chalbersma
commented
10 months ago I'd like to +1 these recommendations it looks like it matches AWS's updated docs on the subject too.
Open kepstin opened 1 year ago
chalbersma
commented
10 months ago I'd like to +1 these recommendations it looks like it matches AWS's updated docs on the subject too.
From this accouncement: https://aws.amazon.com/about-aws/whats-new/2023/03/application-load-balancer-tls-1-3/ TLSv1.3 support is now generally available in AWS ALB. They have added a new set of security policies that enable TLSv1.3. I have selected the following policies which are the closest fit to the Mozilla server side TLS recommendations:
Old: Remains
TLS-1-0-2015-04. This policy doesn't support TLSv1.3, but it is the only policy available which supports DES-CBC3-SHA.Intermediate: Switched from
FS-1-2-Res-2019-08toTLS13-1-2-2021-06. These two policies support the same set of TLSv1.2 ciphers, but the newer one also adds TLSv1.3 support.Modern: Can be supported now, using
TLS13-1-3-2021-06.