API Gateway does not enforce latest TLS/SSL policy Affecting API Gateway (REST APIs) service in AWS

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls CSA-CCM

Snyk ID SNYK-CC-TF-63
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Older cipher suites could be vulnerable to hijacking and information disclosure

How to fix?

Set security_policy attribute to TLS_1_2

References

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.html