AWS-ELB-Insecure-Ciphers

Severity : High

Description: This control ensures that ELB uses TLS 1.2 or above to negotiate TLS connection between a client and load balancer. Elastic Load Balancing uses a Transport Layer Security (TLS) negotiation configuration, known as a security policy, to negotiate TLS connections between a client and the load balancer. A security policy is a combination of protocols and ciphers. The protocol establishes a secure connection between a client and a server and ensures that all data passed between the client and your load balancer is private. TLS 1.2 is more secure than the previous cryptographic protocols such as TLS 1.1, TLS 1.2 keeps data being transferred across the network more secure.

Remediation Steps:

Perform following to update ELB Ciphers :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to under Load Balancing, choose Load Balancers.

3. Select the load balancer to be remediated.

4. Click Listeners tab, below the list.

5. Select the check box for the TLS/HTTPS listener and then choose Edit.

6. Under Secure listener settings, for Security policy choose TLS 1.2 or above security policy.

7. Click Save changes.

Important:

Reference:

• TLS listeners for your Network Load Balancer

• Update a TLS listener for your Network Load Balancer