网络负载均衡器的安全策略 - Elastic Load Balancing
TLS安全策略FIPS安全策略FIPS 支持的安全策略

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

网络负载均衡器的安全策略

创建TLS监听器时,必须选择安全策略。安全策略决定在您的负载均衡器和客户端之间的SSL协商期间支持哪些密码和协议。如果您的要求更改或者当我们发布新的安全策略时,您可以更新负载均衡器的安全策略。有关更多信息,请参阅 更新安全策略

注意事项

  • ELBSecurityPolicy-TLS13-1-2-2021-06策略是使用创建的TLS监听器的默认安全策略。 AWS Management Console

    • 我们推荐使用ELBSecurityPolicy-TLS13-1-2-2021-06安全策略,该策略包括 TLS 1.3,并且向后兼容 TLS 1.2。

  • ELBSecurityPolicy-2016-08策略是使用创建的TLS监听器的默认安全策略。 AWS CLI

  • 您可以选择用于前端连接但不能选择用于后端连接的安全策略。

    • 对于后端连接,如果您的TLS监听器使用的是 TLS 1.3 安全策略,则使用ELBSecurityPolicy-TLS13-1-0-2021-06安全策略。否则,ELBSecurityPolicy-2016-08 安全策略用于后端连接。

  • 您可以启用访问日志,以获取有关发送到 Network Load Balancer 的TLS请求的信息,分析TLS流量模式,管理安全策略升级,并对问题进行故障排除。为负载均衡器启用访问日志记录,然后检查相应的访问日志条目。有关更多信息,请参阅访问日志网络负载均衡器示例查询

  • 您可以分别使用您的 AWS 账户 和 AWS Organizations 服务控制策略中的 Elastic Load Balancing 条件密钥IAM和服务控制策略 (SCPs) 来限制用户可以使用哪些安全策略。有关更多信息,请参阅《AWS Organizations 用户指南》中的服务控制策略 (SCPs)

您可以使用describe-ssl-policies AWS CLI 命令描述协议和密码,也可以参考下表。

TLS安全策略

您可以使用TLS安全策略来满足要求禁用某些TLS协议版本的合规性和安全标准,或者支持需要已弃用密码的旧客户端。

按策略划分的协议

下表描述了每种TLS安全策略支持的协议。

安全策略 TLS1.3 TLS1.2 TLS1.1 TLS1.0
ELBSecurityPolicy-TLS13 -1-3-2021-06 没有 没有 没有
ELBSecurityPolicy-TLS13 -1-2-2021-06 没有 没有
ELBSecurityPolicy--1-2-TLS13 Res-2021-06 没有 没有
ELBSecurityPolicy-TLS13 -1-2-Ext2-2021-06 没有 没有
ELBSecurityPolicy-TLS13 -1-2-Ext1-2021-06 没有 没有
ELBSecurityPolicy-TLS13 -1-1-2021-06 没有
ELBSecurityPolicy--1-0 TLS13 -2021-06
ELBSecurityPolicy--1-2-Ext TLS -2018-06 没有 没有 没有
ELBSecurityPolicy--1-2-2017 TLS -01 没有 没有 没有
ELBSecurityPolicy--1-1-2017 TLS -01 没有 没有
ELBSecurityPolicy-2016-08 没有
ELBSecurityPolicy-2015-05 没有

按策略划分的密码

下表描述了每种TLS安全策略支持的密码。

安全策略 密码
ELBSecurityPolicy-TLS13 -1-3-2021-06

  • TLS_ AES _128 GCM _ _ SHA256

  • TLS_ AES _256 GCM _ _ SHA384

  • TLS_ CHACHA2 0_ 05_ POLY13 SHA256
ELBSecurityPolicy-TLS13 -1-2-2021-06

  • TLS_ AES _128 GCM _ _ SHA256

  • TLS_ AES _256 GCM _ _ SHA384

  • TLS_ CHACHA2 0_ 05_ POLY13 SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384
ELBSecurityPolicy--1-2-TLS13 Res-2021-06

  • TLS_ AES _128 GCM _ _ SHA256

  • TLS_ AES _256 GCM _ _ SHA384

  • TLS_ CHACHA2 0_ 05_ POLY13 SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384
ELBSecurityPolicy-TLS13 -1-2-Ext2-2021-06

  • TLS_ AES _128 GCM _ _ SHA256

  • TLS_ AES _256 GCM _ _ SHA384

  • TLS_ CHACHA2 0_ 05_ POLY13 SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy-TLS13 -1-2-Ext1-2021-06

  • TLS_ AES _128 GCM _ _ SHA256

  • TLS_ AES _256 GCM _ _ SHA384

  • TLS_ CHACHA2 0_ 05_ POLY13 SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES256-GCM-SHA384

  • AES256-SHA256
ELBSecurityPolicy-TLS13 -1-1-2021-06

  • TLS_ AES _128 GCM _ _ SHA256

  • TLS_ AES _256 GCM _ _ SHA384

  • TLS_ CHACHA2 0_ 05_ POLY13 SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy--1-0 TLS13 -2021-06

  • TLS_ AES _128 GCM _ _ SHA256

  • TLS_ AES _256 GCM _ _ SHA384

  • TLS_ CHACHA2 0_ 05_ POLY13 SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy--1-2-Ext TLS -2018-06

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy--1-2-2017 TLS -01

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES256-GCM-SHA384

  • AES256-SHA256
ELBSecurityPolicy--1-1-2017 TLS -01

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy-2016-08

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy-2015-05

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA

按密码划分的策略

下表描述了支持每种密码TLS的安全策略。

密码名称 安全策略 密码套件

打开 SSL — TLS _ AES _128 GCM _ _ SHA256

IANA— TLS _ AES _128 GCM _ _ SHA256

  • ELBSecurityPolicy-TLS13 -1-3-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-2021-06

  • ELBSecurityPolicy--1-2-TLS13 Res-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13 -1-1-2021-06

  • ELBSecurityPolicy--1-0 TLS13 -2021-06

1301

打开 SSL — TLS _ AES _256 GCM _ _ SHA384

IANA— TLS _ AES _256 GCM _ _ SHA384

  • ELBSecurityPolicy-TLS13 -1-3-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-2021-06

  • ELBSecurityPolicy--1-2-TLS13 Res-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13 -1-1-2021-06

  • ELBSecurityPolicy--1-0 TLS13 -2021-06

1302

打开 SSL — TLS _ CHACHA2 0_ 05_ POLY13 SHA256

IANA— TLS _ CHACHA2 0_ 05_ POLY13 SHA256

  • ELBSecurityPolicy-TLS13 -1-3-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-2021-06

  • ELBSecurityPolicy--1-2-TLS13 Res-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13 -1-1-2021-06

  • ELBSecurityPolicy--1-0 TLS13 -2021-06

1303

打开 SSL — ECDHE-ECDSA-AES 128-GCM-SHA256

IANA— TLS _ _ ECDHE _ ECDSA WITH _ AES _128 GCM _ SHA256

  • ELBSecurityPolicy-TLS13 -1-2-2021-06

  • ELBSecurityPolicy--1-2-TLS13 Res-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13 -1-1-2021-06

  • ELBSecurityPolicy--1-0 TLS13 -2021-06

  • ELBSecurityPolicy--1-2-Ext TLS -2018-06

  • ELBSecurityPolicy--1-2-2017 TLS -01

  • ELBSecurityPolicy--1-1-2017 TLS -01

  • ELBSecurityPolicy-2016-08

c02b

打开 SSL — ECDHE-RSA-AES 128-GCM-SHA256

IANA— TLS _ _ ECDHE _ RSA WITH _ AES _128 GCM _ SHA256

  • ELBSecurityPolicy-TLS13 -1-2-2021-06

  • ELBSecurityPolicy--1-2-TLS13 Res-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13 -1-1-2021-06

  • ELBSecurityPolicy--1-0 TLS13 -2021-06

  • ELBSecurityPolicy--1-2-Ext TLS -2018-06

  • ELBSecurityPolicy--1-2-2017 TLS -01

  • ELBSecurityPolicy--1-1-2017 TLS -01

  • ELBSecurityPolicy-2016-08

c02f

打开 SSL — ECDHE-ECDSA-AES 128-SHA256

IANA— TLS _ _ ECDHE _ ECDSA WITH _ AES _128 CBC _ SHA256

  • ELBSecurityPolicy-TLS13 -1-2-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13 -1-1-2021-06

  • ELBSecurityPolicy--1-0 TLS13 -2021-06

  • ELBSecurityPolicy--1-2-Ext TLS -2018-06

  • ELBSecurityPolicy--1-2-2017 TLS -01

  • ELBSecurityPolicy--1-1-2017 TLS -01

  • ELBSecurityPolicy-2016-08

c023

打开 SSL — ECDHE-RSA-AES 128-SHA256

IANA— TLS _ _ ECDHE _ RSA WITH _ AES _128 CBC _ SHA256

  • ELBSecurityPolicy-TLS13 -1-2-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13 -1-1-2021-06

  • ELBSecurityPolicy--1-0 TLS13 -2021-06

  • ELBSecurityPolicy--1-2-Ext TLS -2018-06

  • ELBSecurityPolicy--1-2-2017 TLS -01

  • ELBSecurityPolicy--1-1-2017 TLS -01

  • ELBSecurityPolicy-2016-08

c027

打开 SSL — ECDHE-ECDSA-AES 128-SHA

IANA— TLS _ _ ECDHE _ ECDSA WITH _ AES _128 CBC _ SHA

  • ELBSecurityPolicy-TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13 -1-1-2021-06

  • ELBSecurityPolicy--1-0 TLS13 -2021-06

  • ELBSecurityPolicy--1-2-Ext TLS -2018-06

  • ELBSecurityPolicy--1-1-2017 TLS -01

  • ELBSecurityPolicy-2016-08

c009

打开 SSL — ECDHE-RSA-AES 128-SHA

IANA— TLS _ _ ECDHE _ RSA WITH _ AES _128 CBC _ SHA

  • ELBSecurityPolicy-TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13 -1-1-2021-06

  • ELBSecurityPolicy--1-0 TLS13 -2021-06

  • ELBSecurityPolicy--1-2-Ext TLS -2018-06

  • ELBSecurityPolicy--1-1-2017 TLS -01

  • ELBSecurityPolicy-2016-08

c013

打开 SSL — ECDHE-ECDSA-AES 256-GCM-SHA384

IANA— TLS _ _ ECDHE _ ECDSA WITH _ AES _256 GCM _ SHA384

  • ELBSecurityPolicy-TLS13 -1-2-2021-06

  • ELBSecurityPolicy--1-2-TLS13 Res-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13 -1-1-2021-06

  • ELBSecurityPolicy--1-0 TLS13 -2021-06

  • ELBSecurityPolicy--1-2-Ext TLS -2018-06

  • ELBSecurityPolicy--1-2-2017 TLS -01

  • ELBSecurityPolicy--1-1-2017 TLS -01

  • ELBSecurityPolicy-2016-08

c02c

打开 SSL — ECDHE-RSA-AES 256-GCM-SHA384

IANA— TLS _ _ ECDHE _ RSA WITH _ AES _256 GCM _ SHA384

  • ELBSecurityPolicy-TLS13 -1-2-2021-06

  • ELBSecurityPolicy--1-2-TLS13 Res-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13 -1-1-2021-06

  • ELBSecurityPolicy--1-0 TLS13 -2021-06

  • ELBSecurityPolicy--1-2-Ext TLS -2018-06

  • ELBSecurityPolicy--1-2-2017 TLS -01

  • ELBSecurityPolicy--1-1-2017 TLS -01

  • ELBSecurityPolicy-2016-08

c030

打开 SSL — ECDHE-ECDSA-AES 256-SHA384

IANA— TLS _ _ ECDHE _ ECDSA WITH _ AES _256 CBC _ SHA384

  • ELBSecurityPolicy-TLS13 -1-2-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13 -1-1-2021-06

  • ELBSecurityPolicy--1-0 TLS13 -2021-06

  • ELBSecurityPolicy--1-2-Ext TLS -2018-06

  • ELBSecurityPolicy--1-2-2017 TLS -01

  • ELBSecurityPolicy--1-1-2017 TLS -01

  • ELBSecurityPolicy-2016-08

c024

打开 SSL — ECDHE-RSA-AES 256-SHA384

IANA— TLS _ _ ECDHE _ RSA WITH _ AES _256 CBC _ SHA384

  • ELBSecurityPolicy-TLS13 -1-2-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13 -1-1-2021-06

  • ELBSecurityPolicy--1-0 TLS13 -2021-06

  • ELBSecurityPolicy--1-2-Ext TLS -2018-06

  • ELBSecurityPolicy--1-2-2017 TLS -01

  • ELBSecurityPolicy--1-1-2017 TLS -01

  • ELBSecurityPolicy-2016-08

c028

打开 SSL — ECDHE-ECDSA-AES 256-SHA

IANA— TLS _ _ ECDHE _ ECDSA WITH _ AES _256 CBC _ SHA

  • ELBSecurityPolicy-TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13 -1-1-2021-06

  • ELBSecurityPolicy--1-0 TLS13 -2021-06

  • ELBSecurityPolicy--1-2-Ext TLS -2018-06

  • ELBSecurityPolicy--1-1-2017 TLS -01

  • ELBSecurityPolicy-2016-08

c00a

打开 SSL — ECDHE-RSA-AES 256-SHA

IANA— TLS _ _ ECDHE _ RSA WITH _ AES _256 CBC _ SHA

  • ELBSecurityPolicy-TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13 -1-1-2021-06

  • ELBSecurityPolicy--1-0 TLS13 -2021-06

  • ELBSecurityPolicy--1-2-Ext TLS -2018-06

  • ELBSecurityPolicy--1-1-2017 TLS -01

  • ELBSecurityPolicy-2016-08

c014

打开 SSL — AES128-GCM-SHA256

IANA— TLS _ _ RSA WITH _ AES _128 GCM _ SHA256

  • ELBSecurityPolicy-TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13 -1-1-2021-06

  • ELBSecurityPolicy--1-0 TLS13 -2021-06

  • ELBSecurityPolicy--1-2-Ext TLS -2018-06

  • ELBSecurityPolicy--1-2-2017 TLS -01

  • ELBSecurityPolicy--1-1-2017 TLS -01

  • ELBSecurityPolicy-2016-08

9c

打开 SSL — AES128-SHA256

IANA— TLS _ _ RSA WITH _ AES _128 CBC _ SHA256

  • ELBSecurityPolicy-TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13 -1-1-2021-06

  • ELBSecurityPolicy--1-0 TLS13 -2021-06

  • ELBSecurityPolicy--1-2-Ext TLS -2018-06

  • ELBSecurityPolicy--1-2-2017 TLS -01

  • ELBSecurityPolicy--1-1-2017 TLS -01

  • ELBSecurityPolicy-2016-08

3c

打开 SSL — AES128-SHA

IANA— TLS _ _ RSA WITH _ AES _128 CBC _ SHA

  • ELBSecurityPolicy-TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13 -1-1-2021-06

  • ELBSecurityPolicy--1-0 TLS13 -2021-06

  • ELBSecurityPolicy--1-2-Ext TLS -2018-06

  • ELBSecurityPolicy--1-1-2017 TLS -01

  • ELBSecurityPolicy-2016-08

2f

打开 SSL — AES256-GCM-SHA384

IANA— TLS _ _ RSA WITH _ AES _256 GCM _ _ SHA384

  • ELBSecurityPolicy-TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13 -1-1-2021-06

  • ELBSecurityPolicy--1-0 TLS13 -2021-06

  • ELBSecurityPolicy--1-2-Ext TLS -2018-06

  • ELBSecurityPolicy--1-2-2017 TLS -01

  • ELBSecurityPolicy--1-1-2017 TLS -01

  • ELBSecurityPolicy-2016-08

9d

打开 SSL — AES256-SHA256

IANA— TLS _ _ RSA WITH _ AES _256 CBC _ _ SHA256

  • ELBSecurityPolicy-TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13 -1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13 -1-1-2021-06

  • ELBSecurityPolicy--1-0 TLS13 -2021-06

  • ELBSecurityPolicy--1-2-Ext TLS -2018-06

  • ELBSecurityPolicy--1-2-2017 TLS -01

  • ELBSecurityPolicy--1-1-2017 TLS -01

  • ELBSecurityPolicy-2016-08

3d

打开 SSL — AES256-SHA

IANA— TLS _ _ RSA WITH _ AES _256 CBC _ _ SHA

  • ELBSecurityPolicy-TLS13 -1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13 -1-1-2021-06

  • ELBSecurityPolicy--1-0 TLS13 -2021-06

  • ELBSecurityPolicy--1-2-Ext TLS -2018-06

  • ELBSecurityPolicy--1-1-2017 TLS -01

  • ELBSecurityPolicy-2016-08

35

FIPS安全策略

联邦信息处理标准 (FIPS) 是美国和加拿大政府的一项标准,它规定了保护敏感信息的加密模块的安全要求。要了解更多信息,请参阅AWS 云安全合规性页面上的联邦信息处理标准 (FIPS) 140

所有FIPS策略都使用经过 AWS-LC FIPS 验证的加密模块。要了解更多信息,请参阅加密模块验证计划网站上的 AWS-LC NIST 加密模块页面。

重要

策略 ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04 只是为了与旧版兼容而提供。虽然他们使用 FIPS14 0 模块使用FIPS加密技术,但它们可能不符合最新的TLS配置NIST指南。

按策略划分的协议

下表描述了每种FIPS安全策略支持的协议。

安全策略 TLS1.3 TLS1.2 TLS1.1 TLS1.0
ELBSecurityPolicy-TLS13 -1-3--2023-04 FIPS 没有 没有 没有
ELBSecurityPolicy-TLS13 -1-2--2023-04 FIPS 没有 没有
ELBSecurityPolicy-TLS13 -1-2-Res--2023-04 FIPS 没有 没有
ELBSecurityPolicy-TLS13 -1-2-Ext2--2023-04 FIPS 没有 没有
ELBSecurityPolicy-TLS13 -1-2-Ext1--2023-04 FIPS 没有 没有
ELBSecurityPolicy-TLS13 -1-2-Ext0--2023-04 FIPS 没有 没有
ELBSecurityPolicy-TLS13 -1-1--2023-04 FIPS 没有
ELBSecurityPolicy-TLS13 -1-0--2023-04 FIPS

按策略划分的密码

下表描述了每种FIPS安全策略支持的密码。

安全策略 密码
ELBSecurityPolicy-TLS13 -1-3--2023-04 FIPS

  • TLS_ AES _128 GCM _ _ SHA256

  • TLS_ AES _256 GCM _ _ SHA384
ELBSecurityPolicy-TLS13 -1-2--2023-04 FIPS

  • TLS_ AES _128 GCM _ _ SHA256

  • TLS_ AES _256 GCM _ _ SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384
ELBSecurityPolicy-TLS13 -1-2-Res--2023-04 FIPS

  • TLS_ AES _128 GCM _ _ SHA256

  • TLS_ AES _256 GCM _ _ SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384
ELBSecurityPolicy-TLS13 -1-2-Ext2--2023-04 FIPS

  • TLS_ AES _128 GCM _ _ SHA256

  • TLS_ AES _256 GCM _ _ SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy-TLS13 -1-2-Ext1--2023-04 FIPS

  • TLS_ AES _128 GCM _ _ SHA256

  • TLS_ AES _256 GCM _ _ SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES256-GCM-SHA384

  • AES256-SHA256
ELBSecurityPolicy-TLS13 -1-2-Ext0--2023-04 FIPS

  • TLS_ AES _128 GCM _ _ SHA256

  • TLS_ AES _256 GCM _ _ SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA
ELBSecurityPolicy-TLS13 -1-1--2023-04 FIPS

  • TLS_ AES _128 GCM _ _ SHA256

  • TLS_ AES _256 GCM _ _ SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy-TLS13 -1-0--2023-04 FIPS

  • TLS_ AES _128 GCM _ _ SHA256

  • TLS_ AES _256 GCM _ _ SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA

按密码划分的策略

下表描述了支持每种密码FIPS的安全策略。

密码名称 安全策略 密码套件

打开 SSL — TLS _ AES _128 GCM _ _ SHA256

IANA— TLS _ AES _128 GCM _ _ SHA256

  • ELBSecurityPolicy-TLS13 -1-3--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Res--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext0--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-0--2023-04 FIPS

1301

打开 SSL — TLS _ AES _256 GCM _ _ SHA384

IANA— TLS _ AES _256 GCM _ _ SHA384

  • ELBSecurityPolicy-TLS13 -1-3--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Res--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext0--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-0--2023-04 FIPS

1302

打开 SSL — ECDHE-ECDSA-AES 128-GCM-SHA256

IANA— TLS _ _ ECDHE _ ECDSA WITH _ AES _128 GCM _ SHA256

  • ELBSecurityPolicy-TLS13 -1-2-Res--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext0--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-0--2023-04 FIPS

c02b

打开 SSL — ECDHE-RSA-AES 128-GCM-SHA256

IANA— TLS _ _ ECDHE _ RSA WITH _ AES _128 GCM _ SHA256

  • ELBSecurityPolicy-TLS13 -1-2-Res--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext0--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-0--2023-04 FIPS

c02f

打开 SSL — ECDHE-ECDSA-AES 128-SHA256

IANA— TLS _ _ ECDHE _ ECDSA WITH _ AES _128 CBC _ SHA256

  • ELBSecurityPolicy-TLS13 -1-2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext0--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-0--2023-04 FIPS

c023

打开 SSL — ECDHE-RSA-AES 128-SHA256

IANA— TLS _ _ ECDHE _ RSA WITH _ AES _128 CBC _ SHA256

  • ELBSecurityPolicy-TLS13 -1-2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext0--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-0--2023-04 FIPS

c027

打开 SSL — ECDHE-ECDSA-AES 128-SHA

IANA— TLS _ _ ECDHE _ ECDSA WITH _ AES _128 CBC _ SHA

  • ELBSecurityPolicy-TLS13 -1-2-Ext2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext0--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-0--2023-04 FIPS

c009

打开 SSL — ECDHE-RSA-AES 128-SHA

IANA— TLS _ _ ECDHE _ RSA WITH _ AES _128 CBC _ SHA

  • ELBSecurityPolicy-TLS13 -1-2-Ext2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext0--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-0--2023-04 FIPS

c013

打开 SSL — ECDHE-ECDSA-AES 256-GCM-SHA384

IANA— TLS _ _ ECDHE _ ECDSA WITH _ AES _256 GCM _ SHA384

  • ELBSecurityPolicy-TLS13 -1-2-Res--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext0--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-0--2023-04 FIPS

c02c

打开 SSL — ECDHE-RSA-AES 256-GCM-SHA384

IANA— TLS _ _ ECDHE _ RSA WITH _ AES _256 GCM _ SHA384

  • ELBSecurityPolicy-TLS13 -1-2-Res--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext0--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-0--2023-04 FIPS

c030

打开 SSL — ECDHE-ECDSA-AES 256-SHA384

IANA— TLS _ _ ECDHE _ ECDSA WITH _ AES _256 CBC _ SHA384

  • ELBSecurityPolicy-TLS13 -1-2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext0--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-0--2023-04 FIPS

c024

打开 SSL — ECDHE-RSA-AES 256-SHA384

IANA— TLS _ _ ECDHE _ RSA WITH _ AES _256 CBC _ SHA384

  • ELBSecurityPolicy-TLS13 -1-2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext0--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-0--2023-04 FIPS

c028

打开 SSL — ECDHE-ECDSA-AES 256-SHA

IANA— TLS _ _ ECDHE _ ECDSA WITH _ AES _256 CBC _ SHA

  • ELBSecurityPolicy-TLS13 -1-2-Ext2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext0--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-0--2023-04 FIPS

c00a

打开 SSL — ECDHE-RSA-AES 256-SHA

IANA— TLS _ _ ECDHE _ RSA WITH _ AES _256 CBC _ SHA

  • ELBSecurityPolicy-TLS13 -1-2-Ext2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext0--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-0--2023-04 FIPS

c014

打开 SSL — AES128-GCM-SHA256

IANA— TLS _ _ RSA WITH _ AES _128 GCM _ SHA256

  • ELBSecurityPolicy-TLS13 -1-2-Ext2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-0--2023-04 FIPS

9c

打开 SSL — AES128-SHA256

IANA— TLS _ _ RSA WITH _ AES _128 CBC _ SHA256

  • ELBSecurityPolicy-TLS13 -1-2-Ext2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-0--2023-04 FIPS

3c

打开 SSL — AES128-SHA

IANA— TLS _ _ RSA WITH _ AES _128 CBC _ SHA

  • ELBSecurityPolicy-TLS13 -1-2-Ext2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-0--2023-04 FIPS

2f

打开 SSL — AES256-GCM-SHA384

IANA— TLS _ _ RSA WITH _ AES _256 GCM _ _ SHA384

  • ELBSecurityPolicy-TLS13 -1-2-Ext2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-0--2023-04 FIPS

9d

打开 SSL — AES256-SHA256

IANA— TLS _ _ RSA WITH _ AES _256 CBC _ _ SHA256

  • ELBSecurityPolicy-TLS13 -1-2-Ext2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-2-Ext1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-0--2023-04 FIPS

3d

打开 SSL — AES256-SHA

IANA— TLS _ _ RSA WITH _ AES _256 CBC _ _ SHA

  • ELBSecurityPolicy-TLS13 -1-2-Ext2--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-1--2023-04 FIPS

  • ELBSecurityPolicy-TLS13 -1-0--2023-04 FIPS

35

FIPS 支持的安全策略

FS(前向保密)支持的安全策略通过使用唯一的随机会话密钥提供了额外的保护措施,防止加密数据侦听。即使秘密的长期密钥被泄露,这也可以防止对捕获的数据进行解码。

按策略划分的协议

下表描述了每个 FS 支持的安全策略支持的协议。

安全策略 TLS1.3 TLS1.2 TLS1.1 TLS1.0
ELBSecurityPolicy-fs-1-2-res-2020-10 没有 没有 没有
ELBSecurityPolicy-fs-1-2-res-2019-08 没有 没有 没有
ELBSecurityPolicy-FS-1-2-2019-08 没有 没有 没有
ELBSecurityPolicy-FS-1-1-2019-08 没有 没有
ELBSecurityPolicy-fs-2018-06 没有

按策略划分的密码

下表描述了每个 FS 支持的安全策略支持的密码。

安全策略 密码
ELBSecurityPolicy-fs-1-2-res-2020-10

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384
ELBSecurityPolicy-fs-1-2-res-2019-08

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384
ELBSecurityPolicy-FS-1-2-2019-08

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA
ELBSecurityPolicy-FS-1-1-2019-08

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA
ELBSecurityPolicy-fs-2018-06

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA

按密码划分的策略

下表描述了支持每个密码的 FS 支持的安全策略。

密码名称 安全策略 密码套件

打开 SSL — ECDHE-ECDSA-AES 128-GCM-SHA256

IANA— TLS _ _ ECDHE _ ECDSA WITH _ AES _128 GCM _ SHA256

  • ELBSecurityPolicy-fs-1-2-res-2020-10

  • ELBSecurityPolicy-fs-1-2-res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-fs-2018-06

c02b

打开 SSL — ECDHE-RSA-AES 128-GCM-SHA256

IANA— TLS _ _ ECDHE _ RSA WITH _ AES _128 GCM _ SHA256

  • ELBSecurityPolicy-fs-1-2-res-2020-10

  • ELBSecurityPolicy-fs-1-2-res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-fs-2018-06

c02f

打开 SSL — ECDHE-ECDSA-AES 128-SHA256

IANA— TLS _ _ ECDHE _ ECDSA WITH _ AES _128 CBC _ SHA256

  • ELBSecurityPolicy-fs-1-2-res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-fs-2018-06

c023

打开 SSL — ECDHE-RSA-AES 128-SHA256

IANA— TLS _ _ ECDHE _ RSA WITH _ AES _128 CBC _ SHA256

  • ELBSecurityPolicy-fs-1-2-res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-fs-2018-06

c027

打开 SSL — ECDHE-ECDSA-AES 128-SHA

IANA— TLS _ _ ECDHE _ ECDSA WITH _ AES _128 CBC _ SHA

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-fs-2018-06

c009

打开 SSL — ECDHE-RSA-AES 128-SHA

IANA— TLS _ _ ECDHE _ RSA WITH _ AES _128 CBC _ SHA

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-fs-2018-06

c013

打开 SSL — ECDHE-ECDSA-AES 256-GCM-SHA384

IANA— TLS _ _ ECDHE _ ECDSA WITH _ AES _256 GCM _ SHA384

  • ELBSecurityPolicy-fs-1-2-res-2020-10

  • ELBSecurityPolicy-fs-1-2-res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-fs-2018-06

c02c

打开 SSL — ECDHE-RSA-AES 256-GCM-SHA384

IANA— TLS _ _ ECDHE _ RSA WITH _ AES _256 GCM _ SHA384

  • ELBSecurityPolicy-fs-1-2-res-2020-10

  • ELBSecurityPolicy-fs-1-2-res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-fs-2018-06

c030

打开 SSL — ECDHE-ECDSA-AES 256-SHA384

IANA— TLS _ _ ECDHE _ ECDSA WITH _ AES _256 CBC _ SHA384

  • ELBSecurityPolicy-fs-1-2-res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-fs-2018-06

c024

打开 SSL — ECDHE-RSA-AES 256-SHA384

IANA— TLS _ _ ECDHE _ RSA WITH _ AES _256 CBC _ SHA384

  • ELBSecurityPolicy-fs-1-2-res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-fs-2018-06

c028

打开 SSL — ECDHE-ECDSA-AES 256-SHA

IANA— TLS _ _ ECDHE _ ECDSA WITH _ AES _256 CBC _ SHA

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-fs-2018-06

c00a

打开 SSL — ECDHE-RSA-AES 256-SHA

IANA— TLS _ _ ECDHE _ RSA WITH _ AES _256 CBC _ SHA

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-fs-2018-06

c014