Skip to main content

lacework-global-182

Ensure Elastic Load Balancer (ELB) has latest Secure Cipher policies Configured for Session Encryption

Description

Best practices recommend your Elastic Load Balancers use one of the following newer SSL ciphers for session encryption:

ELBSecurityPolicy-2016-08

ELBSecurityPolicy-TLS-1-1-2017-01

ELBSecurityPolicy-TLS-1-2-2017-01

A violation exists when using an SSL cipher not listed for your ELBs.

Remediation

  1. Log in to the AWS Management Console.

  2. Click Services.

  3. Select Compute > EC2.

  4. In the left frame of the EC2 Dashboard, select Load Balancing > Load Balancers.

  5. Select the Load Balancer that has the violation reported by Lacework.

  6. At the bottom of the page, select the Listeners tab.

  7. Click Edit.

  8. Under Load Balancer Protocol, select HTTPS.

  9. In the Cipher column, click Change.

  10. In the Predefined Security Policy drop-down select one of the following newer SSL ciphers for session encryption:

    ELBSecurityPolicy-2016-08

    ELBSecurityPolicy-TLS-1-1-2017-01

    ELBSecurityPolicy-TLS-1-2-2017-01

  11. Click save to confirm the change.

  12. Click save again to finish updating the listener.

Last updated on