Elastic Load Balancing uses a TLS negotiation configuration, known as a security policy, to negotiate TLS connections between a client and the load balancer. The ELBSecurityPolicy-2016-08 security policy is always used for backend connections. Network Load Balancers do not support custom security policies. When you create a TLS listener, you can select the security policy that meets your needs. When a new security policy is added, you can update your TLS listener to use the new security policy.
1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
2. On the navigation pane, under LOAD BALANCING, choose Load Balancers
3. Select the load balancer and choose Listeners
4. Select the check box for the TLS listener and choose Edit
5. For Security policy, choose a security policy
6. Choose Update
References : https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html