AWS_ELB_61

Ensure all ELB secured listener certificates are greater than 7 days from Expiration

Description

When you use the latest SSL security policy for your app-tier ELBs you make sure that the SSL/TLS connection is negotiated using only the necessary cryptographic protocols deemed safe with no proven vulnerabilities. This will secure the connection between the clients and the AWS ELB, and protect against security vulnerabilities such as Logjam and FREAK, that may allow attackers to decrypt secure communications between vulnerable clients and your load balancer.

Remediation

1. Sign in to the AWS Management Console.

2. Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

3. In the navigation panel, under LOAD BALANCING, click Load Balancers.

4. Select the ALB that you want to reconfigure.

5. Select the Listeners tab from the bottom panel and click the Edit button under the available listener(s).

6. Inside the Edit listeners dialog box, choose the HTTPS/SSL protocol in use and in the Cipher column click Change to edit the SSL negotiation settings for the selected listener.

7. Within Select a Cipher dialog box, select Predefined Security Policy checkbox and choose the latest security policy available in the dropdown list (e.g. “ELBSecurityPolicy-2016-08”). Once the appropriate SSL security policy is selected, click Save to apply the changes.

8. Repeat steps no. 4 &ndash

Service

ELB

Severity

Medium

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!