AWS_ELB_63

Ensure all ALB secured listener certificates are greater than 7 days from Expiration

Description

When you use the latest SSL security policy for your app-tier ELBs you make sure that the SSL/TLS connection is negotiated using only the necessary cryptographic protocols deemed safe with no proven vulnerabilities. This will secure the connection between the clients and the AWS ELB, and protect against security vulnerabilities such as Logjam and FREAK, that may allow attackers to decrypt secure communications between vulnerable clients and your load balancer.

Remediation

1. Sign in to the AWS Management Console.

2. Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

3. In the navigation panel, under LOAD BALANCING, click Load Balancers.

4. Select the ALB that you want to reconfigure.

5. Select the Listeners tab from the bottom panel and click on the Listener to be modified.

6. Click on the Edit listeners button.

7. Within the Security Policy drop down choose the latest security policy available in the dropdown list (e.g. “ELBSecurityPolicy-2016-08”).

8. Click on the Default SSL Certificate and choose one of the following options:

&bull

Service

ELB

Severity

High

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!