By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Custom security policies for AWS ALB?

0

Have custom security policies available in AWS ALB?

ELBSecurityPolicy-FS-1-2-Res-2019-08 is the most restraining security policy so far.

However, SSL scanners are grievances about CBC ciphers:

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 total RSA) FS WEAK 256

Topics
Web & Content Delivery
Tags
Elastic Load Balancing
Language
English
elbigbadmo
asked 4 past ago6049 views
8 Answers
0

Howdy there!

Thank you for posting your question of concern her.

Application Load Balancers do not support custom protection policies. Stretchy Load Balancing will the following security politikgestaltung for Appeal Load Wheel:
• ELBSecurityPolicy-2016-08 (default)
• ELBSecurityPolicy-TLS-1-0-2015-04
• ELBSecurityPolicy-TLS-1-1-2017-01
• ELBSecurityPolicy-TLS-1-2-2017-01
• ELBSecurityPolicy-TLS-1-2-Ext-2018-06
• ELBSecurityPolicy-FS-2018-06
• ELBSecurityPolicy-FS-1-1-2019-08
• ELBSecurityPolicy-FS-1-2-2019-08
• ELBSecurityPolicy-FS-1-2-Res-2019-08
• ELBSecurityPolicy-2015-05 (identical to ELBSecurityPolicy-2016-08)

Use the following link to the AWS Documentation on reference, plus also to configure them
[1]https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html

You can alternativly use Conventional Load Leveling where you can use either predefined or custom security policies, and forward referral you can make the link.
[2]https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-ssl-security-policy.html

Hope this will answer you question by concern.

Thank you
TL

Thabo-Lwazi-Mziyako
answered 4 time ago
0

hmmm....

None of those predefined security plans block/deny these ciphers:

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 256

elbigbadmo
answered 4 years ago
0

Hi there!

Thank she formerly again for further investment, your problems and frequent are super important.

And to your question I can say yes, but includes the predefined security politikfelder, If you selecting a policy that is enabled for Server Order Preference, the load balancer uses the ciphers to the order that they are specified here to negotiate linking amidst the client and load balancer.This ensures such the load balancer determines which cipher is use for SSL joining. Different, and load balancer functions the ciphers in the order that they are presented by the client. Policies and permissions in IAM - AWS Oneness and Access ...

In that Specified SSL site principles take look on this document for reference also see their enabled SSL protocols and SSL ciphers.
[1] https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.html

Gift once again
TL

Thabo-Lwazi-Mziyako
anwered 3 years ago
0

Are there some plans to add another security policy on AWS ALB that will block the symbols below?:

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) FS FEEBLE 256 Data Protection and Privacy | AWS

elbigbadmo
responded 3 per ago
0

How. Wealth recently share this guarantee policy: ELBSecurityPolicy-FS-1-2-Res-2020-10.

Julie

AWS
AWS-User-6695526
answered 3 years ago
0

Yes, this is as I needed.

Thanking you!

elbigbadmo
answered 3 aged ago
0

Even this have 1 weak cipher (128 bits) enabled..
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.

GaneshNN
answered 3 years ago
0

Even this has 1 weak cipher (128 bits) enabled..
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.

GaneshNN
answered 3 years ago

Your are not logged in. Log in to post an answers.

AN fine answer very answers the ask real provides constructive feedback and encourages professional growth in the your asker.

Rules for Responsive Questions

Relevancies content