AWS CloudFront支持自定义源的TLSv1.3。您可以使用以下代码示例来配置CloudFront分配：

const AWS = require('aws-sdk');
const cloudfront = new AWS.CloudFront();

const distributionId = 'your-distribution-id';
const originId = 'your-origin-id';

const params = {
  DistributionId: distributionId,
  DefaultCacheBehavior: {
    TargetOriginId: originId,
    ViewerProtocolPolicy: 'redirect-to-https',
    MinTTL: 0,
    ForwardedValues: {
      QueryString: false,
      Cookies: { Forward: 'none' },
    },
    TrustedSigners: {
      Enabled: false,
      Quantity: 0,
    },
    AllowedMethods: {
      Quantity: 7,
      Items: ['GET', 'HEAD', 'OPTIONS', 'PUT', 'POST', 'PATCH', 'DELETE'],
      CachedMethods: {
        Quantity: 2,
        Items: ['GET', 'HEAD'],
      },
    },
    SmoothStreaming: false,
    DefaultTTL: 86400,
    MaxTTL: 31536000,
    Compress: true,
    LambdaFunctionAssociations: {
      Quantity: 0,
    },
    FieldLevelEncryptionId: '',
    OriginRequestPolicyId: '',
  },
  Origins: {
    Quantity: 1,
    Items: [
      {
        Id: originId,
        DomainName: 'your-origin-domain-name',
        CustomOriginConfig: {
          HTTPPort: 80,
          HTTPSPort: 443,
          OriginProtocolPolicy: 'https-only',
          OriginSslProtocols: {
            Quantity: 1,
            Items: ['TLSv1.3'],
          },
          OriginReadTimeout: 30,
          OriginKeepaliveTimeout: 5,
        },
      },
    ],
  },
};

cloudfront.updateDistribution(params, (err, data) => {
  if (err) console.log(err, err.stack);
  else console.log(data);
});

在上面的代码示例中，我们使用AWS SDK for JavaScript来更新CloudFront分配的配置。您需要将your-distribution-id替换为您的CloudFront分配的分配ID，your-origin-id替换为您的自定义源的ID，your-origin-domain-name替换为您的自定义源的域名。然后，我们将OriginSslProtocols设置为TLSv1.3，以启用TLSv1.3。运行此代码后，CloudFront分配将使用TLSv1.3与您的自定义源建立安全连接。