How can I determine if my load balancer supports SSL/TLS renegotiation?
Last updated: 2020-03-26
How can I determine if my load balancer supports Secure Sockets Layer/Transport Layer Security (SSL/TLS) renegotiation?
Although only the client can initiate a session resumption, either side can initiate session renegotiation. Support of SSL/TLS renegotiation varies by load balancer type:
- Classic Load Balancers support secure client-initiated renegotiations for incoming SSL/TLS client connections. Classic Load Balancers also support server-initiated renegotiation for the backend SSL/TLS connection. Note: If you need to disable client-initiated renegotiations for incoming SSL/TLS connections, you can migrate to an Application Load Balancer where these renegotiations aren't supported.
- Application Load Balancers don't support SSL/TLS renegotiation for client or target connections.
- Network Load Balancers don't support SSL/TLS renegotiation.
All load balancers support session resumption. However, only Network Load Balancers support resuming an SSL session that was originally negotiated with a different IP associated with the same load balancer.