AWS Security ChangesHomeSearch

AWS elasticloadbalancing medium security documentation change

Service: elasticloadbalancing · 2025-10-13 · Security-related medium

File: elasticloadbalancing/latest/application/describe-ssl-policies.md

Summary

Added CLI usage examples for describe-ssl-policies command and removed deprecated ELBSecurityPolicy-2015-05 policy documentation

Security assessment

The removal of ELBSecurityPolicy-2015-05 suggests deprecation of older security standards, likely due to cryptographic weaknesses. The added examples help users identify modern TLS 1.3 policies and FIPS-compliant configurations, promoting stronger security practices. This change impacts security by guiding users away from potentially vulnerable configurations.

Diff

diff --git a/elasticloadbalancing/latest/application/describe-ssl-policies.md b/elasticloadbalancing/latest/application/describe-ssl-policies.md
index 2a2f64506..84f0009be 100644
--- a//elasticloadbalancing/latest/application/describe-ssl-policies.md
+++ b//elasticloadbalancing/latest/application/describe-ssl-policies.md
@@ -5 +5 @@
-TLS security policiesFIPS security policiesFS supported policies
+Example describe-ssl-policies commandsTLS security policiesFIPS security policiesFS supported policies
@@ -44,2 +43,0 @@ Elastic Load Balancing uses a Secure Socket Layer (SSL) negotiation configuratio
-You can describe the protocols and ciphers using the [describe-ssl-policies](https://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-ssl-policies.html) AWS CLI command, or refer to the tables below.
-
@@ -47,0 +46,2 @@ You can describe the protocols and ciphers using the [describe-ssl-policies](htt
+  * [Example describe-ssl-policies commands](./describe-ssl-policies.html#describe-ssl-policies-examples)
+
@@ -74,0 +75,34 @@ You can describe the protocols and ciphers using the [describe-ssl-policies](htt
+## Example describe-ssl-policies commands
+
+You can describe the protocols and ciphers for a security policy, or find a policy that meets your needs, using the [describe-ssl-policies](https://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-ssl-policies.html) AWS CLI command.
+
+The following example describes the specified policy.
+    
+    
+    aws elbv2 describe-ssl-policies \
+        --names "ELBSecurityPolicy-TLS13-1-2-Res-2021-06"
+
+The following example lists policies with the specified string in the policy name.
+    
+    
+    aws elbv2 describe-ssl-policies \
+        --query "SslPolicies[?contains(Name,'FIPS')].Name"
+
+The following example lists policies that support the specified protocol.
+    
+    
+    aws elbv2 describe-ssl-policies \
+        --query "SslPolicies[?contains(SslProtocols,'TLSv1.3')].Name"
+
+The following example lists policies that support the specified cipher.
+    
+    
+    aws elbv2 describe-ssl-policies \
+        --query "SslPolicies[?Ciphers[?contains(Name,'TLS_AES_128_GCM_SHA256')]].Name"
+
+The following example lists policies that do not support the specified cipher.
+    
+    
+    aws elbv2 describe-ssl-policies \
+        --query 'SslPolicies[?length(Ciphers[?starts_with(Name,`AES128-GCM-SHA256`)]) == `0`].Name'
+
@@ -109 +142,0 @@ ELBSecurityPolicy-2016-08 |  No |  Yes |  Yes |  Yes
-ELBSecurityPolicy-2015-05 |  No |  Yes |  Yes |  Yes  
@@ -326,22 +358,0 @@ ELBSecurityPolicy-2016-08 |
-ELBSecurityPolicy-2015-05 | 
-
-  * ECDHE-ECDSA-AES128-GCM-SHA256
-  * ECDHE-RSA-AES128-GCM-SHA256
-  * ECDHE-ECDSA-AES128-SHA256
-  * ECDHE-RSA-AES128-SHA256
-  * ECDHE-ECDSA-AES128-SHA
-  * ECDHE-RSA-AES128-SHA
-  * ECDHE-ECDSA-AES256-GCM-SHA384
-  * ECDHE-RSA-AES256-GCM-SHA384
-  * ECDHE-ECDSA-AES256-SHA384
-  * ECDHE-RSA-AES256-SHA384
-  * ECDHE-ECDSA-AES256-SHA
-  * ECDHE-RSA-AES256-SHA
-  * AES128-GCM-SHA256
-  * AES128-SHA256
-  * AES128-SHA
-  * AES256-GCM-SHA384
-  * AES256-SHA256
-  * AES256-SHA
-
-