AWS elasticloadbalancing documentation change
Summary
Added clarifications about Forward Secrecy (FS) support in TLS security policies, specifying TLS 1.3 and cipher requirements
Security assessment
The changes provide additional documentation about Forward Secrecy (FS) support in TLS policies, which is a security feature that ensures encrypted sessions cannot be decrypted retroactively if the private key is compromised. While this enhances security awareness, there is no evidence of addressing a specific vulnerability.
Diff
diff --git a/elasticloadbalancing/latest/network/describe-ssl-policies.md b/elasticloadbalancing/latest/network/describe-ssl-policies.md index 272c07a8b..2a4da00d8 100644 --- a//elasticloadbalancing/latest/network/describe-ssl-policies.md +++ b//elasticloadbalancing/latest/network/describe-ssl-policies.md @@ -24,0 +25,2 @@ When you create a TLS listener, you must select a security policy. A security po + * Policies that support only TLS 1.3 support Forward Secrecy (FS). Policies that support TLS 1.3 and TLS 1.2 that have only ciphers of the form TLS_* and ECDHE_* also provide FS. + @@ -64,0 +67,2 @@ You can use the TLS security policies to meet compliance and security standards +Policies that support only TLS 1.3 support Forward Secrecy (FS). Policies that support TLS 1.3 and TLS 1.2 that have only ciphers of the form TLS_* and ECDHE_* also provide FS. + @@ -966,0 +971,2 @@ FS (Forward Secrecy) supported security policies provide additional safeguards a +The policies in this section support FS, and "FS" is included in their names. However, these are not the only policies that support FS. Policies that support only TLS 1.3 support FS. Policies that support TLS 1.3 and TLS 1.2 that have only ciphers of the form TLS_* and ECDHE_* also provide FS. +