CloudFront now provides the CloudFront-Viewer-TLS header for use with origin request policies. CloudFront-Viewer-TLS is an HTTP header that includes the TLS version and cipher suite used to negotiate the viewer TLS connection. Previously, TLS information was available in CloudFront access logs to analyze previous requests. Now, customers can access the TLS version and cipher suite in each HTTP request to make real-time decisions such as restricting requests with outdated TLS versions. The CloudFront-Viewer-TLS header value uses the following syntax: :. For example, TLSv1.2:ECDHE-RSA-AES128-SHA256.
Source:: Amazon AWS