Elastic Load Balancing provides the following security policies for Application Load Balancers.
We recommend the Recommended policy for general use. You can use the ForwardSecrecy policy if you require Forward Secrecy (FS).
You can use one of the TLS policies to meet compliance and security standards that require disabling certain TLS protocol versions, or to support legacy clients that require deprecated ciphers.
|RECOMMENDED||The recommended security policy.|
|FORWARD_SECRECY||Forward secrecy ciphers only.|
|TLS12||TLS1.2 only and no SHA ciphers.|
|TLS12_EXT||TLS1.2 only with all ciphers.|
|TLS11||TLS1.1 and higher with all ciphers.|
|LEGACY||Support for DES-CBC3-SHA.|
The recommended security policy.
Forward secrecy ciphers only.
TLS1.2 only and no SHA ciphers.
TLS1.2 only with all ciphers.
TLS1.1 and higher with all ciphers.
Support for DES-CBC3-SHA.
Do not use this security policy unless you must support a legacy client that requires the DES-CBC3-SHA cipher, which is a weak cipher.