diff --git a/assets/libraries/common.rego b/assets/libraries/common.rego index 6777cc6aaad..b338666bf54 100644 --- a/assets/libraries/common.rego +++ b/assets/libraries/common.rego @@ -482,7 +482,7 @@ any_principal(statement) { } is_recommended_tls(field) { - inArray({"TLSv1.2_2018", "TLSv1.2_2019", "TLSv1.2_2021"}, field) + inArray({"TLSv1.2_2018", "TLSv1.2_2019", "TLSv1.2_2021", "TLSv1.2_2025", "TLSv1.3_2025"}, field) } is_unrestricted(sourceRange) { diff --git a/assets/queries/cloudFormation/aws/cloudfront_without_minimum_protocol_tls_1.2/test/negative1.yaml b/assets/queries/cloudFormation/aws/cloudfront_without_minimum_protocol_tls_1.2/test/negative1.yaml index 768554f7de5..8b3faa30987 100644 --- a/assets/queries/cloudFormation/aws/cloudfront_without_minimum_protocol_tls_1.2/test/negative1.yaml +++ b/assets/queries/cloudFormation/aws/cloudfront_without_minimum_protocol_tls_1.2/test/negative1.yaml @@ -21,7 +21,7 @@ Resources: AcmCertificateArn: String CloudFrontDefaultCertificate: true IamCertificateId: String - MinimumProtocolVersion: "TLSv1.2_2018" + MinimumProtocolVersion: "TLSv1.2_2025" SslSupportMethod: String Tags: - Key: string-value diff --git a/assets/queries/cloudFormation/aws/cloudfront_without_minimum_protocol_tls_1.2/test/negative2.json b/assets/queries/cloudFormation/aws/cloudfront_without_minimum_protocol_tls_1.2/test/negative2.json index 3cc870dffa8..773ea786020 100644 --- a/assets/queries/cloudFormation/aws/cloudfront_without_minimum_protocol_tls_1.2/test/negative2.json +++ b/assets/queries/cloudFormation/aws/cloudfront_without_minimum_protocol_tls_1.2/test/negative2.json @@ -34,7 +34,7 @@ ], "ViewerCertificate": { "IamCertificateId": "String", - "MinimumProtocolVersion": "TLSv1.2_2018", + "MinimumProtocolVersion": "TLSv1.3_2025", "SslSupportMethod": "String", "AcmCertificateArn": "String", "CloudFrontDefaultCertificate": true