When you use the latest SSL security policy for your app-tier ELBs you make sure that the SSL/TLS connection is negotiated using only the necessary cryptographic protocols deemed safe with no proven vulnerabilities. This will secure the connection between the clients and the AWS ELB, and protect against security vulnerabilities such as Logjam and FREAK, that may allow attackers to decrypt secure communications between vulnerable clients and your load balancer.
1. Sign in to the AWS Management Console.
2. Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.
3. In the navigation panel, under LOAD BALANCING, click Load Balancers.
4. Select the ALB that you want to reconfigure.
5. Select the Listeners tab from the bottom panel and click on the Listener to be modified.
6. Click on the Edit listeners button.
7. Within the Security Policy drop down choose the latest security policy available in the dropdown list (e.g. “ELBSecurityPolicy-2016-08”).
8. Click on the Default SSL Certificate and choose one of the following options: