Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
# Kebijakan keamanan SSL yang telah ditentukan sebelumnya untuk Classic Load Balancer
Anda dapat memilih salah satu kebijakan keamanan yang telah ditentukan untuk pendengar HTTPS/SSL Anda. Anda dapat menggunakan salah satu `ELBSecurityPolicy-TLS` kebijakan untuk memenuhi standar kepatuhan dan keamanan yang mengharuskan menonaktifkan versi protokol TLS tertentu. Atau, Anda dapat membuat kebijakan keamanan khusus. Untuk informasi selengkapnya, lihat [Perbarui konfigurasi negosiasi SSL](ssl-config-update.md).
Cipher berbasis RSA dan DSA khusus untuk algoritma penandatanganan yang digunakan untuk membuat sertifikat SSL. Pastikan untuk membuat sertifikat SSL menggunakan algoritma penandatanganan yang didasarkan pada sandi yang diaktifkan untuk kebijakan keamanan Anda.
Jika Anda memilih kebijakan yang diaktifkan untuk Preferensi Pesanan Server, penyeimbang beban menggunakan cipher dalam urutan yang ditentukan di sini untuk menegosiasikan koneksi antara klien dan penyeimbang beban. Jika tidak, penyeimbang beban menggunakan cipher dalam urutan yang disajikan oleh klien.
Bagian berikut menjelaskan kebijakan keamanan standar terbaru untuk Classic Load Balancer, termasuk protokol SSL dan cipher SSL yang diaktifkan. Anda juga dapat menjelaskan kebijakan yang telah ditentukan menggunakan [describe-load-balancer-policies](https://docs.aws.amazon.com/cli/latest/reference/elb/describe-load-balancer-policies.html)perintah.
**Tip**
Informasi ini hanya berlaku untuk Classic Load Balancers. Untuk informasi yang berlaku untuk penyeimbang beban lainnya, lihat [Kebijakan keamanan untuk kebijakan Application Load Balancer [dan Keamanan untuk Network Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/describe-ssl-policies.html) Anda](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/describe-ssl-policies.html).
**Topics**
+ [
## Protokol berdasarkan kebijakan
](#tls-protocols)
+ [
## Cipher berdasarkan kebijakan
](#tls-policy-ciphers)
+ [
## Kebijakan oleh cipher
](#tls-cipher-policies)
## Protokol berdasarkan kebijakan
Tabel berikut menjelaskan protokol TLS yang didukung oleh setiap kebijakan keamanan.
| Kebijakan Keamanan | TLS 1.2 | TLS 1.1 | TLS 1.0 |
| --- | --- | --- | --- |
| ELBSecurityKebijakan-TLS-1-2-2017-01 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan-TLS-1-1-2017-01 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan-2016-08 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/images/success_icon.svg) Ya |
| ELBSecurityKebijakan-2015-05 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/images/success_icon.svg) Ya |
| ELBSecurityKebijakan-2015-03 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/images/success_icon.svg) Ya |
| ELBSecurityKebijakan-2015-02 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/images/success_icon.svg) Ya |
## Cipher berdasarkan kebijakan
Tabel berikut menjelaskan sandi yang didukung oleh setiap kebijakan keamanan.
| Kebijakan keamanan | Cipher |
| --- | --- |
| ELBSecurityKebijakan-TLS-1-2-2017-01 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) |
| ELBSecurityKebijakan-TLS-1-1-2017-01 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) |
| ELBSecurityKebijakan-2016-08 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) |
| ELBSecurityKebijakan-2015-05 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) |
| ELBSecurityKebijakan-2015-03 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) |
| ELBSecurityKebijakan-2015-02 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) |
## Kebijakan oleh cipher
Tabel berikut menjelaskan kebijakan keamanan yang mendukung setiap cipher.
| Nama sandi | Kebijakan Keamanan | Rangkaian Penyandian |
| --- | --- | --- |
| ** ECDHE-ECDSA-AESOpenSSL** - 128-GCM- SHA256 **IANA — TLS\$1ECDHE\$1ECDSA\$1DENGAN\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) | c02b |
| ** ECDHE-RSA-AESOpenSSL** - 128-GCM- SHA256 **IANA — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) | c02f |
| ** ECDHE-ECDSA-AESOpenSSL** - 128- SHA256 **IANA — TLS\$1ECDHE\$1ECDSA\$1DENGAN\$1AES\$1128\$1CBC\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) | c023 |
| ** ECDHE-RSA-AESOpenSSL** - 128- SHA256 **IANA — TLS\$1ECDHE\$1RSA\$1DENGAN\$1AES\$1128\$1CBC\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) | c027 |
| **OpenSSL** — ECDHE-ECDSA-AES 128-SHA **IANA — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1128\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) | c009 |
| **OpenSSL** — ECDHE-RSA-AES 128-SHA **IANA — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) | c013 |
| ** ECDHE-ECDSA-AESOpenSSL** — 256-GCM- SHA384 **IANA — TLS\$1ECDHE\$1ECDSA\$1DENGAN\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) | c02c |
| ** ECDHE-RSA-AESOpenSSL** — 256-GCM- SHA384 **IANA — TLS\$1ECDHE\$1RSA\$1DENGAN\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) | c030 |
| ** ECDHE-ECDSA-AESOpenSSL** — 256- SHA384 **IANA — TLS\$1ECDHE\$1ECDSA\$1DENGAN\$1AES\$1256\$1CBC\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) | c024 |
| ** ECDHE-RSA-AESOpenSSL** — 256- SHA384 **IANA — TLS\$1ECDHE\$1RSA\$1DENGAN\$1AES\$1256\$1CBC\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) | c028 |
| **OpenSSL** — ECDHE-ECDSA-AES 256-SHA **IANA — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) | c014 |
| **OpenSSL** — ECDHE-RSA-AES 256-SHA **IANA — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1256\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) | c00a |
| ** AES128OpenSSL** — -GCM- SHA256 **IANA — TLS\$1RSA\$1WITH\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) | 9c |
| ** AES128OpenSSL** — - SHA256 **IANA — TLS\$1RSA\$1DENGAN\$1AES\$1128\$1CBC\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) | 3c |
| **OpenSSL** — AES128 -SHA **IANA — TLS\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) | 2f |
| ** AES256OpenSSL** — -GCM- SHA384 **IANA — TLS\$1RSA\$1WITH\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) | 9d |
| ** AES256OpenSSL** — - SHA256 **IANA — TLS\$1RSA\$1DENGAN\$1AES\$1256\$1CBC\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) | 3d |
| **OpenSSL** — AES256 -SHA **IANA — TLS\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) | 35 |
| **OpenSSL** — DHE-RSA-AES 128-SHA **IANA — TLS\$1DHE\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) | 33 |
| **OpenSSL** — DHE-DSS-AES 128-SHA **IANA — TLS\$1DHE\$1DSS\$1WITH\$1AES\$1128\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) | 32 |
| **OpenSSL** — DES-SHA CBC3 **IANA** — TLS\$1RSA\$1DENGAN\$13DES\$1EDE\$1CBC\$1SHA | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/classic/elb-security-policy-table.html) | 0a |