Best practices

Ensure ELB does not allow insecure or deprecated SSL ciphers

Risk Level

Informational (4)



ELBs are using deprecated and/or insecure SSL ciphers or protocols to encrypt communication with clients. For example, the ELBSecurityPolicy-2016-08 predefined security policy uses Protocol-TLSv1, which is no longer considered secure. Using an insecure protocol or cipher may allow malicious actors to intercept your communication channel and potentially even decrypt data.
  • Recommended Mitigation

    Ensure that your ELBs always use the latest predefined security policies, which in turn, have the latest versions of SSL ciphers and protocols.