Amazon API Gateway Adds Configurable Transport Layer Security Version for Custom Domains

Posted on: Jun 20, 2019

You can now enforce a minimum Transport Layer Security (TLS) version and cipher suites through a security policy for connecting to your Amazon API Gateway custom domain, allowing you to further improve security for your customers.  

The TLS protocol addresses network security problems such as tampering and eavesdropping between a client and a server. When a client establishes a TLS handshake to your API through your custom domain, your security policy will enforce your chosen TLS version and cipher suite options available to the client. A security policy is a predefined combination of a minimum TLS version and cipher suites offered by API Gateway. You can configure TLS versions and cipher suites for all existing and new API Gateway custom domains by selecting the TLS v1.2 or TLS v1.0 security policy. For more information please see our documentation.  

To configure the security policy for your custom domain, use the AWS Management Console, AWS CLI, or AWS SDK for API Gateway. For more information about API Gateway, visit the product page. This feature is available in all regions where API Gateway is available. To see all regions where API Gateway is available, see the AWS region table.