For the most recent update on ongoing service disruptions affecting the AWS Middle East (UAE) Region (ME-CENTRAL-1), refer to the AWS Health Dashboard. For information on AWS Service migration, see How do I migrate my services to another region?
How can I determine if my load balancer supports SSL/TLS renegotiation?
I want to determine if my load balancer supports Secure Sockets Layer/Transport Layer Security (SSL/TLS) renegotiation.
Resolution
Support of SSL/TLS renegotiation varies by the load balancer type:
-
Classic Load Balancers: Classic Load Balancers support secure client-initiated renegotiations for inbound SSL/TLS client connections. They also support server-initiated renegotiation for the backend SSL/TLS connection.
Note: To turn off client-initiated renegotiations for inbound SSL/TLS connections, migrate to an Application Load Balancer where these renegotiations aren't supported.
-
Application Load Balancers: Application Load Balancers support SSL/TLS renegotiation for target connections. They don't support client-initiated renegotiations for inbound SSL client connections.
Note: Application Load Balancers support client-initiated resumptions for inbound SSL client connections.
-
Network Load Balancers: Network Load Balancers don't support SSL/TLS renegotiation.
All load balancers support session resumption. However, only Network Load Balancers support resumption of an SSL session with a different IP address that's associated with the same load balancer.
Related Information
Update the SSL negotiation configuration of your Classic Load Balancer
- Sprache
- English
Hello, I would like to clarify this:
Application Load Balancers: Application Load Balancers support SSL/TLS renegotiation for target connections. They don't support client-initiated renegotiations for incoming SSL client connections.
Does it means that an external application calling an endpoint served through ALB wont be able to renegociate TLS? (and have to do full negotiation on every new connection)
Best.
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor 2 Jahren