Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Disable CBC and AES Ciphers

0

I am using a Classic Load Balancer and when I look at my available security policies, I do not have anything after 2017. When looking online to disable these ciphers, I am told to use ELBSecurityPolicy-TLS13-1-2-Res-2021-06

How can I get this security policy into my account?

Thanks!

Topics
Networking & Content DeliveryAWS Well-Architected Framework
Tags
Elastic Load BalancingClassic Load BalancerSecurity
Language
English
asked 2 months ago41 views
1 Answer
1
Accepted Answer

Hello Chris,

what you’re seeing isn’t something missing in your account, it’s the "nature" of Classic Load Balancers (CLB).

Classic Load Balancer stopped receiving new TLS/Security policy updates after 2017. Only Application Load Balancers and Network Load Balancers continue to get new SSL/TLS security policies. CLB simply doesn't support TLS v1.3 or the post-2017 hardened policies.

Your options are:

  1. Stay on CLB with limitation of having policies that end 2017
  2. Migrate to ALB / NLB which are getting ongoing security updates. This is strongly recommended, because CLB is considered "legacy"

Best regards, Neven

AWS
answered 2 months ago
AWS
EXPERT
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content