Posted On: Feb 6, 2017

We are pleased to announce support for three new pre-defined security policies ELBSecurityPolicy-TLS-1-1-2017-01, ELBSecurityPolicy-TLS-1-2-2017-01 and a default security policy, ELBSecurityPolicy-2016-08 for the Application Load Balancer to support your TLS workloads. The new policies give you the flexibility to pick the TLS ciphers and protocols for your workloads on the Application Load Balancer.

ELBSecurityPolicy-TLS-1-1-2017-01 supports only TLS version 1.1 and higher, while ELBSecurityPolicy-TLS-1-2-2017-01 supports only TLS version 1.2 and higher. These new security policies allow you to restrict access from clients that are using older and weaker protocol versions. There is also a new security policy, ELBSecurityPolicy-2016-08 which corresponds to the pre-existing default settings, and supports TLS version 1.0 and higher.

All Application Load Balancers now offer support for these additional pre-defined security policies. Learn more by visiting our product page.