From this accouncement:
https://aws.amazon.com/about-aws/whats-new/2023/03/application-load-balancer-tls-1-3/ TLSv1.3 support is now generally available in AWS ALB. They have added a new set of security policies that enable TLSv1.3. I have selected the following policies which are the closest fit to the Mozilla server side TLS recommendations:
Old:
Remains TLS-1-0-2015-04. This policy doesn't support TLSv1.3, but it is the only policy available which supports DES-CBC3-SHA.
Intermediate:
Switched from FS-1-2-Res-2019-08 to TLS13-1-2-2021-06. These two policies support the same set of TLSv1.2 ciphers, but the newer one also adds TLSv1.3 support.
Modern:
Can be supported now, using TLS13-1-3-2021-06.
From this accouncement: https://aws.amazon.com/about-aws/whats-new/2023/03/application-load-balancer-tls-1-3/ TLSv1.3 support is now generally available in AWS ALB. They have added a new set of security policies that enable TLSv1.3. I have selected the following policies which are the closest fit to the Mozilla server side TLS recommendations:
Old: Remains
TLS-1-0-2015-04
. This policy doesn't support TLSv1.3, but it is the only policy available which supports DES-CBC3-SHA.Intermediate: Switched from
FS-1-2-Res-2019-08
toTLS13-1-2-2021-06
. These two policies support the same set of TLSv1.2 ciphers, but the newer one also adds TLSv1.3 support.Modern: Can be supported now, using
TLS13-1-3-2021-06
.