Package software.amazon.awscdk.services.elasticloadbalancingv2

Enum SslPolicy

java.lang.Object

java.lang.Enum<SslPolicy>

software.amazon.awscdk.services.elasticloadbalancingv2.SslPolicy

All Implemented Interfaces:

Serializable, Comparable<SslPolicy>, java.lang.constant.Constable

@Generated(value="jsii-pacmak/1.101.0 (build b95fe5d)",
           date="2024-07-05T20:26:31.284Z")
@Stability(Stable)
public enum SslPolicy
extends Enum<SslPolicy>

Elastic Load Balancing provides the following security policies for Application Load Balancers.

We recommend the Recommended policy for general use. You can use the ForwardSecrecy policy if you require Forward Secrecy (FS).

You can use one of the TLS policies to meet compliance and security standards that require disabling certain TLS protocol versions, or to support legacy clients that require deprecated ciphers.

Example:

 import software.amazon.awscdk.services.certificatemanager.Certificate;
 import software.amazon.awscdk.services.ec2.InstanceType;
 import software.amazon.awscdk.services.ecs.Cluster;
 import software.amazon.awscdk.services.ecs.ContainerImage;
 import software.amazon.awscdk.services.elasticloadbalancingv2.ApplicationProtocol;
 import software.amazon.awscdk.services.elasticloadbalancingv2.SslPolicy;
 import software.amazon.awscdk.services.route53.PublicHostedZone;
 Vpc vpc = Vpc.Builder.create(this, "Vpc").maxAzs(1).build();
 ApplicationMultipleTargetGroupsFargateService loadBalancedFargateService = ApplicationMultipleTargetGroupsFargateService.Builder.create(this, "myService")
         .cluster(Cluster.Builder.create(this, "EcsCluster").vpc(vpc).build())
         .memoryLimitMiB(256)
         .taskImageOptions(ApplicationLoadBalancedTaskImageProps.builder()
                 .image(ContainerImage.fromRegistry("amazon/amazon-ecs-sample"))
                 .build())
         .enableExecuteCommand(true)
         .loadBalancers(List.of(ApplicationLoadBalancerProps.builder()
                 .name("lb")
                 .idleTimeout(Duration.seconds(400))
                 .domainName("api.example.com")
                 .domainZone(PublicHostedZone.Builder.create(this, "HostedZone").zoneName("example.com").build())
                 .listeners(List.of(ApplicationListenerProps.builder()
                         .name("listener")
                         .protocol(ApplicationProtocol.HTTPS)
                         .certificate(Certificate.fromCertificateArn(this, "Cert", "helloworld"))
                         .sslPolicy(SslPolicy.TLS12_EXT)
                         .build()))
                 .build(), ApplicationLoadBalancerProps.builder()
                 .name("lb2")
                 .idleTimeout(Duration.seconds(120))
                 .domainName("frontend.com")
                 .domainZone(PublicHostedZone.Builder.create(this, "HostedZone").zoneName("frontend.com").build())
                 .listeners(List.of(ApplicationListenerProps.builder()
                         .name("listener2")
                         .protocol(ApplicationProtocol.HTTPS)
                         .certificate(Certificate.fromCertificateArn(this, "Cert2", "helloworld"))
                         .sslPolicy(SslPolicy.TLS12_EXT)
                         .build()))
                 .build()))
         .targetGroups(List.of(ApplicationTargetProps.builder()
                 .containerPort(80)
                 .listener("listener")
                 .build(), ApplicationTargetProps.builder()
                 .containerPort(90)
                 .pathPattern("a/b/c")
                 .priority(10)
                 .listener("listener")
                 .build(), ApplicationTargetProps.builder()
                 .containerPort(443)
                 .listener("listener2")
                 .build(), ApplicationTargetProps.builder()
                 .containerPort(80)
                 .pathPattern("a/b/c")
                 .priority(10)
                 .listener("listener2")
                 .build()))
         .build();
 

See Also:

• https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html

Nested Class Summary

Nested classes/interfaces inherited from class java.lang.Enum

Enum.EnumDesc<E extends Enum<E>>

Enum Constant Summary

Enum Constants

Enum Constant	Description
FIPS_TLS13_10	TLS1.0 through 1.3 with all ciphers.
FIPS_TLS13_11	TLS1.1 through 1.3 with all ciphers.
FIPS_TLS13_12	TLS 1.2 and 1.3 with ECDHE SHA/GCM ciphers, excluding SHA1 ciphers.
FIPS_TLS13_12_EXT0	TLS 1.2 and 1.3 with all ECDHE ciphers.
FIPS_TLS13_12_EXT1	TLS 1.2 and 1.3 with all AES and ECDHE ciphers excluding SHA1 ciphers.
FIPS_TLS13_12_EXT2	TLS 1.2 and 1.3 with all ciphers.
FIPS_TLS13_12_RES	TLS 1.2 and 1.3 with AES and ECDHE GCM/SHA ciphers.
FIPS_TLS13_13	TLS 1.3 only with AES 128 and 256 GCM SHA ciphers.
FORWARD_SECRECY	Forward secrecy ciphers only.
FORWARD_SECRECY_TLS11	Forward secrecy ciphers only with TLS1.1 and 1.2.
FORWARD_SECRECY_TLS12	Forward secrecy ciphers and TLS1.2 only.
FORWARD_SECRECY_TLS12_RES	Strong forward secrecy ciphers and TLS1.2 only.
FORWARD_SECRECY_TLS12_RES_GCM	Strong foward secrecy ciphers and TLV1.2 only (2020 edition).
LEGACY	Support for DES-CBC3-SHA.
RECOMMENDED	The recommended policy for http listeners.
RECOMMENDED_TLS	The recommended security policy for TLS listeners.
TLS11	TLS1.1 and 1.2 with all ciphers.
TLS12	TLS1.2 only and no SHA ciphers.
TLS12_EXT	TLS1.2 only with all ciphers.
TLS13_10	TLS1.0 through 1.3 with all ciphers.
TLS13_11	TLS1.1 through 1.3 with all ciphers.
TLS13_13	TLS1.3 only.
TLS13_EXT1	TLS1.2 and 1.3 and no SHA ciphers.
TLS13_EXT2	TLS1.2 and 1.3 with all ciphers.
TLS13_RES	TLS1.2 and 1.3.

Method Summary

Modifier and Type	Method	Description
static SslPolicy	valueOf(String name)	Returns the enum constant of this type with the specified name.
static SslPolicy[]	values()	Returns an array containing the constants of this enum type, in the order they are declared.

Methods inherited from class java.lang.Enum

clone, compareTo, describeConstable, equals, finalize, getDeclaringClass, hashCode, name, ordinal, toString, valueOf

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Enum Constant Details

RECOMMENDED_TLS

@Stability(Stable)
public static final SslPolicy RECOMMENDED_TLS

The recommended security policy for TLS listeners.

This is the default policy for listeners created using the AWS Management Console

RECOMMENDED

@Stability(Stable)
public static final SslPolicy RECOMMENDED

The recommended policy for http listeners.

This is the default security policy for listeners created using the AWS CLI

TLS13_RES

@Stability(Stable)
public static final SslPolicy TLS13_RES

TLS1.2 and 1.3.

TLS13_EXT1

@Stability(Stable)
public static final SslPolicy TLS13_EXT1

TLS1.2 and 1.3 and no SHA ciphers.

TLS13_EXT2

@Stability(Stable)
public static final SslPolicy TLS13_EXT2

TLS1.2 and 1.3 with all ciphers.

TLS13_10

@Stability(Stable)
public static final SslPolicy TLS13_10

TLS1.0 through 1.3 with all ciphers.

TLS13_11

@Stability(Stable)
public static final SslPolicy TLS13_11

TLS1.1 through 1.3 with all ciphers.

TLS13_13

@Stability(Stable)
public static final SslPolicy TLS13_13

TLS1.3 only.

FIPS_TLS13_13

@Stability(Stable)
public static final SslPolicy FIPS_TLS13_13

TLS 1.3 only with AES 128 and 256 GCM SHA ciphers.

FIPS_TLS13_12_RES

@Stability(Stable)
public static final SslPolicy FIPS_TLS13_12_RES

TLS 1.2 and 1.3 with AES and ECDHE GCM/SHA ciphers.

FIPS_TLS13_12

@Stability(Stable)
public static final SslPolicy FIPS_TLS13_12

TLS 1.2 and 1.3 with ECDHE SHA/GCM ciphers, excluding SHA1 ciphers.

FIPS_TLS13_12_EXT0

@Stability(Stable)
public static final SslPolicy FIPS_TLS13_12_EXT0

TLS 1.2 and 1.3 with all ECDHE ciphers.

FIPS_TLS13_12_EXT1

@Stability(Stable)
public static final SslPolicy FIPS_TLS13_12_EXT1

TLS 1.2 and 1.3 with all AES and ECDHE ciphers excluding SHA1 ciphers.

FIPS_TLS13_12_EXT2

@Stability(Stable)
public static final SslPolicy FIPS_TLS13_12_EXT2

TLS 1.2 and 1.3 with all ciphers.

FIPS_TLS13_11

@Stability(Stable)
public static final SslPolicy FIPS_TLS13_11

TLS1.1 through 1.3 with all ciphers.

FIPS_TLS13_10

@Stability(Stable)
public static final SslPolicy FIPS_TLS13_10

TLS1.0 through 1.3 with all ciphers.

FORWARD_SECRECY_TLS12_RES_GCM

@Stability(Stable)
public static final SslPolicy FORWARD_SECRECY_TLS12_RES_GCM

Strong foward secrecy ciphers and TLV1.2 only (2020 edition). Same as FORWARD_SECRECY_TLS12_RES, but only supports GCM versions of the TLS ciphers.

FORWARD_SECRECY_TLS12_RES

@Stability(Stable)
public static final SslPolicy FORWARD_SECRECY_TLS12_RES

Strong forward secrecy ciphers and TLS1.2 only.

FORWARD_SECRECY_TLS12

@Stability(Stable)
public static final SslPolicy FORWARD_SECRECY_TLS12

Forward secrecy ciphers and TLS1.2 only.

FORWARD_SECRECY_TLS11

@Stability(Stable)
public static final SslPolicy FORWARD_SECRECY_TLS11

Forward secrecy ciphers only with TLS1.1 and 1.2.

FORWARD_SECRECY

@Stability(Stable)
public static final SslPolicy FORWARD_SECRECY

Forward secrecy ciphers only.

TLS12

@Stability(Stable)
public static final SslPolicy TLS12

TLS1.2 only and no SHA ciphers.

TLS12_EXT

@Stability(Stable)
public static final SslPolicy TLS12_EXT

TLS1.2 only with all ciphers.

TLS11

@Stability(Stable)
public static final SslPolicy TLS11

TLS1.1 and 1.2 with all ciphers.

LEGACY

@Stability(Stable)
public static final SslPolicy LEGACY

Support for DES-CBC3-SHA.

Do not use this security policy unless you must support a legacy client that requires the DES-CBC3-SHA cipher, which is a weak cipher.

Method Details

values

public static SslPolicy[] values()

Returns an array containing the constants of this enum type, in the order they are declared.

Returns:

an array containing the constants of this enum type, in the order they are declared

valueOf

public static SslPolicy valueOf(String name)

Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)

Parameters:

name - the name of the enum constant to be returned.

Returns:

the enum constant with the specified name

Throws:

IllegalArgumentException - if this enum type has no constant with the specified name

NullPointerException - if the argument is null