From fc5ed9a1742548b74c346f330d8739757e16b056 Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Fri, 5 Jan 2024 12:38:47 +0900 Subject: [PATCH 1/3] feat(opensearchservice): support TLS 1.3 and perfect forward secrecy --- packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts b/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts index 154f849647ea1..301e6837fde10 100644 --- a/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts +++ b/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts @@ -281,7 +281,9 @@ export enum TLSSecurityPolicy { /** Cipher suite TLS 1.0 */ TLS_1_0 = 'Policy-Min-TLS-1-0-2019-07', /** Cipher suite TLS 1.2 */ - TLS_1_2 = 'Policy-Min-TLS-1-2-2019-07' + TLS_1_2 = 'Policy-Min-TLS-1-2-2019-07', + /** Cipher suite TLS 1.2 to 1.3 with perfect forward secrecy cipher suites */ + TLS_1_3 = 'Policy-Min-TLS-1-2-PFS-2023-10', } /** From a0a75efe3df2b1391035efc2ba0e0df4b1a06b6b Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Fri, 5 Jan 2024 13:34:06 +0900 Subject: [PATCH 2/3] doc --- packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts b/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts index 301e6837fde10..37fda5ee10934 100644 --- a/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts +++ b/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts @@ -282,7 +282,7 @@ export enum TLSSecurityPolicy { TLS_1_0 = 'Policy-Min-TLS-1-0-2019-07', /** Cipher suite TLS 1.2 */ TLS_1_2 = 'Policy-Min-TLS-1-2-2019-07', - /** Cipher suite TLS 1.2 to 1.3 with perfect forward secrecy cipher suites */ + /** Cipher suite TLS 1.2 to 1.3 with perfect forward secrecy (PFS) */ TLS_1_3 = 'Policy-Min-TLS-1-2-PFS-2023-10', } From 6d6bf70dc89d9707c847ed54827545310b6847d8 Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Fri, 5 Jan 2024 13:43:56 +0900 Subject: [PATCH 3/3] change value --- packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts b/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts index 37fda5ee10934..81e94e80bb9b2 100644 --- a/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts +++ b/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts @@ -283,7 +283,7 @@ export enum TLSSecurityPolicy { /** Cipher suite TLS 1.2 */ TLS_1_2 = 'Policy-Min-TLS-1-2-2019-07', /** Cipher suite TLS 1.2 to 1.3 with perfect forward secrecy (PFS) */ - TLS_1_3 = 'Policy-Min-TLS-1-2-PFS-2023-10', + TLS_1_2_PFS = 'Policy-Min-TLS-1-2-PFS-2023-10', } /**