**Introducing a new console experience for Amazon WAF** You can now use the updated experience to access Amazon WAF functionality anywhere in the console. For more details, see [Working with the console](https://docs.amazonaws.cn/waf/latest/developerguide/working-with-console.html). # Infrastructure security in Amazon WAF Classic **Warning** Amazon WAF Classic is is going through a planned end-of-life process. Refer to your Amazon Health dashboard for the milestones and dates specific to your Region. **Note** This is **Amazon WAF Classic** documentation. You should only use this version if you created Amazon WAF resources, like rules and web ACLs, in Amazon WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your web ACLs, see [Migrating your Amazon WAF Classic resources to Amazon WAF](waf-migrating-from-classic.md). **For the latest version of Amazon WAF**, see [Amazon WAF](waf-chapter.md). As a managed service, Amazon WAF Classic is protected by Amazon global network security. For information about Amazon security services and how Amazon protects infrastructure, see [Amazon Cloud Security](https://www.amazonaws.cn/security/). To design your Amazon environment using the best practices for infrastructure security, see [Infrastructure Protection](https://docs.amazonaws.cn/wellarchitected/latest/security-pillar/infrastructure-protection.html) in *Security Pillar Amazon Well‐Architected Framework*. You use Amazon published API calls to access Amazon WAF Classic through the network. Clients must support the following: + Transport Layer Security (TLS). We require TLS 1.2 and recommend TLS 1.3. + Cipher suites with perfect forward secrecy (PFS) such as DHE (Ephemeral Diffie-Hellman) or ECDHE (Elliptic Curve Ephemeral Diffie-Hellman). Most modern systems such as Java 7 and later support these modes.