AWS_ELB_72

Recommended SSL/TLS protocol version

Description

Using insecure ciphers for your ELB Predefined or Custom Security Policy, could make the SSL connection between the client and the load balancer vulnerable to exploits. TLS 1.0 was recommended to be disabled by PCI Council after June 30, 2016

Remediation

Login to the AWS Management Console.
– Navigate to EC2 dashboard
– In the navigation panel, under Load balancing, click Load Balancers.
– Select your Elastic Load Balancer.
– Select the Listeners tab from the bottom panel. In the Cipher column of the HTTPS listener, click Change:
Scan the SSL Ciphers section for any insecure / deprecated cipher definitions.
The following list defines all the insecure ciphers that require to be removed: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-security-policy-table.html

Service

ELB

Severity

High

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!