AWS Security ChangesHomeSearch

AWS elasticloadbalancing documentation change

Service: elasticloadbalancing · 2025-06-04 · Documentation medium

File: elasticloadbalancing/latest/network/describe-ssl-policies.md

Summary

Added clarifications about Forward Secrecy (FS) support in TLS security policies, specifying TLS 1.3 and cipher requirements

Security assessment

The changes provide additional documentation about Forward Secrecy (FS) support in TLS policies, which is a security feature that ensures encrypted sessions cannot be decrypted retroactively if the private key is compromised. While this enhances security awareness, there is no evidence of addressing a specific vulnerability.

Diff

diff --git a/elasticloadbalancing/latest/network/describe-ssl-policies.md b/elasticloadbalancing/latest/network/describe-ssl-policies.md
index 272c07a8b..2a4da00d8 100644
--- a//elasticloadbalancing/latest/network/describe-ssl-policies.md
+++ b//elasticloadbalancing/latest/network/describe-ssl-policies.md
@@ -24,0 +25,2 @@ When you create a TLS listener, you must select a security policy. A security po
+  * Policies that support only TLS 1.3 support Forward Secrecy (FS). Policies that support TLS 1.3 and TLS 1.2 that have only ciphers of the form TLS_* and ECDHE_* also provide FS.
+
@@ -64,0 +67,2 @@ You can use the TLS security policies to meet compliance and security standards
+Policies that support only TLS 1.3 support Forward Secrecy (FS). Policies that support TLS 1.3 and TLS 1.2 that have only ciphers of the form TLS_* and ECDHE_* also provide FS.
+
@@ -966,0 +971,2 @@ FS (Forward Secrecy) supported security policies provide additional safeguards a
+The policies in this section support FS, and "FS" is included in their names. However, these are not the only policies that support FS. Policies that support only TLS 1.3 support FS. Policies that support TLS 1.3 and TLS 1.2 that have only ciphers of the form TLS_* and ECDHE_* also provide FS.
+