Check your Elastic Load Balancers Secure Socket Layer (SSL) negotiation configuration (security policy) for any cipher suites that demonstrate vulnerabilities or have been rendered insecure by recent exploits.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Using insecure and deprecated ciphers for your ELB Predefined Security Policy or Custom Security Policy could make the SSL connection between the client and the load balancer vulnerable to exploits. If your ELB SSL negotiation configuration use outdated cipher suites, we highly recommend that you update it using the information provided in this guide (see Remediation/Resolution section).
To determine if your ELB Predefined Security Policy use insecure ciphers, perform the following:
To remove any insecure cipher definitions from your ELB SSL negotiation settings, you need to perform the following: