Skip to content

Commit bfe5366

Browse files
alexw91alexw91
committed
Update Policy Snapshots
1 parent 81ae131 commit bfe5366

25 files changed

+862
-0
lines changed

tests/policy_snapshot/snapshots/CloudFront-SSL-v-3

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,3 +42,8 @@ curves:
4242
- x25519
4343
- secp256r1
4444
- secp384r1
45+
pq:
46+
- revision: 5
47+
- kem groups:
48+
-- X25519MLKEM768
49+
-- SecP256r1MLKEM768

tests/policy_snapshot/snapshots/CloudFront-SSL-v-3-no-pq

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
name: CloudFront-SSL-v-3-no-pq
2+
min version: SSLv3
3+
rules:
4+
- Perfect Forward Secrecy: no
5+
- FIPS 140-3 (2019): no
6+
cipher suites:
7+
- TLS_AES_128_GCM_SHA256
8+
- TLS_AES_256_GCM_SHA384
9+
- TLS_CHACHA20_POLY1305_SHA256
10+
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
11+
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
12+
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
13+
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
14+
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
15+
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
16+
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
17+
- TLS_RSA_WITH_AES_128_GCM_SHA256
18+
- TLS_RSA_WITH_AES_256_GCM_SHA384
19+
- TLS_RSA_WITH_AES_128_CBC_SHA256
20+
- TLS_RSA_WITH_AES_256_CBC_SHA
21+
- TLS_RSA_WITH_AES_128_CBC_SHA
22+
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
23+
- TLS_RSA_WITH_RC4_128_MD5
24+
signature schemes:
25+
- rsa_pss_pss_sha256
26+
- rsa_pss_pss_sha384
27+
- rsa_pss_pss_sha512
28+
- rsa_pss_rsae_sha256
29+
- rsa_pss_rsae_sha384
30+
- rsa_pss_rsae_sha512
31+
- rsa_pkcs1_sha256
32+
- rsa_pkcs1_sha384
33+
- rsa_pkcs1_sha512
34+
- legacy_rsa_sha224
35+
- ecdsa_sha256
36+
- ecdsa_sha384
37+
- ecdsa_sha512
38+
- legacy_ecdsa_sha224
39+
- rsa_pkcs1_sha1
40+
- ecdsa_sha1
41+
curves:
42+
- x25519
43+
- secp256r1
44+
- secp384r1

tests/policy_snapshot/snapshots/CloudFront-TLS-1-0-2014

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,3 +48,8 @@ curves:
4848
- x25519
4949
- secp256r1
5050
- secp384r1
51+
pq:
52+
- revision: 5
53+
- kem groups:
54+
-- X25519MLKEM768
55+
-- SecP256r1MLKEM768

tests/policy_snapshot/snapshots/CloudFront-TLS-1-0-2014-PQ-Beta

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,55 @@
1+
name: CloudFront-TLS-1-0-2014-PQ-Beta
2+
min version: TLS1.0
3+
rules:
4+
- Perfect Forward Secrecy: no
5+
- FIPS 140-3 (2019): no
6+
cipher suites:
7+
- TLS_AES_128_GCM_SHA256
8+
- TLS_AES_256_GCM_SHA384
9+
- TLS_CHACHA20_POLY1305_SHA256
10+
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
11+
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
12+
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
13+
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
14+
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
15+
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
16+
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
17+
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
18+
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
19+
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
20+
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
21+
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
22+
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
23+
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
24+
- TLS_RSA_WITH_AES_128_GCM_SHA256
25+
- TLS_RSA_WITH_AES_256_GCM_SHA384
26+
- TLS_RSA_WITH_AES_128_CBC_SHA256
27+
- TLS_RSA_WITH_AES_256_CBC_SHA
28+
- TLS_RSA_WITH_AES_128_CBC_SHA
29+
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
30+
signature schemes:
31+
- rsa_pss_pss_sha256
32+
- rsa_pss_pss_sha384
33+
- rsa_pss_pss_sha512
34+
- rsa_pss_rsae_sha256
35+
- rsa_pss_rsae_sha384
36+
- rsa_pss_rsae_sha512
37+
- rsa_pkcs1_sha256
38+
- rsa_pkcs1_sha384
39+
- rsa_pkcs1_sha512
40+
- legacy_rsa_sha224
41+
- ecdsa_sha256
42+
- ecdsa_sha384
43+
- ecdsa_sha512
44+
- legacy_ecdsa_sha224
45+
- rsa_pkcs1_sha1
46+
- ecdsa_sha1
47+
curves:
48+
- x25519
49+
- secp256r1
50+
- secp384r1
51+
pq:
52+
- revision: 5
53+
- kem groups:
54+
-- X25519MLKEM768
55+
-- SecP256r1MLKEM768

tests/policy_snapshot/snapshots/CloudFront-TLS-1-0-2014-no-pq

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
name: CloudFront-TLS-1-0-2014-no-pq
2+
min version: TLS1.0
3+
rules:
4+
- Perfect Forward Secrecy: no
5+
- FIPS 140-3 (2019): no
6+
cipher suites:
7+
- TLS_AES_128_GCM_SHA256
8+
- TLS_AES_256_GCM_SHA384
9+
- TLS_CHACHA20_POLY1305_SHA256
10+
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
11+
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
12+
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
13+
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
14+
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
15+
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
16+
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
17+
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
18+
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
19+
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
20+
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
21+
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
22+
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
23+
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
24+
- TLS_RSA_WITH_AES_128_GCM_SHA256
25+
- TLS_RSA_WITH_AES_256_GCM_SHA384
26+
- TLS_RSA_WITH_AES_128_CBC_SHA256
27+
- TLS_RSA_WITH_AES_256_CBC_SHA
28+
- TLS_RSA_WITH_AES_128_CBC_SHA
29+
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
30+
signature schemes:
31+
- rsa_pss_pss_sha256
32+
- rsa_pss_pss_sha384
33+
- rsa_pss_pss_sha512
34+
- rsa_pss_rsae_sha256
35+
- rsa_pss_rsae_sha384
36+
- rsa_pss_rsae_sha512
37+
- rsa_pkcs1_sha256
38+
- rsa_pkcs1_sha384
39+
- rsa_pkcs1_sha512
40+
- legacy_rsa_sha224
41+
- ecdsa_sha256
42+
- ecdsa_sha384
43+
- ecdsa_sha512
44+
- legacy_ecdsa_sha224
45+
- rsa_pkcs1_sha1
46+
- ecdsa_sha1
47+
curves:
48+
- x25519
49+
- secp256r1
50+
- secp384r1

tests/policy_snapshot/snapshots/CloudFront-TLS-1-0-2014-sha256

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
name: CloudFront-TLS-1-0-2014-sha256
2+
min version: TLS1.0
3+
rules:
4+
- Perfect Forward Secrecy: no
5+
- FIPS 140-3 (2019): no
6+
cipher suites:
7+
- TLS_AES_128_GCM_SHA256
8+
- TLS_AES_256_GCM_SHA384
9+
- TLS_CHACHA20_POLY1305_SHA256
10+
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
11+
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
12+
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
13+
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
14+
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
15+
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
16+
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
17+
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
18+
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
19+
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
20+
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
21+
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
22+
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
23+
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
24+
- TLS_RSA_WITH_AES_128_GCM_SHA256
25+
- TLS_RSA_WITH_AES_256_GCM_SHA384
26+
- TLS_RSA_WITH_AES_128_CBC_SHA256
27+
- TLS_RSA_WITH_AES_128_CBC_SHA
28+
- TLS_RSA_WITH_AES_256_CBC_SHA256
29+
- TLS_RSA_WITH_AES_256_CBC_SHA
30+
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
31+
signature schemes:
32+
- rsa_pss_pss_sha256
33+
- rsa_pss_pss_sha384
34+
- rsa_pss_pss_sha512
35+
- rsa_pss_rsae_sha256
36+
- rsa_pss_rsae_sha384
37+
- rsa_pss_rsae_sha512
38+
- rsa_pkcs1_sha256
39+
- rsa_pkcs1_sha384
40+
- rsa_pkcs1_sha512
41+
- legacy_rsa_sha224
42+
- ecdsa_sha256
43+
- ecdsa_sha384
44+
- ecdsa_sha512
45+
- legacy_ecdsa_sha224
46+
- rsa_pkcs1_sha1
47+
- ecdsa_sha1
48+
curves:
49+
- x25519
50+
- secp256r1
51+
- secp384r1
52+
pq:
53+
- revision: 5
54+
- kem groups:
55+
-- X25519MLKEM768
56+
-- SecP256r1MLKEM768

tests/policy_snapshot/snapshots/CloudFront-TLS-1-0-2014-sha256-no-pq

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
name: CloudFront-TLS-1-0-2014-sha256-no-pq
2+
min version: TLS1.0
3+
rules:
4+
- Perfect Forward Secrecy: no
5+
- FIPS 140-3 (2019): no
6+
cipher suites:
7+
- TLS_AES_128_GCM_SHA256
8+
- TLS_AES_256_GCM_SHA384
9+
- TLS_CHACHA20_POLY1305_SHA256
10+
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
11+
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
12+
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
13+
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
14+
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
15+
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
16+
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
17+
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
18+
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
19+
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
20+
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
21+
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
22+
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
23+
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
24+
- TLS_RSA_WITH_AES_128_GCM_SHA256
25+
- TLS_RSA_WITH_AES_256_GCM_SHA384
26+
- TLS_RSA_WITH_AES_128_CBC_SHA256
27+
- TLS_RSA_WITH_AES_128_CBC_SHA
28+
- TLS_RSA_WITH_AES_256_CBC_SHA256
29+
- TLS_RSA_WITH_AES_256_CBC_SHA
30+
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
31+
signature schemes:
32+
- rsa_pss_pss_sha256
33+
- rsa_pss_pss_sha384
34+
- rsa_pss_pss_sha512
35+
- rsa_pss_rsae_sha256
36+
- rsa_pss_rsae_sha384
37+
- rsa_pss_rsae_sha512
38+
- rsa_pkcs1_sha256
39+
- rsa_pkcs1_sha384
40+
- rsa_pkcs1_sha512
41+
- legacy_rsa_sha224
42+
- ecdsa_sha256
43+
- ecdsa_sha384
44+
- ecdsa_sha512
45+
- legacy_ecdsa_sha224
46+
- rsa_pkcs1_sha1
47+
- ecdsa_sha1
48+
curves:
49+
- x25519
50+
- secp256r1
51+
- secp384r1

tests/policy_snapshot/snapshots/CloudFront-TLS-1-0-2016

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,3 +47,8 @@ curves:
4747
- x25519
4848
- secp256r1
4949
- secp384r1
50+
pq:
51+
- revision: 5
52+
- kem groups:
53+
-- X25519MLKEM768
54+
-- SecP256r1MLKEM768

tests/policy_snapshot/snapshots/CloudFront-TLS-1-0-2016-no-pq

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
name: CloudFront-TLS-1-0-2016-no-pq
2+
min version: TLS1.0
3+
rules:
4+
- Perfect Forward Secrecy: no
5+
- FIPS 140-3 (2019): no
6+
cipher suites:
7+
- TLS_AES_128_GCM_SHA256
8+
- TLS_AES_256_GCM_SHA384
9+
- TLS_CHACHA20_POLY1305_SHA256
10+
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
11+
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
12+
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
13+
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
14+
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
15+
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
16+
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
17+
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
18+
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
19+
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
20+
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
21+
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
22+
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
23+
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
24+
- TLS_RSA_WITH_AES_128_GCM_SHA256
25+
- TLS_RSA_WITH_AES_256_GCM_SHA384
26+
- TLS_RSA_WITH_AES_128_CBC_SHA256
27+
- TLS_RSA_WITH_AES_256_CBC_SHA
28+
- TLS_RSA_WITH_AES_128_CBC_SHA
29+
signature schemes:
30+
- rsa_pss_pss_sha256
31+
- rsa_pss_pss_sha384
32+
- rsa_pss_pss_sha512
33+
- rsa_pss_rsae_sha256
34+
- rsa_pss_rsae_sha384
35+
- rsa_pss_rsae_sha512
36+
- rsa_pkcs1_sha256
37+
- rsa_pkcs1_sha384
38+
- rsa_pkcs1_sha512
39+
- legacy_rsa_sha224
40+
- ecdsa_sha256
41+
- ecdsa_sha384
42+
- ecdsa_sha512
43+
- legacy_ecdsa_sha224
44+
- rsa_pkcs1_sha1
45+
- ecdsa_sha1
46+
curves:
47+
- x25519
48+
- secp256r1
49+
- secp384r1

tests/policy_snapshot/snapshots/CloudFront-TLS-1-1-2016

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,3 +47,8 @@ curves:
4747
- x25519
4848
- secp256r1
4949
- secp384r1
50+
pq:
51+
- revision: 5
52+
- kem groups:
53+
-- X25519MLKEM768
54+
-- SecP256r1MLKEM768

0 commit comments

Comments
 (0)