Network Load Balancer 的安全政策 - Elastic Load Balancing
TLS 安全政策FIPS 安全政策FS 支援的安全政策

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

Network Load Balancer 的安全政策

建立 TLS 接聽程式時,您必須選取安全政策。安全政策會決定負載平衡器和用戶端在 SSL 交涉期間支援哪些密碼和通訊協定。如果您的需求變更或當我們發佈新的安全政策時,您可以更新負載平衡器的安全政策。如需詳細資訊,請參閱更新安全政策

考量事項

  • ELBSecurityPolicy-TLS13-1-2-2021-06政策是使用 建立的 TLS 接聽程式的預設安全政策 AWS Management Console。

    • 我們建議使用包含 TLS 1.3 ELBSecurityPolicy-TLS13-1-2-2021-06的安全政策,且與 TLS 1.2 向下相容。

  • ELBSecurityPolicy-2016-08政策是使用 建立的 TLS 接聽程式的預設安全政策 AWS CLI。

  • 您可以選擇用於前端連線的安全政策,但不能選擇後端連線。

    • 對於後端連線,如果您的 TLS 接聽程式使用 TLS 1.3 安全政策,則會使用ELBSecurityPolicy-TLS13-1-0-2021-06安全政策。否則會將 ELBSecurityPolicy-2016-08 安全政策用於後端連線。

  • 您可以啟用存取日誌,以取得傳送至 Network Load Balancer 的 TLS 請求相關資訊、分析 TLS 流量模式、管理安全政策升級,以及疑難排解問題。啟用負載平衡器的存取日誌,並檢查對應的存取日誌項目。如需詳細資訊,請參閱存取日誌Network Load Balancer 範例查詢

  • 您可以分別在 IAM 和服務控制政策 (SCPs) 中使用 Elastic Load Balancing 條件金鑰 AWS 帳戶 ,來限制使用者 AWS Organizations 可使用的安全政策。如需詳細資訊,請參閱 AWS Organizations 使用者指南中的服務控制政策 (SCPs)

您可以使用 describe-ssl-policies AWS CLI 命令描述通訊協定和密碼,或參考下表。

TLS 安全政策

您可以使用 TLS 安全政策來滿足需要停用特定 TLS 通訊協定版本的合規和安全標準,或支援需要已取代密碼的舊版用戶端。

依政策的通訊協定

下表說明每個 TLS 安全政策支援的通訊協定。

安全政策 TLS 1.3 TLS 1.2 TLS 1.1 TLS 1.0
ELBSecurityPolicy-TLS13-1-3-2021-06
ELBSecurityPolicy-TLS13-1-2-2021-06
ELBSecurityPolicy-TLS13-1-2-Res-2021-06
ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06
ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06
ELBSecurityPolicy-TLS13-1-1-2021-06
ELBSecurityPolicy-TLS13-1-0-2021-06
ELBSecurityPolicy-TLS-1-2-Ext-2018-06
ELBSecurityPolicy-TLS-1-2-2017-01
ELBSecurityPolicy-TLS-1-1-2017-01
ELBSecurityPolicy-2016-08
ELBSecurityPolicy-2015-05

依政策的 Ciphers

下表說明每個 TLS 安全政策支援的密碼。

安全政策 加密方式
ELBSecurityPolicy-TLS13-1-3-2021-06

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256
ELBSecurityPolicy-TLS13-1-2-2021-06

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384
ELBSecurityPolicy-TLS13-1-2-Res-2021-06

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384
ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES256-GCM-SHA384

  • AES256-SHA256
ELBSecurityPolicy-TLS13-1-1-2021-06

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy-TLS13-1-0-2021-06

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy-TLS-1-2-2017-01

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES256-GCM-SHA384

  • AES256-SHA256
ELBSecurityPolicy-TLS-1-1-2017-01

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy-2016-08

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy-2015-05

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA

依密碼顯示政策

下表說明支援每個密碼的 TLS 安全政策。

密碼名稱 安全政策 密碼套件

OpenSSL – TLS_AES_128_GCM_SHA256

IANA – TLS_AES_128_GCM_SHA256

  • ELBSecurityPolicy-TLS13-1-3-2021-06

  • ELBSecurityPolicy-TLS13-1-2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Res-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

1301

OpenSSL – TLS_AES_256_GCM_SHA384

IANA – TLS_AES_256_GCM_SHA384

  • ELBSecurityPolicy-TLS13-1-3-2021-06

  • ELBSecurityPolicy-TLS13-1-2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Res-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

1302

OpenSSL – TLS_CHACHA20_POLY1305_SHA256

IANA – TLS_CHACHA20_POLY1305_SHA256

  • ELBSecurityPolicy-TLS13-1-3-2021-06

  • ELBSecurityPolicy-TLS13-1-2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Res-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

1303

OpenSSL – ECDHE-ECDSA-AES128-GCM-SHA256

IANA – TLS_ECDHE_ECDSA_WITH_Word_AES_128_GCM_SHA256

  • ELBSecurityPolicy-TLS13-1-2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Res-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c02b

OpenSSL – ECDHE-RSA-AES128-GCM-SHA256

IANA – TLS_ECDHE_RSA_WITH_Word_AES_128_GCM_SHA256

  • ELBSecurityPolicy-TLS13-1-2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Res-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c02f

OpenSSL – ECDHE-ECDSA-AES128-SHA256

IANA – TLS_ECDHE_ECDSA_WITH_Word_AES_128_CBC_SHA256

  • ELBSecurityPolicy-TLS13-1-2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c023

OpenSSL – ECDHE-RSA-AES128-SHA256

IANA – TLS_ECDHE_RSA_WITH_Word_AES_128_CBC_SHA256

  • ELBSecurityPolicy-TLS13-1-2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c027

OpenSSL – ECDHE-ECDSA-AES128-SHA

IANA – TLS_ECDHE_ECDSA_WITH_Word_AES_128_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c009

OpenSSL – ECDHE-RSA-AES128-SHA

IANA – TLS_ECDHE_RSA_WITH_Word_AES_128_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c013

OpenSSL – ECDHE-ECDSA-AES256-GCM-SHA384

IANA – TLS_ECDHE_ECDSA_WITH_Word_AES_256_GCM_SHA384

  • ELBSecurityPolicy-TLS13-1-2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Res-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c02c

OpenSSL – ECDHE-RSA-AES256-GCM-SHA384

IANA – TLS_ECDHE_RSA_WITH_Word_AES_256_GCM_SHA384

  • ELBSecurityPolicy-TLS13-1-2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Res-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c030

OpenSSL – ECDHE-ECDSA-AES256-SHA384

IANA – TLS_ECDHE_ECDSA_WITH_Word_AES_256_CBC_SHA384

  • ELBSecurityPolicy-TLS13-1-2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c024

OpenSSL – ECDHE-RSA-AES256-SHA384

IANA – TLS_ECDHE_RSA_WITH_Word_AES_256_CBC_SHA384

  • ELBSecurityPolicy-TLS13-1-2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c028

OpenSSL – ECDHE-ECDSA-AES256-SHA

IANA – TLS_ECDHE_ECDSA_WITH_Word_AES_256_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c00a

OpenSSL – ECDHE-RSA-AES256-SHA

IANA – TLS_ECDHE_RSA_WITH_Word_AES_256_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c014

OpenSSL – AES128-GCM-SHA256

IANA – TLS_RSA_WITH_AES_Word_128_GCM_SHA256

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

9c

OpenSSL – AES128-SHA256

IANA – TLS_RSA_WITH_AES_Word_128_CBC_SHA256

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

3c

OpenSSL – AES128-SHA

IANA – TLS_RSA_WITH_Word_AES_128_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

2f

OpenSSL – AES256-GCM-SHA384

IANA – TLS_RSA_WITH_Word_AES_256_GCM_SHA384

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

9 天

OpenSSL – AES256-SHA256

IANA – TLS_RSA_WITH_Word_AES_256_CBC_SHA256

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

3d

OpenSSL – AES256-SHA

IANA – TLS_RSA_WITH_Word_AES_256_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

35

FIPS 安全政策

聯邦資訊處理標準 (FIPS) 是美國和加拿大政府標準,指定保護敏感資訊之密碼編譯模組的安全要求。若要進一步了解,請參閱AWS 雲端安全合規頁面上的聯邦資訊處理標準 (FIPS) 140

所有 FIPS 政策都利用 AWS-LC FIPS 驗證密碼編譯模組。若要進一步了解,請參閱 AWS 密碼編譯模組驗證計劃網站上的 Word-LC 密碼編譯模組NIST頁面。

重要

政策 ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04 僅供舊版相容性使用。雖然他們使用 FIPS0 模組來使用 FIPS14 密碼編譯,但可能不符合 NIST 組態的最新 TLS 指南。

依政策的通訊協定

下表說明每個 FIPS 安全政策支援的通訊協定。

安全政策 TLS 1.3 TLS 1.2 TLS 1.1 TLS 1.0
ELBSecurityPolicy-TLS13-1-3-FIPS-2023-04
ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04
ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04
ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04
ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04
ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04
ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04
ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

依政策的 Ciphers

下表說明每個 FIPS 安全政策支援的密碼。

安全政策 加密方式
ELBSecurityPolicy-TLS13-1-3-FIPS-2023-04

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384
ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384
ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384
ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES256-GCM-SHA384

  • AES256-SHA256
ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA
ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA

依密碼顯示政策

下表說明支援每個密碼的 FIPS 安全政策。

密碼名稱 安全政策 密碼套件

OpenSSL – TLS_AES_128_GCM_SHA256

IANA – TLS_AES_128_GCM_SHA256

  • ELBSecurityPolicy-TLS13-1-3-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

1301

OpenSSL – TLS_AES_256_GCM_SHA384

IANA – TLS_AES_256_GCM_SHA384

  • ELBSecurityPolicy-TLS13-1-3-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

1302

OpenSSL – ECDHE-ECDSA-AES128-GCM-SHA256

IANA – TLS_ECDHE_ECDSA_WITH_Word_AES_128_GCM_SHA256

  • ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

c02b

OpenSSL – ECDHE-RSA-AES128-GCM-SHA256

IANA – TLS_ECDHE_RSA_WITH_Word_AES_128_GCM_SHA256

  • ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

c02f

OpenSSL – ECDHE-ECDSA-AES128-SHA256

IANA – TLS_ECDHE_ECDSA_WITH_Word_AES_128_CBC_SHA256

  • ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

c023

OpenSSL – ECDHE-RSA-AES128-SHA256

IANA – TLS_ECDHE_RSA_WITH_Word_AES_128_CBC_SHA256

  • ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

c027

OpenSSL – ECDHE-ECDSA-AES128-SHA

IANA – TLS_ECDHE_ECDSA_WITH_Word_AES_128_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

c009

OpenSSL – ECDHE-RSA-AES128-SHA

IANA – TLS_ECDHE_RSA_WITH_Word_AES_128_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

c013

OpenSSL – ECDHE-ECDSA-AES256-GCM-SHA384

IANA – TLS_ECDHE_ECDSA_WITH_Word_AES_256_GCM_SHA384

  • ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

c02c

OpenSSL – ECDHE-RSA-AES256-GCM-SHA384

IANA – TLS_ECDHE_RSA_WITH_Word_AES_256_GCM_SHA384

  • ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

c030

OpenSSL – ECDHE-ECDSA-AES256-SHA384

IANA – TLS_ECDHE_ECDSA_WITH_Word_AES_256_CBC_SHA384

  • ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

c024

OpenSSL – ECDHE-RSA-AES256-SHA384

IANA – TLS_ECDHE_RSA_WITH_Word_AES_256_CBC_SHA384

  • ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

c028

OpenSSL – ECDHE-ECDSA-AES256-SHA

IANA – TLS_ECDHE_ECDSA_WITH_Word_AES_256_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

c00a

OpenSSL – ECDHE-RSA-AES256-SHA

IANA – TLS_ECDHE_RSA_WITH_Word_AES_256_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

c014

OpenSSL – AES128-GCM-SHA256

IANA – TLS_RSA_WITH_Word_AES_128_GCM_SHA256

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

9c

OpenSSL – AES128-SHA256

IANA – TLS_RSA_WITH_Word_AES_128_CBC_SHA256

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

3c

OpenSSL – AES128-SHA

IANA – TLS_RSA_WITH_Word_AES_128_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

2f

OpenSSL – AES256-GCM-SHA384

IANA – TLS_RSA_WITH_Word_AES_256_GCM_SHA384

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

9d

OpenSSL – AES256-SHA256

IANA – TLS_RSA_WITH_Word_AES_256_CBC_SHA256

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

3d

OpenSSL – AES256-SHA

IANA – TLS_RSA_WITH_Word_AES_256_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

35

FS 支援的安全政策

FS (Forward Secrecy) 支援的安全政策透過使用唯一的隨機工作階段金鑰,提供額外的保護,防止加密資料的竊聽。這可防止擷取的資料解碼,即使機密長期金鑰遭到入侵。

依政策的通訊協定

下表說明每個 FS 支援的安全政策支援的通訊協定。

安全政策 TLS 1.3 TLS 1.2 TLS 1.1 TLS 1.0
ELBSecurityPolicy-FS-1-2-Res-2020-10
ELBSecurityPolicy-FS-1-2-Res-2019-08
ELBSecurityPolicy-FS-1-2-2019-08
ELBSecurityPolicy-FS-1-1-2019-08
ELBSecurityPolicy-FS-2018-06

依政策的 Ciphers

下表說明每個 FS 支援的安全政策所支援的密碼。

安全政策 加密方式
ELBSecurityPolicy-FS-1-2-Res-2020-10

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384
ELBSecurityPolicy-FS-1-2-Res-2019-08

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384
ELBSecurityPolicy-FS-1-2-2019-08

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA
ELBSecurityPolicy-FS-1-1-2019-08

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA
ELBSecurityPolicy-FS-2018-06

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA

依密碼顯示政策

下表說明支援每個密碼的 FS 支援安全政策。

密碼名稱 安全政策 密碼套件

OpenSSL – ECDHE-ECDSA-AES128-GCM-SHA256

IANA – TLS_ECDHE_ECDSA_WITH_Word_AES_128_GCM_SHA256

  • ELBSecurityPolicy-FS-1-2-Res-2020-10

  • ELBSecurityPolicy-FS-1-2-Res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c02b

OpenSSL – ECDHE-RSA-AES128-GCM-SHA256

IANA – TLS_ECDHE_RSA_WITH_Word_AES_128_GCM_SHA256

  • ELBSecurityPolicy-FS-1-2-Res-2020-10

  • ELBSecurityPolicy-FS-1-2-Res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c02f

OpenSSL – ECDHE-ECDSA-AES128-SHA256

IANA – TLS_ECDHE_ECDSA_WITH_Word_AES_128_CBC_SHA256

  • ELBSecurityPolicy-FS-1-2-Res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c023

OpenSSL – ECDHE-RSA-AES128-SHA256

IANA – TLS_ECDHE_RSA_WITH_Word_AES_128_CBC_SHA256

  • ELBSecurityPolicy-FS-1-2-Res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c027

OpenSSL – ECDHE-ECDSA-AES128-SHA

IANA – TLS_ECDHE_ECDSA_WITH_Word_AES_128_CBC_SHA

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c009

OpenSSL – ECDHE-RSA-AES128-SHA

IANA – TLS_ECDHE_RSA_WITH_Word_AES_128_CBC_SHA

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c013

OpenSSL – ECDHE-ECDSA-AES256-GCM-SHA384

IANA – TLS_ECDHE_ECDSA_WITH_Word_AES_256_GCM_SHA384

  • ELBSecurityPolicy-FS-1-2-Res-2020-10

  • ELBSecurityPolicy-FS-1-2-Res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c02c

OpenSSL – ECDHE-RSA-AES256-GCM-SHA384

IANA – TLS_ECDHE_RSA_WITH_Word_AES_256_GCM_SHA384

  • ELBSecurityPolicy-FS-1-2-Res-2020-10

  • ELBSecurityPolicy-FS-1-2-Res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c030

OpenSSL – ECDHE-ECDSA-AES256-SHA384

IANA – TLS_ECDHE_ECDSA_WITH_Word_AES_256_CBC_SHA384

  • ELBSecurityPolicy-FS-1-2-Res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c024

OpenSSL – ECDHE-RSA-AES256-SHA384

IANA – TLS_ECDHE_RSA_WITH_Word_AES_256_CBC_SHA384

  • ELBSecurityPolicy-FS-1-2-Res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c028

OpenSSL – ECDHE-ECDSA-AES256-SHA

IANA – TLS_ECDHE_ECDSA_WITH_Word_AES_256_CBC_SHA

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c00a

OpenSSL – ECDHE-RSA-AES256-SHA

IANA – TLS_ECDHE_RSA_WITH_Word_AES_256_CBC_SHA

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c014