Posted On: Mar 15, 2018

Starting today, you can now use Amazon CloudFront to negotiate HTTPS connections to origins using Elliptic Curve Digital Signature Algorithm (ECDSA). ECDSA uses smaller keys that are faster, yet, just as secure, as the older RSA algorithm. The smaller keys will also increase the number of TLS handshakes that your origins can process per second, thereby saving compute cycles and reducing your cost of cryptography. To enable ECDSA, simply configure your origin server to use and prefer an ECDSA certificate. There is no additional fee for using this feature. To learn more about how ECDSA works on CloudFront, see the blog post and the CloudFront Developer Guide.