What are the supported TLS versions for Classic Load Balancer?

0

I have an backend platform with components using TCP+SSL and HTTPS protocols after a Classic Load Balancer (CLB) currently. However, I have to updated all components to use TLS v1.3 and the CLB doesn't work well after my my initial tests. So, it arise some questions: a) Is supported TLS v1.3 on CLB ? I don't found any official documentation about it (deny or allow). b) Are there any plans to update the those protocols on Classic Load Balancer ? c) I read that the NLB and ALB supported TLS v1.3, however are there any recommendations for my scenario (HTTPS and TCP+SSL) to use NLB or ALB to replace my working CLB ?

2 Answers
0

NLBs are suitable for TCP-based applications, while Application Load Balancers (ALBs) are better suited for HTTP/HTTPS-based applications.

Use the AWS Management Console's migration wizard to create a new NLB with a configuration equivalent to your existing CLB. The wizard will handle the migration process for you.

Test the new NLB with your application to ensure it's functioning as expected.

Once you've verified the new NLB is working correctly, you can decommission the old CLB

https://repost.aws/knowledge-center/migrate-classic-load-balancer https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/migrate-classic-load-balancer.html

AWS
AWS TAM
answered 3 months ago
0

To be sure, your traffic is not exclusively HTTP or HTTPS, but you also need some non-HTTP traffic to run through the same load balancer? As the other reply correctly advises, ALB exclusively supports HTTP and HTTPS, but you really should run HTTP(S) traffic through an ALB and not a CLB or NLB that lack many of the features you need for properly securing the HTTP(S) part of your application.

If you need non-HTTP TCP traffic with or without TLS, the best option would be to use an NLB for that traffic and a separate ALB for HTTP(S). You could configure proper listener rules, path-based routing, request logging, and WAFv2 protections on the ALB, all of which is not possible on an NLB, and the NLB would only process the non-HTTP(S) traffic to which those features don't apply anyway.

EXPERT
Leo K
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions