comunicare con gli spettatori.
+ I codici che è CloudFront possibile utilizzare per crittografare la comunicazione con gli spettatori.

Per scegliere una policy di sicurezza, specifica il valore applicabile per [Politica di sicurezza ( SSL/TLS versione minima)](DownloadDistValuesGeneral.md#DownloadDistValues-security-policy). La tabella seguente elenca i protocolli e i codici che è CloudFront possibile utilizzare per ogni politica di sicurezza.

Un visualizzatore deve supportare almeno uno dei codici supportati con cui stabilire una connessione HTTPS. CloudFront CloudFront sceglie un codice nell'ordine elencato tra i codici supportati dal visualizzatore. Consulta anche [Nomi di cifratura OpenSSL, s2n e RFC](#secure-connections-openssl-rfc-cipher-names).


|  | Policy di sicurezza |  | SSLv3 | TLSv1 | TLSv1\$12016 | TLSv1.1\$12016 | TLSv1.2\$12018 | TLSv1.2\$12019 | TLSv1.2\$12021 | TLSv1.2\$12025 | TLSv1.3\$12025 | 
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | 
| Protocolli supportati SSL/TLS  | 
| TLSv13. | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| TLSv12. | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |  | 
| TLSv11. | ♦ | ♦ | ♦ | ♦ |  |  |  |  |  | 
| TLSv1 | ♦ | ♦ | ♦ |  |  |  |  |  |  | 
| SSLv3 | ♦ |  |  |  |  |  |  |  |  | 
|  TLSv1Cifre 3.0 supportate | 
| TLS\$1AES\$1128\$1GCM\$1 SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| TLS\$1AES\$1256\$1GCM\$1 SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| TLS\$1 \$1 CHACHA20 POLY1305 SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |  | ♦ | 
| Crittografie ECDSA supportate | 
| ECDHE-ECDSA- -GCM- AES128 SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |  | 
| ECDHE-ECSA- - AES128 SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |  |  |  | 
| ECDHE-ECDSA- -SHA AES128 | ♦ | ♦ | ♦ | ♦ |  |  |  |  |  | 
| ECDHE-ECDSA- -GCM- AES256 SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |  | 
| ECDHE-ECSA- - CHACHA20 POLY1305 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |  |  | 
| ECDHE-ECDSA- - AES256 SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |  |  |  | 
| ECDHE-ECDSA- -SHA AES256 | ♦ | ♦ | ♦ | ♦ |  |  |  |  |  | 
| Crittografie RSA supportate | 
| ECDH-RSA- -GCM- AES128 SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |  | 
| ECDHE-RSA AES128 - - SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |  |  |  | 
| ECDHE-RSA- AES128 -SHA | ♦ | ♦ | ♦ | ♦ |  |  |  |  |  | 
| ECDHE-RSA- AES256 -GCM- SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |  | 
| ECDHE-RSA CHACHA20 - - POLY1305 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |  |  | 
| ECDHE-RSA- - AES256 SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |  |  |  | 
| ECDHE-RSA- AES256 -SHA | ♦ | ♦ | ♦ | ♦ |  |  |  |  |  | 
| AES128-GCM- SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ |  |  |  |  | 
| AES256-GCM- SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ |  |  |  |  | 
| AES128-SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ |  |  |  |  | 
| AES256-SHA | ♦ | ♦ | ♦ | ♦ |  |  |  |  |  | 
| AES128-SHA | ♦ | ♦ | ♦ | ♦ |  |  |  |  |  | 
| DES- -SHA CBC3 | ♦ | ♦ |  |  |  |  |  |  |  | 
| RC4-MD5 | ♦ |  |  |  |  |  |  |  |  | 

## Nomi di cifratura OpenSSL, s2n e RFC
<a name="secure-connections-openssl-rfc-cipher-names"></a>

OpenSSL e [s2n](https://github.com/awslabs/s2n) utilizzano nomi diversi per i cifrari rispetto agli standard TLS ([RFC 2246](https://tools.ietf.org/html/rfc2246), [RFC 4346](https://tools.ietf.org/html/rfc4346), [RFC 5246](https://tools.ietf.org/html/rfc5246) e [RFC 8446](https://tools.ietf.org/html/rfc8446)). La tabella seguente mappa i nomi OpenSSL e s2n al nome RFC per ogni crittografia.

CloudFront supporta scambi di chiavi classici e sicuri da un punto di vista quantistico. Per gli scambi di chiavi classici che utilizzano curve ellittiche, supporta quanto segue: CloudFront 
+ `prime256v1`
+ `X25519`
+ `secp384r1`

Per gli scambi di chiavi sicuri da un punto di vista quantistico, supporta quanto segue: CloudFront 
+ `X25519MLKEM768`
+ `SecP256r1MLKEM768`
**Nota**  
Gli scambi di chiavi Quantum-safe sono supportati solo con TLS 1.3. TLS 1.2 e le versioni precedenti non supportano lo scambio di chiavi a sicurezza quantistica.

  Per ulteriori informazioni, consulta i seguenti argomenti:
  + [Crittografia post-quantistica](https://aws.amazon.com/security/post-quantum-cryptography/)
  + [Algoritmi di crittografia e Servizi AWS](https://docs.aws.amazon.com/prescriptive-guidance/latest/encryption-best-practices/aws-cryptography-services.html#algorithms)
  + [Scambio di chiavi ibrido in TLS 1.3](https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/)

Per ulteriori informazioni sui requisiti dei certificati per CloudFront, vedere. [Requisiti per l'utilizzo SSL/TLS di certificati con CloudFront](cnames-and-https-requirements.md)


| Nome cifrato OpenSSL e s2n | Nome crittografia RFC | 
| --- | --- | 
|  TLSv1Cifre 3.0 supportate | 
| TLS\$1AES\$1128\$1GCM\$1 SHA256 | TLS\$1AES\$1128\$1GCM\$1 SHA256 | 
| TLS\$1AES\$1256\$1GCM\$1 SHA384 | TLS\$1AES\$1256\$1GCM\$1 SHA384 | 
| TLS\$1 \$1 CHACHA20 POLY1305 SHA256 | CHACHA20TLS\$1 \$1 POLY1305 SHA256 | 
| Crittografie ECDSA supportate | 
| ECDHE-ECDSA- -GCM- AES128 SHA256 | TLS\$1ECDHE\$1ECDSA\$1CON\$1AES\$1128\$1GCM\$1 SHA256 | 
| ECDHE-ECDSA- - AES128 SHA256 | TLS\$1ECDHE\$1ECDSA\$1CON\$1AES\$1128\$1CBC\$1 SHA256 | 
| ECDHE-ECDSA- -SHA AES128 | TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1128\$1CBC\$1SHA | 
| ECDHE-ECDSA- -GCM- AES256 SHA384 | TLS\$1ECDHE\$1ECDSA\$1CON\$1AES\$1256\$1GCM\$1 SHA384 | 
| ECDHE-ECDSA- - CHACHA20 POLY1305 | CHACHA20TLS\$1ECDHE\$1ECDSA\$1CON\$1 \$1 \$1 POLY1305 SHA256 | 
| ECDHE-ECDSA- - AES256 SHA384 | TLS\$1ECDHE\$1ECDSA\$1CON\$1AES\$1256\$1CBC\$1 SHA384 | 
| ECDHE-ECDSA- -SHA AES256 | TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1256\$1CBC\$1SHA | 
| Crittografie RSA supportate | 
| ECDH-RSA- -GCM- AES128 SHA256 | TLS\$1ECDHE\$1RSA\$1CON\$1AES\$1128\$1GCM\$1 SHA256 | 
| ECDHE-RSA- - AES128 SHA256 | TLS\$1ECDHE\$1RSA\$1CON\$1AES\$1128\$1CBC\$1 SHA256  | 
| ECDHE-RSA- -SHA AES128 | TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1SHA | 
| ECDHE-RSA- AES256 -GCM- SHA384 | TLS\$1ECDHE\$1RSA\$1CON\$1AES\$1256\$1GCM\$1 SHA384  | 
| ECDHE-RSA- - CHACHA20 POLY1305 | TLS\$1ECDHE\$1RSA\$1CON\$1 \$1 CHACHA20 \$1 POLY1305 SHA256 | 
| ECDHE-RSA- - AES256 SHA384 | TLS\$1ECDHE\$1RSA\$1CON\$1AES\$1256\$1CBC\$1 SHA384  | 
| ECDHE-RSA- -SHA AES256 | TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1SHA | 
| AES128-GCM- SHA256 | TLS\$1RSA\$1CON\$1AES\$1128\$1GCM\$1 SHA256 | 
| AES256-GCM- SHA384 | TLS\$1RSA\$1CON\$1AES\$1256\$1GCM\$1 SHA384 | 
| AES128-SHA256 | TLS\$1RSA\$1CON\$1AES\$1128\$1CBC\$1 SHA256 | 
| AES256-SHA | TLS\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1SHA | 
| AES128-SHA | TLS\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1SHA | 
| DES- -SHA CBC3  | TLS\$1RSA\$1WITH\$13DES\$1EDE\$1CBC\$1SHA  | 
| RC4-MD5 | TLS\$1RSA\$1CON\$1 \$1128\$1 RC4 MD5 | 

## Schemi di firma supportati tra spettatori e CloudFront
<a name="secure-connections-viewer-signature-schemes"></a>

CloudFront supporta i seguenti schemi di firma per le connessioni tra spettatori e. CloudFront


|  | Policy di sicurezza | Schemi di firma | SSLv3 | TLSv1 | TLSv1\$12016 | TLSv1.1\$12016 | TLSv1.2\$12018 | TLSv1.2\$12019 |  TLSv1.2\$12021 | TLSv1.2\$12025 | TLSv1.3\$12025 | 
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | 
| TLS\$1SIGNATURE\$1SCHEME\$1RSA\$1PSS\$1PSS\$1 SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| TLS\$1SIGNATURE\$1SCHEME\$1RSA\$1PSS\$1PSS\$1 SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| TLS\$1SIGNATURE\$1SCHEME\$1RSA\$1PSS\$1PSS\$1 SHA512 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| TLS\$1SIGNATURE\$1SCHEME\$1RSA\$1PSS\$1RSAE\$1 SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| TLS\$1SIGNATURE\$1SCHEME\$1RSA\$1PSS\$1RSAE\$1 SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| TLS\$1SIGNATURE\$1SCHEME\$1RSA\$1PSS\$1RSAE\$1 SHA512 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| TLS\$1SIGNATURE\$1SCHEME\$1RSA\$1 \$1 PKCS1 SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| PKCS1TLS\$1SIGNATURE\$1SCHEME\$1RSA\$1 \$1 SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| PKCS1TLS\$1SIGNATURE\$1SCHEME\$1RSA\$1 \$1 SHA512 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| PKCS1TLS\$1SIGNATURE\$1SCHEME\$1RSA\$1 \$1 SHA224 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |  |  | 
| TLS\$1SIGNATURE\$1SCHEME\$1ECDSA\$1 SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| TLS\$1SIGNATURE\$1SCHEME\$1ECDSA\$1 SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| TLS\$1SIGNATURE\$1SCHEME\$1ECDSA\$1 SHA512 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| TLS\$1SIGNATURE\$1SCHEME\$1ECDSA\$1 SHA224 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |  |  | 
| TLS\$1SIGNATURE\$1SCHEME\$1ECDSA\$1 R1\$1 SECP256 SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| TLS\$1SIGNATURE\$1SCHEME\$1ECDSA\$1 SECP384 R1\$1 SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| PKCS1TLS\$1SIGNATURE\$1SCHEME\$1RSA\$1 \$1 SHA1 | ♦ | ♦ | ♦ | ♦ |  |  |  |  |  | 
| TLS\$1SIGNATURE\$1SCHEME\$1ECDSA\$1 SHA1 | ♦ | ♦ | ♦ | ♦ |  |  |  |  |  |