How can I determine if my load balancer supports SSL/TLS renegotiation?

Last updated: 2020-03-26

How can I determine if my load balancer supports Secure Sockets Layer/Transport Layer Security (SSL/TLS) renegotiation?

Resolution

Although only the client can initiate a session resumption, either side can initiate session renegotiation. Support of SSL/TLS renegotiation varies by load balancer type:

  • Classic Load Balancers support secure client-initiated renegotiations for incoming SSL/TLS client connections. Classic Load Balancers also support server-initiated renegotiation for the backend SSL/TLS connection. Note: If you need to disable client-initiated renegotiations for incoming SSL/TLS connections, you can migrate to an Application Load Balancer where these renegotiations aren't supported.
  • Application Load Balancers don't support SSL/TLS renegotiation for client or target connections.
  • Network Load Balancers don't support SSL/TLS renegotiation.

All load balancers support session resumption. However, only Network Load Balancers support resuming an SSL session that was originally negotiated with a different IP associated with the same load balancer.


Did this article help you?

Anything we could improve?


Need more help?