<  Back to rules search

ELB has secure SSL protocols

elb

Classification:

compliance

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Update your Elastic Load Balancer’s (ELB’s) Secure Socket Layer (SSL) to replace SSLv2, SSLv3, and TLSv1 insecure or deprecated SSL protocols.

Rationale

An ELB Security Policy using insecure or deprecated protocols are vulnerable to exploits, such as POODLE and DROWN attacks.

Remediation

Console

Follow the Update an HTTPS listener for your Application Load Balancer docs to learn how to update your security policy with a modified HTTPS listener.

CLI

  1. Run modify-listener with the ssl-policy flag to define a new SSL policy. You can also modify the protocol by using the --protocol flag. See the AWS CLI documentation for examples.