Amazon CloudFront announces support for OCSP Revocation for Mutual TLS (Viewer)

News

This article announces Amazon CloudFront's support for OCSP Revocation checking for Mutual TLS (Viewer) connections, enabling real-time client certificate validation.

CloudFront now validates client certificate revocation status in real time during connection establishment
Replaces manual static revocation lists with dynamic OCSP queries to Certificate Authorities
OCSP responses cached for up to 30 minutes to minimize latency impact
Revocation status exposed in connection function for custom logic implementation
Supports grace periods, IP-based exceptions, and hybrid revocation approaches
Available at no additional cost

CloudFront's OCSP support improves security for regulated industries and zero-trust architectures by enabling real-time certificate revocation validation without manual list maintenance.

Go to article

The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

May 14
2026

Amazon CloudFront announces Passthrough Mode for mutual TLS (Viewer)

Nov 24
2025

Amazon CloudFront announces support for mutual TLS authentication

Feb 2
2026

Amazon CloudFront announces mutual TLS support for origins

Nov 20
2025

Amazon CloudFront now supports TLS 1.3 for origin connections

The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Amazon CloudFront announces support for OCSP Revocation for Mutual TLS (Viewer)

Related articles