diff --git a/cloudfront.tf b/cloudfront.tf
index 785cab8..92d31bb 100644
--- a/cloudfront.tf
+++ b/cloudfront.tf
@@ -109,7 +109,7 @@ resource "aws_cloudfront_distribution" "this" {
   viewer_certificate {
     acm_certificate_arn      = module.acm.acm_certificate_arn
     ssl_support_method       = "sni-only"
-    minimum_protocol_version = "TLSv1.1_2016"
+    minimum_protocol_version = "TLSv1.2_2021"
   }
 
   # By default, cloudfront caches error for five minutes. There can be situation when a developer has accidentally broken the website and you would not want to wait for five minutes for the error response to be cached.