java.lang.Object
java.lang.Enum<SslPolicy>
software.amazon.awscdk.services.elasticloadbalancingv2.SslPolicy
All Implemented Interfaces:
Serializable, Comparable<SslPolicy>, java.lang.constant.Constable

@Generated(value="jsii-pacmak/1.103.1 (build bef2dea)", date="2024-10-11T15:55:58.675Z") @Stability(Stable) public enum SslPolicy extends Enum<SslPolicy>
Elastic Load Balancing provides the following security policies for Application Load Balancers.

We recommend the Recommended policy for general use. You can use the ForwardSecrecy policy if you require Forward Secrecy (FS).

You can use one of the TLS policies to meet compliance and security standards that require disabling certain TLS protocol versions, or to support legacy clients that require deprecated ciphers.

Example:

 import software.amazon.awscdk.services.certificatemanager.Certificate;
 import software.amazon.awscdk.services.ec2.InstanceType;
 import software.amazon.awscdk.services.ecs.Cluster;
 import software.amazon.awscdk.services.ecs.ContainerImage;
 import software.amazon.awscdk.services.elasticloadbalancingv2.ApplicationProtocol;
 import software.amazon.awscdk.services.elasticloadbalancingv2.SslPolicy;
 import software.amazon.awscdk.services.route53.PublicHostedZone;
 Vpc vpc = Vpc.Builder.create(this, "Vpc").maxAzs(1).build();
 ApplicationMultipleTargetGroupsFargateService loadBalancedFargateService = ApplicationMultipleTargetGroupsFargateService.Builder.create(this, "myService")
         .cluster(Cluster.Builder.create(this, "EcsCluster").vpc(vpc).build())
         .memoryLimitMiB(256)
         .taskImageOptions(ApplicationLoadBalancedTaskImageProps.builder()
                 .image(ContainerImage.fromRegistry("amazon/amazon-ecs-sample"))
                 .build())
         .enableExecuteCommand(true)
         .loadBalancers(List.of(ApplicationLoadBalancerProps.builder()
                 .name("lb")
                 .idleTimeout(Duration.seconds(400))
                 .domainName("api.example.com")
                 .domainZone(PublicHostedZone.Builder.create(this, "HostedZone").zoneName("example.com").build())
                 .listeners(List.of(ApplicationListenerProps.builder()
                         .name("listener")
                         .protocol(ApplicationProtocol.HTTPS)
                         .certificate(Certificate.fromCertificateArn(this, "Cert", "helloworld"))
                         .sslPolicy(SslPolicy.TLS12_EXT)
                         .build()))
                 .build(), ApplicationLoadBalancerProps.builder()
                 .name("lb2")
                 .idleTimeout(Duration.seconds(120))
                 .domainName("frontend.com")
                 .domainZone(PublicHostedZone.Builder.create(this, "HostedZone").zoneName("frontend.com").build())
                 .listeners(List.of(ApplicationListenerProps.builder()
                         .name("listener2")
                         .protocol(ApplicationProtocol.HTTPS)
                         .certificate(Certificate.fromCertificateArn(this, "Cert2", "helloworld"))
                         .sslPolicy(SslPolicy.TLS12_EXT)
                         .build()))
                 .build()))
         .targetGroups(List.of(ApplicationTargetProps.builder()
                 .containerPort(80)
                 .listener("listener")
                 .build(), ApplicationTargetProps.builder()
                 .containerPort(90)
                 .pathPattern("a/b/c")
                 .priority(10)
                 .listener("listener")
                 .build(), ApplicationTargetProps.builder()
                 .containerPort(443)
                 .listener("listener2")
                 .build(), ApplicationTargetProps.builder()
                 .containerPort(80)
                 .pathPattern("a/b/c")
                 .priority(10)
                 .listener("listener2")
                 .build()))
         .build();
 

See Also:
  • Enum Constant Details

    • TLS13_RES

      @Stability(Stable) public static final SslPolicy TLS13_RES
      TLS1.2 and 1.3.
    • TLS13_EXT1

      @Stability(Stable) public static final SslPolicy TLS13_EXT1
      TLS1.2 and 1.3 and no SHA ciphers.
    • TLS13_EXT2

      @Stability(Stable) public static final SslPolicy TLS13_EXT2
      TLS1.2 and 1.3 with all ciphers.
    • TLS13_10

      @Stability(Stable) public static final SslPolicy TLS13_10
      TLS1.0 through 1.3 with all ciphers.
    • TLS13_11

      @Stability(Stable) public static final SslPolicy TLS13_11
      TLS1.1 through 1.3 with all ciphers.
    • TLS13_13

      @Stability(Stable) public static final SslPolicy TLS13_13
      TLS1.3 only.
    • FIPS_TLS13_13

      @Stability(Stable) public static final SslPolicy FIPS_TLS13_13
      TLS 1.3 only with AES 128 and 256 GCM SHA ciphers.
    • FIPS_TLS13_12_RES

      @Stability(Stable) public static final SslPolicy FIPS_TLS13_12_RES
      TLS 1.2 and 1.3 with AES and ECDHE GCM/SHA ciphers.
    • FIPS_TLS13_12

      @Stability(Stable) public static final SslPolicy FIPS_TLS13_12
      TLS 1.2 and 1.3 with ECDHE SHA/GCM ciphers, excluding SHA1 ciphers.
    • FIPS_TLS13_12_EXT0

      @Stability(Stable) public static final SslPolicy FIPS_TLS13_12_EXT0
      TLS 1.2 and 1.3 with all ECDHE ciphers.
    • FIPS_TLS13_12_EXT1

      @Stability(Stable) public static final SslPolicy FIPS_TLS13_12_EXT1
      TLS 1.2 and 1.3 with all AES and ECDHE ciphers excluding SHA1 ciphers.
    • FIPS_TLS13_12_EXT2

      @Stability(Stable) public static final SslPolicy FIPS_TLS13_12_EXT2
      TLS 1.2 and 1.3 with all ciphers.
    • FIPS_TLS13_11

      @Stability(Stable) public static final SslPolicy FIPS_TLS13_11
      TLS1.1 through 1.3 with all ciphers.
    • FIPS_TLS13_10

      @Stability(Stable) public static final SslPolicy FIPS_TLS13_10
      TLS1.0 through 1.3 with all ciphers.
    • FORWARD_SECRECY_TLS12_RES_GCM

      @Stability(Stable) public static final SslPolicy FORWARD_SECRECY_TLS12_RES_GCM
      Strong foward secrecy ciphers and TLV1.2 only (2020 edition). Same as FORWARD_SECRECY_TLS12_RES, but only supports GCM versions of the TLS ciphers.
    • FORWARD_SECRECY_TLS12_RES

      @Stability(Stable) public static final SslPolicy FORWARD_SECRECY_TLS12_RES
      Strong forward secrecy ciphers and TLS1.2 only.
    • FORWARD_SECRECY_TLS12

      @Stability(Stable) public static final SslPolicy FORWARD_SECRECY_TLS12
      Forward secrecy ciphers and TLS1.2 only.
    • FORWARD_SECRECY_TLS11

      @Stability(Stable) public static final SslPolicy FORWARD_SECRECY_TLS11
      Forward secrecy ciphers only with TLS1.1 and 1.2.
    • FORWARD_SECRECY

      @Stability(Stable) public static final SslPolicy FORWARD_SECRECY
      Forward secrecy ciphers only.
    • TLS12

      @Stability(Stable) public static final SslPolicy TLS12
      TLS1.2 only and no SHA ciphers.
    • TLS12_EXT

      @Stability(Stable) public static final SslPolicy TLS12_EXT
      TLS1.2 only with all ciphers.
    • TLS11

      @Stability(Stable) public static final SslPolicy TLS11
      TLS1.1 and 1.2 with all ciphers.
    • LEGACY

      @Stability(Stable) public static final SslPolicy LEGACY
      Support for DES-CBC3-SHA.

      Do not use this security policy unless you must support a legacy client that requires the DES-CBC3-SHA cipher, which is a weak cipher.

  • Method Details

    • values

      public static SslPolicy[] values()
      Returns an array containing the constants of this enum type, in the order they are declared.
      Returns:
      an array containing the constants of this enum type, in the order they are declared
    • valueOf

      public static SslPolicy valueOf(String name)
      Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)
      Parameters:
      name - the name of the enum constant to be returned.
      Returns:
      the enum constant with the specified name
      Throws:
      IllegalArgumentException - if this enum type has no constant with the specified name
      NullPointerException - if the argument is null