diff --git a/API.md b/API.md
index 3be628ac..8016d75a 100644
--- a/API.md
+++ b/API.md
@@ -45045,6 +45045,7 @@ const processArgs: ProcessArgs = { ... }
| **Name** | **Type** | **Description** |
| --- | --- | --- |
+| customOpensslCipherConfigTls12 | string[] | The custom OpenSSL cipher suite list for TLS 1.2. This field is only valid when `tls_cipher_config_mode` is set to `CUSTOM`. |
| defaultReadConcern | string | Default level of acknowledgment requested from MongoDB for read operations set for this cluster. |
| defaultWriteConcern | string | Default level of acknowledgment requested from MongoDB for write operations set for this cluster. |
| failIndexKeyTooLong | boolean | Flag that indicates whether you can insert or update documents where all indexed entries don't exceed 1024 bytes. |
@@ -45055,10 +45056,23 @@ const processArgs: ProcessArgs = { ... }
| oplogSizeMb | number | Storage limit of cluster's oplog expressed in megabytes. |
| sampleRefreshIntervalBiConnector | number | Number of documents per database to sample when gathering schema information. |
| sampleSizeBiConnector | number | Interval in seconds at which the mongosqld process re-samples data to create its relational schema. |
+| tlsCipherConfigMode | string | The TLS cipher suite configuration mode. |
| transactionLifetimeLimitSeconds | number | Lifetime, in seconds, of multi-document transactions. |
---
+##### `customOpensslCipherConfigTls12`Optional
+
+```typescript
+public readonly customOpensslCipherConfigTls12: string[];
+```
+
+- *Type:* string[]
+
+The custom OpenSSL cipher suite list for TLS 1.2. This field is only valid when `tls_cipher_config_mode` is set to `CUSTOM`.
+
+---
+
##### `defaultReadConcern`Optional
```typescript
@@ -45187,6 +45201,20 @@ Interval in seconds at which the mongosqld process re-samples data to create its
---
+##### `tlsCipherConfigMode`Optional
+
+```typescript
+public readonly tlsCipherConfigMode: string;
+```
+
+- *Type:* string
+
+The TLS cipher suite configuration mode.
+
+Valid values include `CUSTOM` or `DEFAULT`. The `DEFAULT` mode uses the default cipher suites. The `CUSTOM` mode allows you to specify custom cipher suites for both TLS 1.2 and TLS 1.3. To unset, this should be set back to `DEFAULT`.
+
+---
+
##### `transactionLifetimeLimitSeconds`Optional
```typescript
diff --git a/scripts/cdk.sh b/scripts/cdk.sh
index 2e210a5a..9c04dfd6 100755
--- a/scripts/cdk.sh
+++ b/scripts/cdk.sh
@@ -60,5 +60,8 @@ sed -e 's/UNDERSCORE_//g' -e 's/HYPHEN_//g' -e 's/PERIOD_//g' -e 's/VALUE_//g' "
# Fix @typescript-eslint/no-shadow es-linter error in file federated-database-instance/index.ts
sed -e 's/map(y => toJson_TagSet(y))/map(x => toJson_TagSet(x))/g' "${dest}" > "${dest}.tmp" && mv "${dest}.tmp" "${dest}"
+# Fix errors like `Definition for rule '@stylistic/max-len' was not found @stylistic/max-len` until eslint 9 is supported by projen: https://github.com/projen/projen/issues/3240
+sed -e 's|@stylistic/max-len, ||g' -e 's|, @stylistic/quote-props||g' "${dest}" > "${dest}.tmp" && mv "${dest}.tmp" "${dest}"
+
echo
echo "L1 CDK resource generated succesfully: ${resource}, CFN type: ${resourceType}"
diff --git a/src/l1-resources/cluster/index.ts b/src/l1-resources/cluster/index.ts
index e4b65844..a9fc63e4 100644
--- a/src/l1-resources/cluster/index.ts
+++ b/src/l1-resources/cluster/index.ts
@@ -230,6 +230,20 @@ export interface ProcessArgs {
*/
readonly minimumEnabledTlsProtocol?: string;
+ /**
+ * The TLS cipher suite configuration mode. Valid values include `CUSTOM` or `DEFAULT`. The `DEFAULT` mode uses the default cipher suites. The `CUSTOM` mode allows you to specify custom cipher suites for both TLS 1.2 and TLS 1.3. To unset, this should be set back to `DEFAULT`.
+ *
+ * @schema processArgs#TlsCipherConfigMode
+ */
+ readonly tlsCipherConfigMode?: string;
+
+ /**
+ * The custom OpenSSL cipher suite list for TLS 1.2. This field is only valid when `tls_cipher_config_mode` is set to `CUSTOM`.
+ *
+ * @schema processArgs#CustomOpensslCipherConfigTls12
+ */
+ readonly customOpensslCipherConfigTls12?: string[];
+
/**
* Flag that indicates whether the cluster disables executing any query that requires a collection scan to return results.
*
@@ -289,6 +303,10 @@ export function toJson_ProcessArgs(
FailIndexKeyTooLong: obj.failIndexKeyTooLong,
JavascriptEnabled: obj.javascriptEnabled,
MinimumEnabledTLSProtocol: obj.minimumEnabledTlsProtocol,
+ TlsCipherConfigMode: obj.tlsCipherConfigMode,
+ CustomOpensslCipherConfigTls12: obj.customOpensslCipherConfigTls12?.map(
+ (y) => y
+ ),
NoTableScan: obj.noTableScan,
OplogSizeMB: obj.oplogSizeMb,
SampleSizeBIConnector: obj.sampleSizeBiConnector,