Cloudfront custom-origin distribution returns 502 “ERROR The request could not be satisfied.” for some URLs

Question

We have a Cloudfront distribution with custom origin that has been working just fine for quite a long time, serving static assets for one of our sites. Just this morning, we

Answer 1

In our case, we had dropped support for SSL3, TLS1.0, and TLS1.1 for PCI-DSS compliance on our origin servers. However, you have to manually add support for TLS 1.1+ on your CloudFront origin server config. The AWS console displays the client-to-CF SSL settings, but does not easily show you CF-to-origin settings until you drill down. To fix, in the AWS console under CloudFront:

1. Click DISTRIBUTIONS.
2. Select your distro.
3. Click ORIGINS tab.
4. Select your origin server.
5. Click EDIT.
6. Select all protocols that your origin supports under "Origin SSL Protocols"