SslPolicy

class aws_cdk.aws_elasticloadbalancingv2.SslPolicy

Bases: enum.Enum

Elastic Load Balancing provides the following security policies for Application Load Balancers.

We recommend the Recommended policy for general use. You can use the ForwardSecrecy policy if you require Forward Secrecy (FS).

You can use one of the TLS policies to meet compliance and security standards that require disabling certain TLS protocol versions, or to support legacy clients that require deprecated ciphers.

see :see: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html

Attributes

FORWARD_SECRECY

Forward secrecy ciphers only.

FORWARD_SECRECY_TLS11

Forward secrecy ciphers only with TLS1.1 and higher.

FORWARD_SECRECY_TLS12

Forward secrecy ciphers and TLS1.2 only.

FORWARD_SECRECY_TLS12_RES

Strong forward secrecy ciphers and TLS1.2 only.

LEGACY

Support for DES-CBC3-SHA.

Do not use this security policy unless you must support a legacy client that requires the DES-CBC3-SHA cipher, which is a weak cipher.

RECOMMENDED

The recommended security policy.

TLS11

TLS1.1 and higher with all ciphers.

TLS12

TLS1.2 only and no SHA ciphers.

TLS12_EXT

TLS1.2 only with all ciphers.

Attributes

FORWARD_SECRECY = 'FORWARD_SECRECY'

Forward secrecy ciphers only.

FORWARD_SECRECY_TLS11 = 'FORWARD_SECRECY_TLS11'

Forward secrecy ciphers only with TLS1.1 and higher.

FORWARD_SECRECY_TLS12 = 'FORWARD_SECRECY_TLS12'

Forward secrecy ciphers and TLS1.2 only.

FORWARD_SECRECY_TLS12_RES = 'FORWARD_SECRECY_TLS12_RES'

Strong forward secrecy ciphers and TLS1.2 only.

LEGACY = 'LEGACY'

Support for DES-CBC3-SHA.

Do not use this security policy unless you must support a legacy client that requires the DES-CBC3-SHA cipher, which is a weak cipher.

RECOMMENDED = 'RECOMMENDED'

The recommended security policy.

TLS11 = 'TLS11'

TLS1.1 and higher with all ciphers.

TLS12 = 'TLS12'

TLS1.2 only and no SHA ciphers.

TLS12_EXT = 'TLS12_EXT'

TLS1.2 only with all ciphers.