Posted On: Jun 7, 2022

Amazon CloudFront now supports Transport Layer Security (TLS) 1.3 session resumption to further improve viewer connection performance. Until now, Amazon CloudFront has supported version 1.3 of the TLS protocol since 2020 to encrypt HTTPS communications between viewers and CloudFront. Customers that adopted the protocol have seen their connection performance improved by up to 30% compared with previous TLS versions. Starting today, customers that use TLS 1.3 will see up to 50% additional performance improvement thanks to TLS 1.3 session resumption. With session resumption, when a client reconnects to a server with which the client had an earlier TLS connection, the server decrypts the session ticket using a pre-shared key sent by the client and resumes the session. TLS 1.3 session resumption speeds up session establishment as it reduces computational overhead for both the server and the client. It also requires fewer packets to be transferred compared to a full TLS handshake.

TLS session resumption is automatically enabled for customers using TLS 1.3, and customers do not need to make any additional changes to their CloudFront deployment to benefit from the performance improvements of TLS 1.3 session resumption. Note that if your application uses an outdated OpenJDK version, we recommend that you update it to use the latest stable OpenJDK version, as an outdated OpenJDK may cause connection issues when clients attempt to perform session resumption. To learn more about JDK patching, see the OpenJDK bug page and our blog for bug mitigation.

To learn more about supported protocols and ciphers between viewers and CloudFront, see the CloudFront Developer Guide. To learn more about Amazon CloudFront, visit the Amazon CloudFront product page.