CloudFront distributions should use SNI to serve HTTPS requests

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

This check examines whether Amazon CloudFront distributions are using a custom SSL/TLS certificate and have been set up to use Server Name Indication (SNI) for processing HTTPS requests. This check fails when a custom SSL/TLS certificate is linked, but the SSL/TLS support method involves a dedicated IP address.

Server Name Indication (SNI) serves as an extension to the TLS protocol that is compatible with browsers and clients released post-2010. If you opt to configure CloudFront to handle HTTPS requests through SNI, CloudFront associates your alternate domain name with an IP address specific to each edge location. After a viewer initiates an HTTPS request for your content, DNS directs the request to the applicable IP address for the correct edge location. The mapping of the IP address to your domain name is determined during the SSL/TLS handshake negotiation, without the IP address being exclusive to your distribution.

Remediation

For instructions on setting up a CloudFront distribution to use Server Name Indication (SNI) for handling HTTPS requests, refer to Using SNI to Serve HTTPS Requests in the CloudFront Developer Guide.

PREVIEWING: rtrieu/product-analytics-ui-changes