Skip to main content

lacework-global-182

Ensure ELB has latest Secure Cipher policies Configured for Session Encryption

Description

It is recommended that your Elastic Load Balancers use one of the following newer SSL ciphers for session encryption:

ELBSecurityPolicy-2016-08

ELBSecurityPolicy-TLS-1-1-2017-01

ELBSecurityPolicy-TLS-1-2-2017-01

A violation is reported when an SSL cipher not listed above is configured for your ELBs.

Remediation

  1. Log in to the AWS Management Console.

  2. Click Services.

  3. Select Compute > EC2.

  4. In the left frame of the EC2 Dashboard, select LOAD BALANCING > Load Balancers.

  5. Select the Load Balancer that has the violation reported by Lacework.

  6. At the bottom of the page, select the Listeners tab.

  7. Click Edit.

  8. Under Load Balancer Protocol, select HTTPS.

  9. In the Cipher column, click Change.

  10. In the Predefined Security Policy drop-down select one of the following newer SSL ciphers for session encryption:

    ELBSecurityPolicy-2016-08

    ELBSecurityPolicy-TLS-1-1-2017-01

    ELBSecurityPolicy-TLS-1-2-2017-01

  11. Click save to confirm the change.

  12. Click save again to finish updating the listener.