Kebijakan keamanan untuk Application Load Balancer - Elastic Load Balancing
TLSkebijakan keamananFIPSkebijakan keamananKebijakan yang didukung FS

Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.

Kebijakan keamanan untuk Application Load Balancer

Elastic Load Balancing menggunakan konfigurasi negosiasi Secure Socket Layer (SSL), yang dikenal sebagai kebijakan keamanan, untuk menegosiasikan SSL koneksi antara klien dan penyeimbang beban. Kebijakan keamanan adalah kombinasi dari protokol dan sandi. Protokol membuat koneksi aman antara klien dan server dan memastikan bahwa semua data yang diteruskan antara klien dan penyeimbang beban Anda bersifat pribadi. Sandi adalah algoritme enkripsi yang menggunakan kunci enkripsi untuk membuat pesan kode. Protokol menggunakan beberapa sandi untuk mengenkripsi data melalui internet. Selama proses negosiasi koneksi, klien dan penyeimbang beban menyajikan daftar sandi dan protokol yang masing-masing mendukung, dalam urutan preferensi. Secara default, sandi pertama pada daftar server yang cocok salah satu sandi klien dipilih untuk sambungan aman.

Pertimbangan

  • Application Load Balancers mendukung SSL renegosiasi untuk koneksi target saja.

  • Application Load Balancer tidak mendukung kebijakan keamanan kustom.

  • ELBSecurityPolicy-TLS13-1-2-2021-06Kebijakan ini adalah kebijakan keamanan default untuk HTTPS pendengar yang dibuat menggunakan. AWS Management Console

  • ELBSecurityPolicy-2016-08Kebijakan ini adalah kebijakan keamanan default untuk HTTPS pendengar yang dibuat menggunakan. AWS CLI

  • Saat Anda membuat HTTPS pendengar, memilih kebijakan keamanan diperlukan.

    • Kami merekomendasikan kebijakan ELBSecurityPolicy-TLS13-1-2-2021-06 keamanan, yang mencakup TLS 1.3, dan kompatibel dengan TLS 1.2.

  • Anda dapat memilih kebijakan keamanan yang digunakan untuk koneksi front-end, tetapi tidak koneksi backend.

    • Untuk koneksi backend, jika ada HTTPS pendengar Anda yang menggunakan kebijakan keamanan TLS 1.3, kebijakan keamanan akan ELBSecurityPolicy-TLS13-1-0-2021-06 digunakan. Jika tidak, kebijakan ELBSecurityPolicy-2016-08 keamanan digunakan untuk koneksi backend.

  • Untuk memenuhi standar kepatuhan dan keamanan yang mengharuskan menonaktifkan versi TLS protokol tertentu, atau untuk mendukung klien lama yang membutuhkan cipher usang, Anda dapat menggunakan salah satu kebijakan keamanan. ELBSecurityPolicy-TLS- Untuk melihat versi TLS protokol untuk permintaan ke Application Load Balancer Anda, aktifkan pencatatan akses untuk penyeimbang beban Anda dan periksa entri log akses yang sesuai. Untuk informasi selengkapnya, lihat Akses log untuk Application Load Balancer Anda.

  • Anda dapat membatasi kebijakan keamanan mana yang tersedia untuk pengguna di seluruh Anda Akun AWS dan AWS Organizations dengan menggunakan kunci kondisi Elastic Load Balancing di kebijakan kontrol layanan SCPs () IAM Anda dan masing-masing. Untuk informasi selengkapnya, lihat Kebijakan kontrol layanan (SCPs) di Panduan AWS Organizations Pengguna

  • Aplikasi Load Balancer mendukung TLS dimulainya kembali menggunakan PSK (TLS1.3) dan Tiket IDs sesi/sesi (TLS1.2 dan lebih lama). Resume hanya didukung dalam koneksi ke alamat IP Application Load Balancer yang sama. Fitur 0- RTT Data dan ekstensi early_data tidak diimplementasikan.

Anda dapat menggambarkan protokol dan cipher menggunakan describe-ssl-policies AWS CLI perintah, atau merujuk ke tabel di bawah ini.

TLSkebijakan keamanan

Anda dapat menggunakan kebijakan TLS keamanan untuk memenuhi standar kepatuhan dan keamanan yang mengharuskan menonaktifkan versi TLS protokol tertentu, atau untuk mendukung klien lama yang memerlukan cipher usang.

Protokol berdasarkan kebijakan

Tabel berikut menjelaskan protokol yang didukung oleh setiap kebijakan TLS keamanan.

Kebijakan Keamanan TLS1.3 TLS1.2 TLS1.1 TLS1.0
ELBSecurityPolicy- TLS13 -1-3-2021-06 Ya Tidak Tidak Tidak
ELBSecurityPolicy- TLS13 -1-2-2021-06 Ya Ya Tidak Tidak
ELBSecurityPolicy- TLS13 -1-2-Re-2021-06 Ya Ya Tidak Tidak
ELBSecurityPolicy- TLS13 -1-2-Ext2-2021-06 Ya Ya Tidak Tidak
ELBSecurityPolicy- TLS13 -1-2-Ext1-2021-06 Ya Ya Tidak Tidak
ELBSecurityPolicy- TLS13 -1-1-2021-06 Ya Ya Ya Tidak
ELBSecurityPolicy- TLS13 -1-0-2021-06 Ya Ya Ya Ya
ELBSecurityPolicy- TLS -1-2-Ext-2018-06 Tidak Ya Tidak Tidak
ELBSecurityPolicy- TLS -1-2-2017-01 Tidak Ya Tidak Tidak
ELBSecurityPolicy- TLS 1-1-2017-01 Tidak Ya Ya Tidak
ELBSecurityPolicy-2016-08 Tidak Ya Ya Ya
ELBSecurityPolicy-2015-05 Tidak Ya Ya Ya

Cipher berdasarkan kebijakan

Tabel berikut menjelaskan sandi yang didukung oleh setiap kebijakan TLS keamanan.

Kebijakan keamanan Cipher
ELBSecurityPolicy- TLS13 -1-3-2021-06

  • TLS_ AES GCM _128_ _ SHA256

  • TLS_ AES GCM _256_ _ SHA384

  • TLS_ CHACHA2 0_ 05_ POLY13 SHA256
ELBSecurityPolicy- TLS13 -1-2-2021-06

  • TLS_ AES GCM _128_ _ SHA256

  • TLS_ AES GCM _256_ _ SHA384

  • TLS_ CHACHA2 0_ 05_ POLY13 SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384
ELBSecurityPolicy- TLS13 -1-2-Re-2021-06

  • TLS_ AES GCM _128_ _ SHA256

  • TLS_ AES GCM _256_ _ SHA384

  • TLS_ CHACHA2 0_ 05_ POLY13 SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384
ELBSecurityPolicy- TLS13 -1-2-Ext2-2021-06

  • TLS_ AES GCM _128_ _ SHA256

  • TLS_ AES GCM _256_ _ SHA384

  • TLS_ CHACHA2 0_ 05_ POLY13 SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy- TLS13 -1-2-Ext1-2021-06

  • TLS_ AES GCM _128_ _ SHA256

  • TLS_ AES GCM _256_ _ SHA384

  • TLS_ CHACHA2 0_ 05_ POLY13 SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES256-GCM-SHA384

  • AES256-SHA256
ELBSecurityPolicy- TLS13 -1-1-2021-06

  • TLS_ AES GCM _128_ _ SHA256

  • TLS_ AES GCM _256_ _ SHA384

  • TLS_ CHACHA2 0_ 05_ POLY13 SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy- TLS13 -1-0-2021-06

  • TLS_ AES GCM _128_ _ SHA256

  • TLS_ AES GCM _256_ _ SHA384

  • TLS_ CHACHA2 0_ 05_ POLY13 SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy- TLS -1-2-Ext-2018-06

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy- TLS -1-2-2017-01

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES256-GCM-SHA384

  • AES256-SHA256
ELBSecurityPolicy- TLS 1-1-2017-01

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy-2016-08

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy-2015-05

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA

Kebijakan oleh cipher

Tabel berikut menjelaskan kebijakan TLS keamanan yang mendukung setiap cipher.

Nama cipher Kebijakan Keamanan Rangkaian Penyandian

Buka SSL — TLS _ AES GCM _128_ _ SHA256

IANA— TLS _ AES GCM _128_ _ SHA256

  • ELBSecurityPolicy- TLS13 -1-3-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Re-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy- TLS13 -1-1-2021-06

  • ELBSecurityPolicy- TLS13 -1-0-2021-06

1301

Buka SSL — TLS _ AES GCM _256_ _ SHA384

IANA— TLS _ AES GCM _256_ _ SHA384

  • ELBSecurityPolicy- TLS13 -1-3-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Re-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy- TLS13 -1-1-2021-06

  • ELBSecurityPolicy- TLS13 -1-0-2021-06

1302

Buka SSL — TLS _ CHACHA2 0_ 05_ POLY13 SHA256

IANA— TLS _ CHACHA2 0_ 05_ POLY13 SHA256

  • ELBSecurityPolicy- TLS13 -1-3-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Re-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy- TLS13 -1-1-2021-06

  • ELBSecurityPolicy- TLS13 -1-0-2021-06

1303

Buka SSL - ECDHE-ECDSA-AES 128- GCM - SHA256

IANA— TLS _ _ ECDHE _ ECDSA _ WITH AES GCM _128_ _ SHA256

  • ELBSecurityPolicy- TLS13 -1-2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Re-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy- TLS13 -1-1-2021-06

  • ELBSecurityPolicy- TLS13 -1-0-2021-06

  • ELBSecurityPolicy- TLS -1-2-Ext-2018-06

  • ELBSecurityPolicy- TLS -1-2-2017-01

  • ELBSecurityPolicy- TLS 1-1-2017-01

  • ELBSecurityPolicy-2016-08

c02b

Buka SSL - ECDHE-RSA-AES 128- GCM - SHA256

IANA— TLS _ _ ECDHE _ RSA _ WITH AES GCM _128_ _ SHA256

  • ELBSecurityPolicy- TLS13 -1-2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Re-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy- TLS13 -1-1-2021-06

  • ELBSecurityPolicy- TLS13 -1-0-2021-06

  • ELBSecurityPolicy- TLS -1-2-Ext-2018-06

  • ELBSecurityPolicy- TLS -1-2-2017-01

  • ELBSecurityPolicy- TLS 1-1-2017-01

  • ELBSecurityPolicy-2016-08

c02f

Buka SSL - ECDHE-ECDSA-AES 128- SHA256

IANA— TLS _ _ ECDHE _ ECDSA _ WITH AES CBC _128_ _ SHA256

  • ELBSecurityPolicy- TLS13 -1-2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy- TLS13 -1-1-2021-06

  • ELBSecurityPolicy- TLS13 -1-0-2021-06

  • ELBSecurityPolicy- TLS -1-2-Ext-2018-06

  • ELBSecurityPolicy- TLS -1-2-2017-01

  • ELBSecurityPolicy- TLS 1-1-2017-01

  • ELBSecurityPolicy-2016-08

c023

Buka SSL - ECDHE-RSA-AES 128- SHA256

IANA— TLS _ _ ECDHE _ RSA _ WITH AES CBC _128_ _ SHA256

  • ELBSecurityPolicy- TLS13 -1-2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy- TLS13 -1-1-2021-06

  • ELBSecurityPolicy- TLS13 -1-0-2021-06

  • ELBSecurityPolicy- TLS -1-2-Ext-2018-06

  • ELBSecurityPolicy- TLS -1-2-2017-01

  • ELBSecurityPolicy- TLS 1-1-2017-01

  • ELBSecurityPolicy-2016-08

c027

Buka SSL - ECDHE-ECDSA-AES 128- SHA

IANA— TLS _ _ ECDHE _ ECDSA _ WITH AES CBC _128_ _ SHA

  • ELBSecurityPolicy- TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy- TLS13 -1-1-2021-06

  • ELBSecurityPolicy- TLS13 -1-0-2021-06

  • ELBSecurityPolicy- TLS -1-2-Ext-2018-06

  • ELBSecurityPolicy- TLS 1-1-2017-01

  • ELBSecurityPolicy-2016-08

c009

Buka SSL - ECDHE-RSA-AES 128- SHA

IANA— TLS _ _ ECDHE _ RSA _ WITH AES CBC _128_ _ SHA

  • ELBSecurityPolicy- TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy- TLS13 -1-1-2021-06

  • ELBSecurityPolicy- TLS13 -1-0-2021-06

  • ELBSecurityPolicy- TLS -1-2-Ext-2018-06

  • ELBSecurityPolicy- TLS 1-1-2017-01

  • ELBSecurityPolicy-2016-08

c013

Buka SSL - ECDHE-ECDSA-AES 256- GCM - SHA384

IANA— TLS _ _ ECDHE _ ECDSA _ WITH _ AES 256_ GCM _ SHA384

  • ELBSecurityPolicy- TLS13 -1-2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Re-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy- TLS13 -1-1-2021-06

  • ELBSecurityPolicy- TLS13 -1-0-2021-06

  • ELBSecurityPolicy- TLS -1-2-Ext-2018-06

  • ELBSecurityPolicy- TLS -1-2-2017-01

  • ELBSecurityPolicy- TLS 1-1-2017-01

  • ELBSecurityPolicy-2016-08

c02c

Buka SSL - ECDHE-RSA-AES 256- GCM - SHA384

IANA— TLS _ _ ECDHE _ RSA _ WITH _ AES 256_ GCM _ SHA384

  • ELBSecurityPolicy- TLS13 -1-2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Re-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy- TLS13 -1-1-2021-06

  • ELBSecurityPolicy- TLS13 -1-0-2021-06

  • ELBSecurityPolicy- TLS -1-2-Ext-2018-06

  • ELBSecurityPolicy- TLS -1-2-2017-01

  • ELBSecurityPolicy- TLS 1-1-2017-01

  • ELBSecurityPolicy-2016-08

c030

Buka SSL - ECDHE-ECDSA-AES 256- SHA384

IANA— TLS _ _ ECDHE _ ECDSA _ WITH _ AES 256_ CBC _ SHA384

  • ELBSecurityPolicy- TLS13 -1-2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy- TLS13 -1-1-2021-06

  • ELBSecurityPolicy- TLS13 -1-0-2021-06

  • ELBSecurityPolicy- TLS -1-2-Ext-2018-06

  • ELBSecurityPolicy- TLS -1-2-2017-01

  • ELBSecurityPolicy- TLS 1-1-2017-01

  • ELBSecurityPolicy-2016-08

c024

Buka SSL - ECDHE-RSA-AES 256- SHA384

IANA— TLS _ _ ECDHE _ RSA _ WITH _ AES 256_ CBC _ SHA384

  • ELBSecurityPolicy- TLS13 -1-2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy- TLS13 -1-1-2021-06

  • ELBSecurityPolicy- TLS13 -1-0-2021-06

  • ELBSecurityPolicy- TLS -1-2-Ext-2018-06

  • ELBSecurityPolicy- TLS -1-2-2017-01

  • ELBSecurityPolicy- TLS -1-1-2017-01

  • ELBSecurityPolicy-2016-08

c028

Buka SSL - ECDHE-ECDSA-AES 256- SHA

IANA— TLS _ _ ECDHE _ ECDSA _ WITH _ AES 256_ CBC _ SHA

  • ELBSecurityPolicy- TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy- TLS13 -1-1-2021-06

  • ELBSecurityPolicy- TLS13 -1-0-2021-06

  • ELBSecurityPolicy- TLS -1-2-Ext-2018-06

  • ELBSecurityPolicy- TLS -1-1-2017-01

  • ELBSecurityPolicy-2016-08

c00a

Buka SSL - ECDHE-RSA-AES 256- SHA

IANA— TLS _ _ ECDHE _ RSA _ WITH _ AES 256_ CBC _ SHA

  • ELBSecurityPolicy- TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy- TLS13 -1-1-2021-06

  • ELBSecurityPolicy- TLS13 -1-0-2021-06

  • ELBSecurityPolicy- TLS -1-2-Ext-2018-06

  • ELBSecurityPolicy- TLS -1-1-2017-01

  • ELBSecurityPolicy-2016-08

c014

Buka SSL — AES128 - GCM - SHA256

IANA— TLS _ _ RSA WITH _ AES GCM _128_ _ SHA256

  • ELBSecurityPolicy- TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy- TLS13 -1-1-2021-06

  • ELBSecurityPolicy- TLS13 -1-0-2021-06

  • ELBSecurityPolicy- TLS -1-2-Ext-2018-06

  • ELBSecurityPolicy- TLS -1-2-2017-01

  • ELBSecurityPolicy- TLS -1-1-2017-01

  • ELBSecurityPolicy-2016-08

9c

Buka SSL — AES128 - SHA256

IANA— TLS _ _ RSA WITH _ AES CBC _128_ _ SHA256

  • ELBSecurityPolicy- TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy- TLS13 -1-1-2021-06

  • ELBSecurityPolicy- TLS13 -1-0-2021-06

  • ELBSecurityPolicy- TLS -1-2-Ext-2018-06

  • ELBSecurityPolicy- TLS -1-2-2017-01

  • ELBSecurityPolicy- TLS -1-1-2017-01

  • ELBSecurityPolicy-2016-08

3c

Buka SSL — AES128 - SHA

IANA— TLS _ _ RSA WITH _ AES CBC _128_ _ SHA

  • ELBSecurityPolicy- TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy- TLS13 -1-1-2021-06

  • ELBSecurityPolicy- TLS13 -1-0-2021-06

  • ELBSecurityPolicy- TLS -1-2-Ext-2018-06

  • ELBSecurityPolicy- TLS -1-1-2017-01

  • ELBSecurityPolicy-2016-08

2f

Buka SSL — AES256 - GCM - SHA384

IANA— TLS _ _ _ RSA WITH _ AES GCM _256_ _ SHA384

  • ELBSecurityPolicy- TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy- TLS13 -1-1-2021-06

  • ELBSecurityPolicy- TLS13 -1-0-2021-06

  • ELBSecurityPolicy- TLS -1-2-Ext-2018-06

  • ELBSecurityPolicy- TLS -1-2-2017-01

  • ELBSecurityPolicy- TLS -1-1-2017-01

  • ELBSecurityPolicy-2016-08

9d

Buka SSL — AES256 - SHA256

IANA— TLS _ _ _ RSA WITH _ AES CBC _256_ _ SHA256

  • ELBSecurityPolicy- TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy- TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy- TLS13 -1-1-2021-06

  • ELBSecurityPolicy- TLS13 -1-0-2021-06

  • ELBSecurityPolicy- TLS -1-2-Ext-2018-06

  • ELBSecurityPolicy- TLS -1-2-2017-01

  • ELBSecurityPolicy- TLS -1-1-2017-01

  • ELBSecurityPolicy-2016-08

3d

Buka SSL — AES256 - SHA

IANA— TLS _ _ _ RSA WITH _ AES CBC _256_ _ SHA

  • ELBSecurityPolicy- TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy- TLS13 -1-1-2021-06

  • ELBSecurityPolicy- TLS13 -1-0-2021-06

  • ELBSecurityPolicy- TLS -1-2-Ext-2018-06

  • ELBSecurityPolicy- TLS -1-1-2017-01

  • ELBSecurityPolicy-2016-08

35

FIPSkebijakan keamanan

penting

Semua pendengar aman yang melekat pada Application Load Balancer harus menggunakan kebijakan keamanan FIPS atau kebijakan FIPS non-keamanan; mereka tidak dapat dicampur. Jika Application Load Balancer yang ada memiliki dua atau lebih pendengar yang menggunakan FIPS non-kebijakan dan Anda ingin pendengar menggunakan kebijakan FIPS keamanan sebagai gantinya, hapus semua pendengar hingga hanya ada satu. Ubah kebijakan keamanan pendengar menjadi FIPS dan kemudian buat pendengar tambahan menggunakan FIPS kebijakan keamanan. Atau, Anda dapat membuat Application Load Balancer baru dengan pendengar baru hanya menggunakan kebijakan keamanan. FIPS

Federal Information Processing Standard (FIPS) adalah standar pemerintah AS dan Kanada yang menetapkan persyaratan keamanan untuk modul kriptografi yang melindungi informasi sensitif. Untuk mempelajari lebih lanjut, lihat Standar Pemrosesan Informasi Federal (FIPS) 140 di halaman Kepatuhan Keamanan AWS Cloud.

Semua FIPS kebijakan memanfaatkan modul kriptografi yang FIPS divalidasi AWS -LC. Untuk mempelajari lebih lanjut, lihat halaman Modul Kriptografi AWS -LC di situs Program Validasi Modul NIST Kriptografi.

penting

Kebijakan ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04 dan ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04 disediakan hanya untuk kompatibilitas lama. Meskipun mereka menggunakan FIPS kriptografi menggunakan modul FIPS14 0, mereka mungkin tidak sesuai dengan NIST panduan konfigurasi terbaru. TLS

Protokol berdasarkan kebijakan

Tabel berikut menjelaskan protokol yang didukung oleh setiap kebijakan FIPS keamanan.

Kebijakan Keamanan TLS1.3 TLS1.2 TLS1.1 TLS1.0
ELBSecurityPolicy- TLS13 -1-3- -2023-04 FIPS Ya Tidak Tidak Tidak
ELBSecurityPolicy- TLS13 -1-2- -2023-04 FIPS Ya Ya Tidak Tidak
ELBSecurityPolicy- TLS13 -1-2-Res- -2023-04 FIPS Ya Ya Tidak Tidak
ELBSecurityPolicy- TLS13 -1-2-Ext2- -2023-04 FIPS Ya Ya Tidak Tidak
ELBSecurityPolicy- TLS13 -1-2-Ext1- -2023-04 FIPS Ya Ya Tidak Tidak
ELBSecurityPolicy- TLS13 -1-2-Ext0- -2023-04 FIPS Ya Ya Tidak Tidak
ELBSecurityPolicy- TLS13 -1-1- -2023-04 FIPS Ya Ya Ya Tidak
ELBSecurityPolicy- TLS13 -1-0- -2023-04 FIPS Ya Ya Ya Ya

Cipher berdasarkan kebijakan

Tabel berikut menjelaskan sandi yang didukung oleh setiap kebijakan FIPS keamanan.

Kebijakan keamanan Cipher
ELBSecurityPolicy- TLS13 -1-3- -2023-04 FIPS

  • TLS_ AES GCM _128_ _ SHA256

  • TLS_ AES GCM _256_ _ SHA384
ELBSecurityPolicy- TLS13 -1-2- -2023-04 FIPS

  • TLS_ AES GCM _128_ _ SHA256

  • TLS_ AES GCM _256_ _ SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384
ELBSecurityPolicy- TLS13 -1-2-Res- -2023-04 FIPS

  • TLS_ AES GCM _128_ _ SHA256

  • TLS_ AES GCM _256_ _ SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384
ELBSecurityPolicy- TLS13 -1-2-Ext2- -2023-04 FIPS

  • TLS_ AES GCM _128_ _ SHA256

  • TLS_ AES GCM _256_ _ SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy- TLS13 -1-2-Ext1- -2023-04 FIPS

  • TLS_ AES GCM _128_ _ SHA256

  • TLS_ AES GCM _256_ _ SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES256-GCM-SHA384

  • AES256-SHA256
ELBSecurityPolicy- TLS13 -1-2-Ext0- -2023-04 FIPS

  • TLS_ AES GCM _128_ _ SHA256

  • TLS_ AES GCM _256_ _ SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA
ELBSecurityPolicy- TLS13 -1-1- -2023-04 FIPS

  • TLS_ AES GCM _128_ _ SHA256

  • TLS_ AES GCM _256_ _ SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy- TLS13 -1-0- -2023-04 FIPS

  • TLS_ AES GCM _128_ _ SHA256

  • TLS_ AES GCM _256_ _ SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA

Kebijakan oleh cipher

Tabel berikut menjelaskan kebijakan FIPS keamanan yang mendukung setiap cipher.

Nama cipher Kebijakan Keamanan Rangkaian Penyandian

Buka SSL — TLS _ AES GCM _128_ _ SHA256

IANA— TLS _ AES GCM _128_ _ SHA256

  • ELBSecurityPolicy- TLS13 -1-3- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Res- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext0- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-0- -2023-04 FIPS

1301

Buka SSL — TLS _ AES GCM _256_ _ SHA384

IANA— TLS _ AES GCM _256_ _ SHA384

  • ELBSecurityPolicy- TLS13 -1-3- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Res- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext0- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-0- -2023-04 FIPS

1302

Buka SSL - ECDHE-ECDSA-AES 128- GCM - SHA256

IANA— TLS _ _ ECDHE _ ECDSA _ WITH AES GCM _128_ _ SHA256

  • ELBSecurityPolicy- TLS13 -1-2-Res- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext0- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-0- -2023-04 FIPS

c02b

Buka SSL - ECDHE-RSA-AES 128- GCM - SHA256

IANA— TLS _ _ ECDHE _ RSA _ WITH AES GCM _128_ _ SHA256

  • ELBSecurityPolicy- TLS13 -1-2-Res- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext0- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-0- -2023-04 FIPS

c02f

Buka SSL - ECDHE-ECDSA-AES 128- SHA256

IANA— TLS _ _ ECDHE _ ECDSA _ WITH AES CBC _128_ _ SHA256

  • ELBSecurityPolicy- TLS13 -1-2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext0- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-0- -2023-04 FIPS

c023

Buka SSL - ECDHE-RSA-AES 128- SHA256

IANA— TLS _ _ ECDHE _ RSA _ WITH AES CBC _128_ _ SHA256

  • ELBSecurityPolicy- TLS13 -1-2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext0- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-0- -2023-04 FIPS

c027

Buka SSL - ECDHE-ECDSA-AES 128- SHA

IANA— TLS _ _ ECDHE _ ECDSA _ WITH AES CBC _128_ _ SHA

  • ELBSecurityPolicy- TLS13 -1-2-Ext2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext0- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-0- -2023-04 FIPS

c009

Buka SSL - ECDHE-RSA-AES 128- SHA

IANA— TLS _ _ ECDHE _ RSA _ WITH AES CBC _128_ _ SHA

  • ELBSecurityPolicy- TLS13 -1-2-Ext2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext0- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-0- -2023-04 FIPS

c013

Buka SSL - ECDHE-ECDSA-AES 256- GCM - SHA384

IANA— TLS _ _ ECDHE _ ECDSA _ WITH _ AES 256_ GCM _ SHA384

  • ELBSecurityPolicy- TLS13 -1-2-Res- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext0- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-0- -2023-04 FIPS

c02c

Buka SSL - ECDHE-RSA-AES 256- GCM - SHA384

IANA— TLS _ _ ECDHE _ RSA _ WITH _ AES 256_ GCM _ SHA384

  • ELBSecurityPolicy- TLS13 -1-2-Res- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext0- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-0- -2023-04 FIPS

c030

Buka SSL - ECDHE-ECDSA-AES 256- SHA384

IANA— TLS _ _ ECDHE _ ECDSA _ WITH _ AES 256_ CBC _ SHA384

  • ELBSecurityPolicy- TLS13 -1-2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext0- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-0- -2023-04 FIPS

c024

Buka SSL - ECDHE-RSA-AES 256- SHA384

IANA— TLS _ _ ECDHE _ RSA _ WITH _ AES 256_ CBC _ SHA384

  • ELBSecurityPolicy- TLS13 -1-2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext0- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-0- -2023-04 FIPS

c028

Buka SSL - ECDHE-ECDSA-AES 256- SHA

IANA— TLS _ _ ECDHE _ ECDSA _ WITH _ AES 256_ CBC _ SHA

  • ELBSecurityPolicy- TLS13 -1-2-Ext2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext0- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-0- -2023-04 FIPS

c00a

Buka SSL - ECDHE-RSA-AES 256- SHA

IANA— TLS _ _ ECDHE _ RSA _ WITH _ AES 256_ CBC _ SHA

  • ELBSecurityPolicy- TLS13 -1-2-Ext2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext0- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-0- -2023-04 FIPS

c014

Buka SSL — AES128 - GCM - SHA256

IANA— TLS _ _ RSA WITH _ AES GCM _128_ _ SHA256

  • ELBSecurityPolicy- TLS13 -1-2-Ext2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-0- -2023-04 FIPS

9c

Buka SSL — AES128 - SHA256

IANA— TLS _ _ RSA WITH _ AES CBC _128_ _ SHA256

  • ELBSecurityPolicy- TLS13 -1-2-Ext2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-0- -2023-04 FIPS

3c

Buka SSL — AES128 - SHA

IANA— TLS _ _ RSA WITH _ AES CBC _128_ _ SHA

  • ELBSecurityPolicy- TLS13 -1-2-Ext2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-0- -2023-04 FIPS

2f

Buka SSL — AES256 - GCM - SHA384

IANA— TLS _ _ _ RSA WITH _ AES GCM _256_ _ SHA384

  • ELBSecurityPolicy- TLS13 -1-2-Ext2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-0- -2023-04 FIPS

9d

Buka SSL — AES256 - SHA256

IANA— TLS _ _ _ RSA WITH _ AES CBC _256_ _ SHA256

  • ELBSecurityPolicy- TLS13 -1-2-Ext2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-2-Ext1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-0- -2023-04 FIPS

3d

Buka SSL — AES256 - SHA

IANA— TLS _ _ _ RSA WITH _ AES CBC _256_ _ SHA

  • ELBSecurityPolicy- TLS13 -1-2-Ext2- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-1- -2023-04 FIPS

  • ELBSecurityPolicy- TLS13 -1-0- -2023-04 FIPS

35

Kebijakan yang didukung FS

Kebijakan keamanan yang didukung FS (Forward Secrecy) memberikan perlindungan tambahan terhadap penyadapan data terenkripsi, melalui penggunaan kunci sesi acak yang unik. Ini mencegah decoding data yang diambil, bahkan jika kunci rahasia jangka panjang dikompromikan.

Protokol berdasarkan kebijakan

Tabel berikut menjelaskan protokol yang didukung oleh setiap kebijakan keamanan FS yang didukung.

Kebijakan Keamanan TLS1.3 TLS1.2 TLS1.1 TLS1.0
ELBSecurityPolicy-FS-1-2-RES-2020-10 Tidak Ya Tidak Tidak
ELBSecurityPolicy-FS-1-2-RES-2019-08 Tidak Ya Tidak Tidak
ELBSecurityPolicy-FS-1-2-2019-08 Tidak Ya Tidak Tidak
ELBSecurityPolicy-FS-1-1-2019-08 Tidak Ya Ya Tidak
ELBSecurityPolicy-FS-2018-06 Tidak Ya Ya Ya

Cipher berdasarkan kebijakan

Tabel berikut menjelaskan sandi yang didukung oleh setiap kebijakan keamanan yang didukung FS.

Kebijakan keamanan Cipher
ELBSecurityPolicy-FS-1-2-RES-2020-10

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384
ELBSecurityPolicy-FS-1-2-RES-2019-08

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384
ELBSecurityPolicy-FS-1-2-2019-08

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA
ELBSecurityPolicy-FS-1-1-2019-08

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA
ELBSecurityPolicy-FS-2018-06

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA

Kebijakan oleh cipher

Tabel berikut menjelaskan kebijakan keamanan yang didukung FS yang mendukung setiap cipher.

Nama cipher Kebijakan Keamanan Rangkaian Penyandian

Buka SSL - ECDHE-ECDSA-AES 128- GCM - SHA256

IANA— TLS _ _ ECDHE _ ECDSA _ WITH AES GCM _128_ _ SHA256

  • ELBSecurityPolicy-FS-1-2-RES-2020-10

  • ELBSecurityPolicy-FS-1-2-RES-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c02b

Buka SSL - ECDHE-RSA-AES 128- GCM - SHA256

IANA— TLS _ _ ECDHE _ RSA _ WITH AES GCM _128_ _ SHA256

  • ELBSecurityPolicy-FS-1-2-RES-2020-10

  • ELBSecurityPolicy-FS-1-2-RES-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c02f

Buka SSL - ECDHE-ECDSA-AES 128- SHA256

IANA— TLS _ _ ECDHE _ ECDSA _ WITH AES CBC _128_ _ SHA256

  • ELBSecurityPolicy-FS-1-2-RES-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c023

Buka SSL - ECDHE-RSA-AES 128- SHA256

IANA— TLS _ _ ECDHE _ RSA _ WITH AES CBC _128_ _ SHA256

  • ELBSecurityPolicy-FS-1-2-RES-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c027

Buka SSL - ECDHE-ECDSA-AES 128- SHA

IANA— TLS _ _ ECDHE _ ECDSA _ WITH AES CBC _128_ _ SHA

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c009

Buka SSL - ECDHE-RSA-AES 128- SHA

IANA— TLS _ _ ECDHE _ RSA _ WITH AES CBC _128_ _ SHA

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c013

Buka SSL - ECDHE-ECDSA-AES 256- GCM - SHA384

IANA— TLS _ _ ECDHE _ ECDSA _ WITH _ AES 256_ GCM _ SHA384

  • ELBSecurityPolicy-FS-1-2-RES-2020-10

  • ELBSecurityPolicy-FS-1-2-RES-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c02c

Buka SSL - ECDHE-RSA-AES 256- GCM - SHA384

IANA— TLS _ _ ECDHE _ RSA _ WITH _ AES 256_ GCM _ SHA384

  • ELBSecurityPolicy-FS-1-2-RES-2020-10

  • ELBSecurityPolicy-FS-1-2-RES-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c030

Buka SSL - ECDHE-ECDSA-AES 256- SHA384

IANA— TLS _ _ ECDHE _ ECDSA _ WITH _ AES 256_ CBC _ SHA384

  • ELBSecurityPolicy-FS-1-2-RES-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c024

Buka SSL - ECDHE-RSA-AES 256- SHA384

IANA— TLS _ _ ECDHE _ RSA _ WITH _ AES 256_ CBC _ SHA384

  • ELBSecurityPolicy-FS-1-2-RES-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c028

Buka SSL - ECDHE-ECDSA-AES 256- SHA

IANA— TLS _ _ ECDHE _ ECDSA _ WITH _ AES 256_ CBC _ SHA

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c00a

Buka SSL - ECDHE-RSA-AES 256- SHA

IANA— TLS _ _ ECDHE _ RSA _ WITH _ AES 256_ CBC _ SHA

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c014