2015/03/03  9:00 PM PST - Update


AWS services listed below are in the process of investigating and mitigating this issue. All other AWS services are unaffected.



Amazon Elastic Load Balancing (ELB)


Customers that we have identified as using export cipher suites (those starting with "EXP-") will be contacted directly by email for awareness. To ensure that you use the recommended set of available ciphers, we suggest that you use a Predefined Security Policy with your load balancer. The following steps can be used to enable a Predefined Security Policy via the AWS Console:


      1. Select your load balancer (EC2 > Load Balancers).

      2. In the Listeners tab, click "Change" in the Cipher column.

      3. Ensure that the radio button for "Predefined Security Policy" is selected

      4. In the dropdown, select the "ELBSecurityPolicy-2015-02" policy.

      5. Click "Save" to apply the settings to the listener.

      6. Repeat these steps for each listener that is using HTTPS or SSL for each load balancer.


For more information, please see:







Backend services are not impacted. We are currently investigating client side impact.





2015/03/03 7:00 PM PST


We are aware of the SSL security issue known as the “FREAK Attack” as posted at https://freakattack.com/.

We are currently reviewing AWS Services and will update this bulletin within 24 hours.