Elastic Load Balancing – Perfect Forward Secrecy and more new security features

Posted on: Feb 19, 2014

We have made several enhancements to Elastic Load Balancing to further improve the security of your application traffic, making it easier for you to better protect end users’ confidential data and privacy.

You can now use these new security features:

  • Perfect Forward Secrecy is a feature that provides additional safeguards against the eavesdropping of encrypted data, through the use of a unique random session key. This prevents the decoding of captured data, even if the secret long-term key is compromised.
  • Server Order Preference lets you configure the load balancer to enforce cipher ordering, providing more control over the level of security used by clients to connect with your load balancer.
  • The new Predefined Security Policy simplifies the configuration of your load balancer by providing a recommended cipher suite that adheres to AWS security best practices. The policy includes the latest security protocols (TLS 1.1 and 1.2), enables Server Order Preference, and offers high security ciphers such as those used for Elliptic Curve signatures and key exchanges.

You can configure these new features with the AWS Management Console, API, or Command Line Interface (CLI).

To learn more about these new features, see the documentation.