Ensure that your web-tier Elastic Load Balancers (ELBs) listeners are using the latest AWS security policy for their SSL negotiation configuration. An SSL security policy is a combination of SSL/TLS protocols and ciphers used by your AWS ELBs to negotiate SSL/TLS connections between web application clients and the load balancers. This conformity rule assumes that all AWS resources (including ELBs) created within your web tier are tagged with <web_tier_tag>:<web_tier_tag_value>, where <web_tier_tag> represents the tag name and <web_tier_tag_value> represents the tag value. Prior to running this rule by the Cloud Conformity engine, the web-tier tags must be configured in the rule settings, on your account dashboard
When you use the latest SSL security policy for your web-tier ELBs you make sure that the SSL/TLS connection is negotiated using only the appropriate cryptographic protocols deemed safe with no proven vulnerabilities. This configuration will secure the connection between the web clients and the AWS ELB, and protect against security exploits such as Logjam and FREAK, that may allow attackers to decrypt secure communications between vulnerable clients and your load balancer. Note: Make sure that you replace all <web_tier_tag>:<web_tier_tag_value> tag placeholders found in the conformity rule content with your own tag name and value created for the web tier.
To determine if your web-tier ELBs are using the latest SSL security policy, perform the following actions:
To enable the latest predefined SSL security policy for your web-tier ELBs, perform the following actions