Check your Elastic Load Balancers Secure Socket Layer (SSL) negotiation configuration (security policy) for any cipher suites that demonstrate vulnerabilities or have been rendered insecure by recent exploits.
This rule can help you with the following compliance standards:
- Payment Card Industry Data Security Standard (PCI DSS)
- Health Insurance Portability and Accountability Act (HIPAA)
- NIST 800-53 (Rev. 4)
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Using insecure and deprecated ciphers for your ELB Predefined Security Policy or Custom Security Policy could make the SSL connection between the client and the load balancer vulnerable to exploits. If your ELB SSL negotiation configuration use outdated cipher suites, we highly recommend that you update it using the information provided in this guide (see Remediation/Resolution section).
To determine if your ELB Predefined Security Policy use insecure ciphers, perform the following:
Remediation / Resolution
To remove any insecure cipher definitions from your ELB SSL negotiation settings, you need to perform the following:
- AWS Documentation
- What Is Elastic Load Balancing?
- SSL Negotiation Configurations for Elastic Load Balancing
- Predefined SSL Security Policies for Elastic Load Balancing
- SSL Security Policies for Elastic Load Balancing
- Update the SSL Negotiation Configuration of Your Load Balancer
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
ELB Insecure SSL Ciphers
Risk level: Medium