Network Load Balancer (NLB) now supports RSA 3072-bit certificates, and Elliptic Curve Digital Signature Algorithm(ECDSA) 256, 384 and 521-bit certificates via AWS Certificate Manager(ACM). This feature launch will enable customers to comply with compliance requirements like the German BSI standards.
RSA and ECDSA are two widely used public-key cryptographic algorithms to encrypt and decrypt data. RSA 3072-bit and ECDSA 256/384/521-bit key algorithms provide enhanced security, making it much more difficult for an attacker to decrypt the communication. Compared to RSA, ECDSA has the advantage of increased performance, provides higher security strength with smaller key sizes and lower computational cost. You can learn more about ECDSA security, performance and compatibility in this AWS Security blog post.
To enable this feature, you can get started by creating the new RSA 3072-bit or ECDSA 256/384/521-bit certificates via ACM and associate the certificates with your NLB using AWS APIs or the AWS Management Console.
This feature is now available in All commercial AWS regions, and AWS GovCloud (US) Regions. To learn more, please refer to the NLB documentation.