Starting today, you can further improve security for your web applications on Amazon CloudFront by selecting a pre-defined security policy that enforces TLS version 1.1 or 1.2 as the minimum protocol version. Amazon CloudFront will automatically select the cipher suite for your selected security policy which it will use to encrypt your content before returning it to viewers over HTTPS. For instance, with this feature, you can select the security policy that enforces TLS version 1.1 and weak ciphers such as RC4 and 3DES will automatically be excluded. This feature is available when you use custom SSL certificates to serve HTTPS requests using SNI.