AWS elasticloadbalancing documentation change
Summary
Updated default SSL policy to TLS 1.3-compatible version and clarified security policy requirements
Security assessment
Introduces documentation about TLS 1.3 support and updates default security policies, which improves security posture documentation but doesn't address a specific known vulnerability.
Diff
diff --git a/elasticloadbalancing/latest/application/describe-ssl-policies.md b/elasticloadbalancing/latest/application/describe-ssl-policies.md index 90e89ed78..dd2e6735d 100644 --- a//elasticloadbalancing/latest/application/describe-ssl-policies.md +++ b//elasticloadbalancing/latest/application/describe-ssl-policies.md @@ -15 +15 @@ Elastic Load Balancing uses a Secure Socket Layer (SSL) negotiation configuratio - * Application Load Balancers do not support custom security policies. + * When you create an HTTPS listener, you must select a security policy. @@ -17 +17 @@ Elastic Load Balancing uses a Secure Socket Layer (SSL) negotiation configuratio - * The `ELBSecurityPolicy-TLS13-1-2-2021-06` policy is the default security policy for HTTPS listeners created using the AWS Management Console. + * The `ELBSecurityPolicy-TLS13-1-2-Res-2021-06` policy is the default security policy for HTTPS listeners created using the AWS Management Console. This policy supports TLS 1.3 and is backward compatible with TLS 1.2. @@ -21,3 +21 @@ Elastic Load Balancing uses a Secure Socket Layer (SSL) negotiation configuratio - * When you create an HTTPS listener, selecting a security policy is required. - - * We recommend the `ELBSecurityPolicy-TLS13-1-2-Res-2021-06` security policy, which includes TLS 1.3, and is backwards compatible with TLS 1.2. + * Application Load Balancers do not support custom security policies.