Posted On: Jan 19, 2024
Network Load Balancer (NLB) now supports RSA 3072-bit certificates, and Elliptic Curve Digital Signature Algorithm (ECDSA) 256, 384 and 521-bit certificates via AWS Certificate Manager (ACM). This launch enables customers use stronger encryption during transit to meet their compliance goals.
RSA and ECDSA are two widely used public-key cryptographic algorithms to encrypt and decrypt data. With RSA 3072-bit and ECDSA 384/521-bit certificates, the longer key size will enhance security, making it more difficult for an attacker to decrypt the communication. Compared to RSA, ECDSA has the advantage of increased performance, providing higher security strength with smaller key sizes and lower computational cost. You can learn more about ECDSA security, performance and compatibility in this AWS Security blog post.
To get started, you can use these certificates through ACM. You can request and issue ECDSA P256 and P384 certificates directly through ACM. If you need to use either RSA 3072 or ECDSA P-521, you can import them for use through ACM.
This feature is available in all commercial AWS Regions and the AWS GovCloud (US) Regions. To learn more, please refer to the NLB documentation.
1/31/24 - This post has been updated to better clarify issuing certificates through AWS Certificate Manager.