ELB HTTPS listeners should use secure TLS protocol versions (1.2 and above)

Description

The TLS (Transport Layer Security) protocol secures transmission of data over the internet using standard encryption technology. Encryption should be set with the latest version of TLS where possible. Versions prior to TLS 1.2 are deprecated and usage may pose security risks.

Console Remediation Steps

CLI Remediation Steps

Select your Certificate type from the following:

To replace an SSL certificate with a certificate provided by ACM:

  • Use the following request-certificate command to request a new certificate:

aws acm request-certificate --domain-name www.example.com
  • Use the following set-load-balancer-listener-ssl-certificate command to set the certificate:

aws elb set-load-balancer-listener-ssl-certificate --load-balancer-name my-load-balancer --load-balancer-port 443 --ssl-certificate-id arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012

To replace an SSL certificate with a certificate uploaded to IAM:

aws iam get-server-certificate --server-certificate-name my-new-certificate
  • Use the following set-load-balancer-listener-ssl-certificate command to set the certificate:

aws elb set-load-balancer-listener-ssl-certificate --load-balancer-name my-load-balancer --load-balancer-port 443 --ssl-certificate-id arn:aws:iam::123456789012:server-certificate/my-new-certificate