本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
當您在檢視器和 CloudFront 分佈之間請求 HTTPS 時,您必須選擇安全性政策,以決定下列設定。
-
CloudFront 用來與檢視者通訊的最低 SSL/TLS 通訊協定。
-
CloudFront 可用來加密與檢視器通訊的密碼。
若要選擇安全政策,請指定適用於 安全政策 (最低 SSL/TLS 版本) 的適用值。下表列出 CloudFront 可以用於每個安全原則的協定與密碼。
檢視器必須支援至少一個受支援的密碼,建立與 CloudFront 的 HTTPS 連線。CloudFront 從檢視器支援的密碼中依列出的順序選擇密碼。另請參閱OpenSSL、S2n 和 RFC 密碼名稱。
| 安全政策 | |||||||
|---|---|---|---|---|---|---|---|
| SSLv3 | TLSv1 | TLSv1_2016 | TLSv1.1_2016 | TLSv1.2_2018 | TLSv1.2_2019 | TLSv1.2_2021 | |
| 支援的 SSL/TLS 通訊協定 | |||||||
| TLSv1.3 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| TLSv1.2 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| TLSv1.1 | ♦ | ♦ | ♦ | ♦ | |||
| TLSv1 | ♦ | ♦ | ♦ | ||||
| SSLv3 | ♦ | ||||||
| 支援的 TLSv1.3 密碼 | |||||||
| TLS_AES_128_GCM_SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| TLS_AES_256_GCM_SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| TLS_CHACHA20_POLY1305_SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| 支援的 ECDSA 密碼 | |||||||
| ECDHE-ECDSA-AES128-GCM-SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| ECDHE-ECDSA-AES128-SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | |
| ECDHE-ECDSA-AES128-SHA | ♦ | ♦ | ♦ | ♦ | |||
| ECDHE-ECDSA-AES256-GCM-SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| ECDHE-ECDSA-CHACHA20-POLY1305 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| ECDHE-ECDSA-AES256-SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | |
| ECDHE-ECDSA-AES256-SHA | ♦ | ♦ | ♦ | ♦ | |||
| 支援的 RSA 密碼 | |||||||
| ECDHE-RSA-AES128-GCM-SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| ECDHE-RSA-AES128-SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | |
| ECDHE-RSA-AES128-SHA | ♦ | ♦ | ♦ | ♦ | |||
| ECDHE-RSA-AES256-GCM-SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| ECDHE-RSA-CHACHA20-POLY1305 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| ECDHE-RSA-AES256-SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | |
| ECDHE-RSA-AES256-SHA | ♦ | ♦ | ♦ | ♦ | |||
| AES128-GCM-SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ||
| AES256-GCM-SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ||
| AES128-SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ||
| AES256-SHA | ♦ | ♦ | ♦ | ♦ | |||
| AES128-SHA | ♦ | ♦ | ♦ | ♦ | |||
| DES-CBC3-SHA | ♦ | ♦ | |||||
| RC4-MD5 | ♦ | ||||||
OpenSSL、S2n 和 RFC 密碼名稱
penSSL and s2n
對於具有橢圓曲線金鑰交換演算法的密碼,CloudFront 支援下列橢圓曲線:
-
prime256v1
-
X25519
如需 CloudFront 憑證需求的詳細資訊,請參閱與 CloudFront 搭配使用 SSL/TLS 憑證的要求。
| OpenSSL 和 s2n 密碼名稱 | RFC 密碼名稱 |
|---|---|
| 支援的 TLSv1.3 密碼 | |
| TLS_AES_128_GCM_SHA256 | TLS_AES_128_GCM_SHA256 |
| TLS_AES_256_GCM_SHA384 | TLS_AES_256_GCM_SHA384 |
| TLS_CHACHA20_POLY1305_SHA256 | TLS_CHACHA20_POLY1305_SHA256 |
| 支援的 ECDSA 密碼 | |
| ECDHE-ECDSA-AES128-GCM-SHA256 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
| ECDHE-ECDSA-AES128-SHA256 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
| ECDHE-ECDSA-AES128-SHA | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
| ECDHE-ECDSA-AES256-GCM-SHA384 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
| ECDHE-ECDSA-CHACHA20-POLY1305 | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 |
| ECDHE-ECDSA-AES256-SHA384 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
| ECDHE-ECDSA-AES256-SHA | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
| 支援的 RSA 密碼 | |
| ECDHE-RSA-AES128-GCM-SHA256 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| ECDHE-RSA-AES128-SHA256 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
| ECDHE-RSA-AES128-SHA | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
| ECDHE-RSA-AES256-GCM-SHA384 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| ECDHE-RSA-CHACHA20-POLY1305 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
| ECDHE-RSA-AES256-SHA384 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
| ECDHE-RSA-AES256-SHA | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
| AES128-GCM-SHA256 | TLS_RSA_WITH_AES_128_GCM_SHA256 |
| AES256-GCM-SHA384 | TLS_RSA_WITH_AES_256_GCM_SHA384 |
| AES128-SHA256 | TLS_RSA_WITH_AES_128_CBC_SHA256 |
| AES256-SHA | TLS_RSA_WITH_AES_256_CBC_SHA |
| AES128-SHA | TLS_RSA_WITH_AES_128_CBC_SHA |
| DES-CBC3-SHA | TLS_RSA_WITH_3DES_EDE_CBC_SHA |
| RC4-MD5 | TLS_RSA_WITH_RC4_128_MD5 |
檢視器和檢視器之間支援的簽名結構描述和 CloudFront
CloudFront 支援下列簽名結構描述,用於與檢視器之間的連結和 CloudFront。
| 安全政策 | |||||||
|---|---|---|---|---|---|---|---|
| 簽章方案 | SSLv3 | TLSv1 | TLSv1_2016 | TLSv1.1_2016 | TLSv1.2_2018 | TLSv1.2_2019 | 和 TLSv1.2_2021 |
| TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA512 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA512 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA512 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA224 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| TLS_SIGNATURE_SCHEME_ECDSA_SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| TLS_SIGNATURE_SCHEME_ECDSA_SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| TLS_SIGNATURE_SCHEME_ECDSA_SHA512 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| TLS_SIGNATURE_SCHEME_ECDSA_SHA224 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| TLS_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| TLS_SIGNATURE_SCHEME_ECDSA_SECP384R1_SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |
| TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA1 | ♦ | ♦ | ♦ | ♦ | |||
| TLS_SIGNATURE_SCHEME_ECDSA_SHA1 | ♦ | ♦ | ♦ | ♦ | |||
