Disable DHE Cipher for ALB


Hello Team, We recently came across the case where we want our SSL and TSL to allow selected ciphers only and Disable some of DHE cipher ( TLS_DHE_RSA_WITH_AES_128_CBC_SHA and TLS_DHE_RSA_WITH_AES_256_CBC_SHA ). in order to stop some vulnerability CVE-2002-20001, CVE-2022-40735

Please help use to how to do this, as per my understanding with ALB we dnt have option to setup custom Security policy

Thanks in advance

1 Answer

If you apply the recommend policy ELBSecurityPolicy-TLS13-1-2-2021-06 then this will close your TLS Issues.. Other options are:

  • TLS13-1-3-2021-06 (TLS1.3 only)
  • TLS13-1-2-Res-2021-06

The names on the TLS Policy map as follows


These are both disabled on the recommended policy

profile picture
answered 4 months ago
profile picture
reviewed 7 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions