[Ach] ELB SSL recommendations

Tim Lucas t at toolmantim.com
Sun May 25 13:07:43 CEST 2014


Hi,

Many of us on EC2 are now using ELB instead of Nginx/Apache for SSL termination. It'd be great to see an up-to-date recommended SSL configuration for ELB.

AWS updated their own recommended security policies for ELB in February, mostly for perfect forward secrecy:
https://aws.amazon.com/blogs/aws/elastic-load-balancing-perfect-forward-secrecy-and-other-security-enhancements/
https://aws.amazon.com/about-aws/whats-new/2014/02/19/elastic-load-balancing-perfect-forward-secrecy-and-more-new-security-features/
https://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-ssl-security-policy.html

I'd love to see their recommended pre-baked policy (ELBSecurityPolicy-2014-01) peer reviewed, and/or a recommended security policy included in ACH.

Regards,
Tim




More information about the Ach mailing list