AWS Security ChangesHomeSearch

AWS elasticloadbalancing documentation change

Service: elasticloadbalancing · 2026-06-19 · Documentation low

File: elasticloadbalancing/latest/application/describe-ssl-policies.md

Summary

Minor wording updates replacing 'help' with 'facilitate' and 'use' with 'leverage/utilize' in sections discussing RFC 9151 transition policies and FIPS cryptography. No technical changes to security policies or configurations.

Security assessment

Changes are purely editorial with no technical modifications to security standards, protocols, or configurations. Word substitutions don't alter security guidance, address vulnerabilities, or introduce new security features.

Diff

diff --git a/elasticloadbalancing/latest/application/describe-ssl-policies.md b/elasticloadbalancing/latest/application/describe-ssl-policies.md
index 79b96e384..2d45cd297 100644
--- a//elasticloadbalancing/latest/application/describe-ssl-policies.md
+++ b//elasticloadbalancing/latest/application/describe-ssl-policies.md
@@ -27 +27 @@ Elastic Load Balancing uses a Secure Socket Layer (SSL) negotiation configuratio
-    * Security policies with RFC 9151 in their names help you comply with RFC 9151, which defines TLS requirements for the Commercial National Security Algorithm (CNSA) 1.0 suite as specified by the US National Security Agency (NSA). To help with transition, they are available in two categories: strict policies that enforce full RFC 9151 requirements, and interop policies (containing "INTEROP" in their name) that support both RFC 9151-compliant and non-RFC 9151 ciphers to help gradual transition. AWS recommends starting with `ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07` to minimize disruption, then gradually moving to stricter policies as clients support RFC 9151. You can use the `tls_protocol`, `tls_cipher`, and `tls_keyexchange` fields in ALB connection logs to monitor client connections. For more information about RFC 9151, see [RFC 9151](https://datatracker.ietf.org/doc/html/rfc9151) on the IETF website.
+    * Security policies with RFC 9151 in their names help you comply with RFC 9151, which defines TLS requirements for the Commercial National Security Algorithm (CNSA) 1.0 suite as specified by the US National Security Agency (NSA). To help with transition, they are available in two categories: strict policies that enforce full RFC 9151 requirements, and interop policies (containing "INTEROP" in their name) that support both RFC 9151-compliant and non-RFC 9151 ciphers to facilitate gradual transition. AWS recommends starting with `ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07` to minimize disruption, then gradually moving to stricter policies as clients support RFC 9151. You can use the `tls_protocol`, `tls_cipher`, and `tls_keyexchange` fields in ALB connection logs to monitor client connections. For more information about RFC 9151, see [RFC 9151](https://datatracker.ietf.org/doc/html/rfc9151) on the IETF website.
@@ -731 +731 @@ The Federal Information Processing Standard (FIPS) is a US and Canadian governme
-All FIPS policies use the AWS-LC FIPS validated cryptographic module. To learn more, see the [ AWS-LC Cryptographic Module](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4631) page on the _NIST Cryptographic Module Validation Program_ site.
+All FIPS policies leverage the AWS-LC FIPS validated cryptographic module. To learn more, see the [ AWS-LC Cryptographic Module](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4631) page on the _NIST Cryptographic Module Validation Program_ site.
@@ -735 +735 @@ All FIPS policies use the AWS-LC FIPS validated cryptographic module. To learn m
-Policies `ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04` and `ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04` are provided for legacy compatibility only. While they use FIPS cryptography using the FIPS140 module, they may not conform to the latest NIST guidance for TLS configuration.
+Policies `ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04` and `ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04` are provided for legacy compatibility only. While they utilize FIPS cryptography using the FIPS140 module, they may not conform to the latest NIST guidance for TLS configuration.
@@ -1202 +1202 @@ RFC 9151 policies are available in two categories:
-  * **Interop policies** – Support both RFC 9151-compliant and non-RFC 9151 ciphers and signature schemes to help a gradual transition to RFC 9151 compliance. Use these when you are uncertain whether all clients can support RFC 9151, or you want to avoid disrupting clients during the transition. All interop policies contain "INTEROP" in their policy name.
+  * **Interop policies** – Support both RFC 9151-compliant and non-RFC 9151 ciphers and signature schemes to facilitate a gradual transition to RFC 9151 compliance. Use these when you are uncertain whether all clients can support RFC 9151, or you want to avoid disrupting clients during the transition. All interop policies contain "INTEROP" in their policy name.
@@ -1207 +1207 @@ RFC 9151 policies are available in two categories:
-AWS recommends starting with the interop policy `ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07`, which supports clients that can negotiate classical TLS 1.3, TLS 1.2, or strict RFC 9151 algorithms, minimizing disruption. You can gradually move to stricter policies as your clients can negotiate strict RFC 9151. You can use the `tls_protocol`, `tls_cipher`, and `tls_keyexchange` fields in ALB connection logs to monitor how clients are connecting.
+AWS recommends starting with the interop policy `ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07`, which supports clients that can negotiate classical TLS 1.3, TLS 1.2, or strict RFC 9151 algorithms, minimizing disruption. You can gradually move to stricter policies as your clients can negotiate strict RFC 9151. You can leverage the `tls_protocol`, `tls_cipher`, and `tls_keyexchange` fields in ALB connection logs to monitor how clients are connecting.