AWS-EC2-classic-ELB-have-SSL-Security-Policy

Severity: High

Description: This control ensures that HTTPs/SSL listeners have security policies configured for Elastic Load Balancer. Using insecure and deprecated security policies for SSL negotiation configuration within Load Balancers will expose the connection between the client and the load balancer to various SSL/TLS vulnerabilities. Latest security policy secures SSL negotiation configuration in order to follow security best practices and protect their front-end connections.

Remediation Steps:

Perform following to update ELB security policy :

1. Login to the AWS Management Console at https://console.aws.amazon.com as root user.

2. Navigate to EC2 console.

3. In the navigation pane, under LOAD BALANCING, select Load Balancers.

4. Select the Load Balancer that you want to reconfigure.

5. Choose the Listeners tab from the bottom panel.

6. Click Edit.

7. From this list of listeners choose Non HTTPS/SSL listener, from protocol dropdown panel select HTTPS or SSL protocol.

8. Click Change for Cipher and select appropriate Security Policy.

9. click save.

Important:

Reference :

• https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-listener-config.html

• https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_ModifyListener.html