View a markdown version of this page

Application Load Balancer 보안 정책 - Elastic Load Balancing
describe-ssl-policies 명령 예제TLS 보안 정책FIPS 보안 정책RFC 9151(CNSA 1.0) 보안 정책FS 지원 정책

기계 번역으로 제공되는 번역입니다. 제공된 번역과 원본 영어의 내용이 상충하는 경우에는 영어 버전이 우선합니다.

Application Load Balancer 보안 정책

Elastic Load Balancing은 보안 정책이라고 하는 Secure Socket Layer(SSL) 협상 구성을 사용해 클라이언트와 로드 밸런서 간의 연결을 협상합니다. 보안 정책은 프로토콜과 암호의 조합입니다. 프로토콜은 클라이언트와 서버 간에 보안 연결을 설정하여 클라이언트와 로드 밸런서 간에 전달되는 모든 데이터를 안전하게 보호합니다. 암호는 코딩된 메시지를 생성하기 위해 암호화 키를 사용하는 암호화 알고리즘입니다. 프로토콜은 여러 개의 암호를 사용해 인터넷 상의 데이터를 암호화합니다. 연결 협상이 이루어지는 동안 클라이언트와 로드 밸런서는 각각이 지원하는 암호 및 프로토콜 목록을 선호도 순으로 표시합니다. 기본적으로 서버의 목록에서 클라이언트의 암호 중 하나와 일치하는 첫 번째 암호가 보안 연결을 위해 선택됩니다.

고려 사항

  • HTTPS 리스너에는 보안 정책이 필요합니다. 리스너를 생성할 때 보안 정책을 지정하지 않으면 기본 보안 정책이 사용됩니다. 기본 보안 정책은 HTTPS 리스너를 생성한 방법에 따라 달라집니다.

    • 콘솔 – 기본 보안 정책은 ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09입니다.

    • 기타 방법(예: 및 AWS CLI AWS CloudFormation AWS CDK) - 기본 보안 정책은 입니다ELBSecurityPolicy-2016-08.

    • 로드 밸런서에 대한 연결 요청에 대한 TLS 프로토콜 버전(로그 필드 위치 5) 및 키 교환(로그 필드 위치 13)을 보려면 연결 로깅을 활성화하고 해당 로그 항목을 검사합니다. 자세한 내용은 연결 로그를 참조하세요.

    • 이름에 PQ가 있는 보안 정책은 하이브리드 포스트 양자 키 교환을 제공합니다. 호환성을 위해 클래식 및 포스트 양자 ML-KEM 키 교환 알고리즘을 모두 지원합니다. 클라이언트는 키 교환에 하이브리드 포스트 양자 TLS를 사용하려면 ML-KEM 키 교환을 지원해야 합니다. 하이브리드 포스트 양자 정책은 SecP256r1MLKEM768, SecP384r1MLKEM1024 및 X25519MLKEM768 알고리즘을 지원합니다. 자세한 내용은 포스트 양자 암호화를 참조하세요.

    • AWS는 새로운 포스트 양자 TLS(PQ-TLS) 기반 보안 정책  ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09 또는를 구현할 것을 권장합니다ELBSecurityPolicy-TLS13-1-2-Res-FIPS-PQ-2025-09. 이 정책은 하이브리드 PQ-TLS, TLS 1.3 전용 또는 TLS 1.2 전용을 협상할 수 있는 클라이언트를 지원하여 이전 버전과의 호환성을 보장하므로 포스트 퀀텀 암호화로 전환하는 동안 서비스 중단을 최소화합니다. 클라이언트 애플리케이션이 키 교환 작업을 위해 PQ-TLS를 협상하는 기능을 개발함에 따라 보다 제한적인 보안 정책으로 점진적으로 마이그레이션할 수 있습니다.

    • 이름이 RFC 9151인 보안 정책은 미국 국가안보국(NSA)에서 지정한 상용 국가안보 알고리즘(CNSA) 1.0 제품군에 대한 TLS 요구 사항을 정의하는 RFC 9151을 준수하는 데 도움이 됩니다. 전환을 지원하기 위해 전체 RFC 9151 요구 사항을 적용하는 엄격한 정책과 점진적 전환을 지원하는 RFC 9151 준수 암호와 비RFC 9151 암호를 모두 지원하는 상호 작용 정책(이름에 "INTEROP" 포함)의 두 가지 범주에서 사용할 수 있습니다.는 로 시작하여 중단을 최소화한 다음 클라이언트가 RFC 9151ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07을 지원하므로 더 엄격한 정책으로 점진적으로 이동할 것을 AWS 권장합니다. ALB 연결 로그의 tls_protocoltls_cipher, 및 tls_keyexchange 필드를 사용하여 클라이언트 연결을 모니터링할 수 있습니다. RFC 9151에 대한 자세한 내용은 IETF 웹 사이트의 RFC 9151을 참조하세요.

  • 특정 TLS 프로토콜 버전을 비활성화해야 하는 규정 준수 및 보안 표준을 충족하거나 더 이상 사용되지 않는 암호가 필요한 레거시 클라이언트를 지원하려면 ELBSecurityPolicy-TLS- 보안 정책 중 하나를 사용할 수 있습니다. Application Load Balancer에 대한 요청에서 TLS 프로토콜 버전을 확인하려면 로드 밸런서에서 액세스 로깅을 활성화하고 해당 액세스 로그 항목을 검사하세요. 자세한 내용은 액세스 로그를 참조하십시오.

  • IAM AWS 계정 및 AWS Organizations 서비스 제어 정책(SCPs)의 Elastic Load Balancing 조건 키를 각각 사용하여 및 전체에서 사용자가 사용할 수 있는 보안 정책을 제한할 수 있습니다. 자세한 내용은 AWS Organizations 사용 설명서서비스 제어 정책(SCP)을 참조하세요.

  • TLS 1.3만 지원하는 정책은 FS(Forward Secrecy)를 지원합니다. TLS_* 및 ECDHE_* 형식의 암호만 사용하는 TLS 1.3과 TLS 1.2를 지원하는 정책도 FS를 제공합니다.

  • Application Load Balancer는 PSK(TLS 1.3) 및 세션 ID/세션 티켓(TLS 1.2 이상)을 사용하여 TLS 재개를 지원합니다. 재개는 동일한 Application Load Balancer IP 주소에 대한 연결에서만 지원됩니다. 0-RTT 데이터 기능과 early_data 확장은 구현되지 않습니다.

  • Application Load Balancer는 사용자 지정 보안 정책을 지원하지 않습니다.

  • Application Load Balancer는 대상 연결에 대해서만 SSL 재협상을 지원합니다.

백엔드 연결

  • 백엔드 연결이 아니라 프론트엔드 연결에서 사용되는 보안 정책을 선택할 수 있습니다. 백엔드 연결에 대한 보안 정책은 리스너 보안 정책에 따라 다릅니다. 리스너가 사용 중인 경우:

    • RFC 9151 정책(일체의 상호 작용 정책 포함) - 백엔드 연결 사용 ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07

    • FIPS 포스트 양자 TLS 정책 - 백엔드 연결 사용 ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09

    • FIPS 정책 - 백엔드 연결 사용 ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

    • 포스트 양자 TLS 정책 - 백엔드 연결 사용 ELBSecurityPolicy-TLS13-1-0-PQ-2025-09

    • TLS 1.3 정책 - 백엔드 연결 사용 ELBSecurityPolicy-TLS13-1-0-2021-06

    • 기타 TLS 정책 - 백엔드 연결 사용 ELBSecurityPolicy-2016-08

describe-ssl-policies 명령 예제

describe-ssl-policies AWS CLI 명령을 사용하면 보안 정책이 지원하는 프로토콜과 암호를 조회하거나 요구 사항에 맞는 정책을 찾을 수 있습니다.

다음 예제에서는 지정된 정책을 설명합니다.

aws elbv2 describe-ssl-policies \
    --names "ELBSecurityPolicy-TLS13-1-2-Res-2021-06"

다음 예제는 정책 이름에 지정된 문자열이 포함된 정책을 나열합니다.

aws elbv2 describe-ssl-policies \
    --query "SslPolicies[?contains(Name,'FIPS')].Name"

다음 예제는 지정된 프로토콜을 지원하는 정책을 나열합니다.

aws elbv2 describe-ssl-policies \
    --query "SslPolicies[?contains(SslProtocols,'TLSv1.3')].Name"

다음 예제는 지정된 암호를 지원하는 정책을 나열합니다.

aws elbv2 describe-ssl-policies \
    --query "SslPolicies[?Ciphers[?contains(Name,'TLS_AES_128_GCM_SHA256')]].Name"

다음 예제는 지정된 암호를 지원하지 않는 정책을 나열합니다.

aws elbv2 describe-ssl-policies \
    --query 'SslPolicies[?length(Ciphers[?starts_with(Name,`AES128-GCM-SHA256`)]) == `0`].Name'

TLS 보안 정책

TLS 보안 정책을 사용하여 특정한 TLS 프로토콜 버전을 비활성화해야 하는 규정 준수 및 보안 표준을 충족하거나 암호 사용 중지가 필요한 기존 클라이언트를 지원할 수 있습니다.

TLS 1.3만 지원하는 정책은 FS(Forward Secrecy)를 지원합니다. TLS_* 및 ECDHE_* 형식의 암호만 사용하는 TLS 1.3와 TLS 1.2를 지원하는 정책도 FS를 제공합니다.

정책별 프로토콜

다음 표에서는 각 TLS 보안 정책이 지원하는 프로토콜을 설명합니다.

보안 정책 TLS 1.3 TLS 1.2 TLS 1.1 TLS 1.0
ELBSecurityPolicy-TLS13-1-3-2021-06 아니요 아니요 아니요
ELBSecurityPolicy-TLS13-1-3-PQ-2025-09 아니요 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-2021-06 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-PQ-2025-09 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-Res-2021-06 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-Ext1-PQ-2025-09 아니요 아니요
ELBSecurityPolicy-TLS13-1-1-2021-06 아니요
ELBSecurityPolicy-TLS13-1-0-2021-06
ELBSecurityPolicy-TLS13-1-0-PQ-2025-09
ELBSecurityPolicy-TLS-1-2-Ext-2018-06 아니요 아니요 아니요
ELBSecurityPolicy-TLS-1-2-2017-01 아니요 아니요 아니요
ELBSecurityPolicy-TLS-1-1-2017-01 아니요 아니요
ELBSecurityPolicy-2016-08 아니요

정책별 암호

다음 표에서는 각 TLS 보안 정책이 지원하는 암호를 설명합니다.

보안 정책 암호(Ciphers)

ELBSecurityPolicy-TLS13-1-3-2021-06

ELBSecurityPolicy-TLS13-1-3-PQ-2025-09

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256

ELBSecurityPolicy-TLS13-1-2-2021-06

ELBSecurityPolicy-TLS13-1-2-PQ-2025-09

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

ELBSecurityPolicy-TLS13-1-2-Res-2021-06

ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA

ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

ELBSecurityPolicy-TLS13-1-2-Ext1-PQ-2025-09

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES256-GCM-SHA384

  • AES256-SHA256
ELBSecurityPolicy-TLS13-1-1-2021-06

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA

ELBSecurityPolicy-TLS13-1-0-2021-06

ELBSecurityPolicy-TLS13-1-0-PQ-2025-09

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy-TLS-1-2-2017-01

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES256-GCM-SHA384

  • AES256-SHA256
ELBSecurityPolicy-TLS-1-1-2017-01

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA
ELBSecurityPolicy-2016-08

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA

암호별 정책

다음 표에서는 각 암호를 지원하는 TLS 보안 정책을 설명합니다.

암호 이름 보안 정책 암호 그룹

OpenSSL – TLS_AES_128_GCM_SHA256

IANA – TLS_AES_128_GCM_SHA256

  • ELBSecurityPolicy-TLS13-1-3-2021-06

  • ELBSecurityPolicy-TLS13-1-3-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Res-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS13-1-0-PQ-2025-09

1301

OpenSSL – TLS_AES_256_GCM_SHA384

IANA – TLS_AES_256_GCM_SHA384

  • ELBSecurityPolicy-TLS13-1-3-2021-06

  • ELBSecurityPolicy-TLS13-1-3-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Res-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS13-1-0-PQ-2025-09

1302

OpenSSL – TLS_CHACHA20_POLY1305_SHA256

IANA – TLS_CHACHA20_POLY1305_SHA256

  • ELBSecurityPolicy-TLS13-1-3-2021-06

  • ELBSecurityPolicy-TLS13-1-3-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Res-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS13-1-0-PQ-2025-09

1303

OpenSSL – ECDHE-ECDSA-AES128-GCM-SHA256

IANA – TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

  • ELBSecurityPolicy-TLS13-1-2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Res-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS13-1-0-PQ-2025-09

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c02b

OpenSSL – ECDHE-RSA-AES128-GCM-SHA256

IANA – TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

  • ELBSecurityPolicy-TLS13-1-2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Res-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS13-1-0-PQ-2025-09

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c02f

OpenSSL – ECDHE-ECDSA-AES128-SHA256

IANA – TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

  • ELBSecurityPolicy-TLS13-1-2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS13-1-0-PQ-2025-09

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c023

OpenSSL – ECDHE-RSA-AES128-SHA256

IANA – TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

  • ELBSecurityPolicy-TLS13-1-2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS13-1-0-PQ-2025-09

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c027

OpenSSL – ECDHE-ECDSA-AES128-SHA

IANA – TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS13-1-0-PQ-2025-09

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c009

OpenSSL – ECDHE-RSA-AES128-SHA

IANA – TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS13-1-0-PQ-2025-09

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c013

OpenSSL – ECDHE-ECDSA-AES256-GCM-SHA384

IANA – TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

  • ELBSecurityPolicy-TLS13-1-2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Res-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS13-1-0-PQ-2025-09

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c02c

OpenSSL – ECDHE-RSA-AES256-GCM-SHA384

IANA – TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

  • ELBSecurityPolicy-TLS13-1-2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Res-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS13-1-0-PQ-2025-09

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c030

OpenSSL – ECDHE-ECDSA-AES256-SHA384

IANA – TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

  • ELBSecurityPolicy-TLS13-1-2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS13-1-0-PQ-2025-09

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c024

OpenSSL – ECDHE-RSA-AES256-SHA384

IANA – TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

  • ELBSecurityPolicy-TLS13-1-2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS13-1-0-PQ-2025-09

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c028

OpenSSL – ECDHE-ECDSA-AES256-SHA

IANA – TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS13-1-0-PQ-2025-09

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c00a

OpenSSL – ECDHE-RSA-AES256-SHA

IANA – TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS13-1-0-PQ-2025-09

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

c014

OpenSSL – AES128-GCM-SHA256

IANA – TLS_RSA_WITH_AES_128_GCM_SHA256

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS13-1-0-PQ-2025-09

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

9c

OpenSSL – AES128-SHA256

IANA – TLS_RSA_WITH_AES_128_CBC_SHA256

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS13-1-0-PQ-2025-09

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

3c

OpenSSL – AES128-SHA

IANA – TLS_RSA_WITH_AES_128_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS13-1-0-PQ-2025-09

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

2f

OpenSSL – AES256-GCM-SHA384

IANA – TLS_RSA_WITH_AES_256_GCM_SHA384

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS13-1-0-PQ-2025-09

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

9d

OpenSSL – AES256-SHA256

IANA – TLS_RSA_WITH_AES_256_CBC_SHA256

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext1-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS13-1-0-PQ-2025-09

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-2-2017-01

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

3d

OpenSSL – AES256-SHA

IANA – TLS_RSA_WITH_AES_256_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06

  • ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-2021-06

  • ELBSecurityPolicy-TLS13-1-0-2021-06

  • ELBSecurityPolicy-TLS13-1-0-PQ-2025-09

  • ELBSecurityPolicy-TLS-1-2-Ext-2018-06

  • ELBSecurityPolicy-TLS-1-1-2017-01

  • ELBSecurityPolicy-2016-08

35

FIPS 보안 정책

Federal Information Processing Standard(FIPS)는 미국 및 캐나다 정부 보안 표준으로서, 기밀 정보를 보호하는 암호 모듈의 보안 요건을 규정하고 있습니다. 자세한 내용은 AWS 클라우드 보안 규정 준수 페이지의 Federal Information Processing Standard(FIPS) 140을 참조하세요.

모든 FIPS 정책은 AWS-LC FIPS 검증 암호화 모듈을 사용합니다. 자세한 내용은 NIST 암호화 모듈 검증 프로그램 사이트의 AWS-LC 암호화 모듈 페이지를 참조하세요.

중요

ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04 정책은 레거시 호환성을 위해서만 제공됩니다. FIPS140 모듈을 사용하여 FIPS 암호화를 사용하지만 TLS 구성에 대한 최신 NIST 지침을 준수하지 않을 수 있습니다.

정책별 프로토콜

다음 표에서는 각 FIPS 보안 정책이 지원하는 프로토콜을 설명합니다.

보안 정책 TLS 1.3 TLS 1.2 TLS 1.1 TLS 1.0
ELBSecurityPolicy-TLS13-1-3-FIPS-2023-04 아니요 아니요 아니요
ELBSecurityPolicy-TLS13-1-3-FIPS-PQ-2025-09 아니요 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-FIPS-PQ-2025-09 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-Res-FIPS-PQ-2025-09 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-PQ-2025-09 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-PQ-2025-09 아니요 아니요
ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04 아니요
ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04
ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09

정책별 암호

다음 표에서는 각 FIPS 보안 정책이 지원하는 암호를 설명합니다.

보안 정책 암호(Ciphers)

ELBSecurityPolicy-TLS13-1-3-FIPS-2023-04

ELBSecurityPolicy-TLS13-1-3-FIPS-PQ-2025-09

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04

ELBSecurityPolicy-TLS13-1-2-FIPS-PQ-2025-09

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04

ELBSecurityPolicy-TLS13-1-2-Res-FIPS-PQ-2025-09

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA

ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-PQ-2025-09

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES256-GCM-SHA384

  • AES256-SHA256

ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-PQ-2025-09

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA
ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA

ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA

암호별 정책

다음 표에서는 각 암호를 지원하는 FIPS 보안 정책을 설명합니다.

암호 이름 보안 정책 암호 그룹

OpenSSL – TLS_AES_128_GCM_SHA256

IANA – TLS_AES_128_GCM_SHA256

  • ELBSecurityPolicy-TLS13-1-3-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-3-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Res-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09

1301

OpenSSL – TLS_AES_256_GCM_SHA384

IANA – TLS_AES_256_GCM_SHA384

  • ELBSecurityPolicy-TLS13-1-3-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-3-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Res-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09

1302

OpenSSL – ECDHE-ECDSA-AES128-GCM-SHA256

IANA – TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

  • ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Res-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09

c02b

OpenSSL – ECDHE-RSA-AES128-GCM-SHA256

IANA – TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

  • ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Res-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09

c02f

OpenSSL – ECDHE-ECDSA-AES128-SHA256

IANA – TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

  • ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09

c023

OpenSSL – ECDHE-RSA-AES128-SHA256

IANA – TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

  • ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09

c027

OpenSSL – ECDHE-ECDSA-AES128-SHA

IANA – TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09

c009

OpenSSL – ECDHE-RSA-AES128-SHA

IANA – TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09

c013

OpenSSL – ECDHE-ECDSA-AES256-GCM-SHA384

IANA – TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

  • ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Res-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09

c02c

OpenSSL – ECDHE-RSA-AES256-GCM-SHA384

IANA – TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

  • ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Res-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09

c030

OpenSSL – ECDHE-ECDSA-AES256-SHA384

IANA – TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

  • ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09

c024

OpenSSL – ECDHE-RSA-AES256-SHA384

IANA – TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

  • ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09

c028

OpenSSL – ECDHE-ECDSA-AES256-SHA

IANA – TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09

c00a

OpenSSL – ECDHE-RSA-AES256-SHA

IANA – TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09

c014

OpenSSL – AES128-GCM-SHA256

IANA – TLS_RSA_WITH_AES_128_GCM_SHA256

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09

9c

OpenSSL – AES128-SHA256

IANA – TLS_RSA_WITH_AES_128_CBC_SHA256

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09

3c

OpenSSL – AES128-SHA

IANA – TLS_RSA_WITH_AES_128_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09

2f

OpenSSL – AES256-GCM-SHA384

IANA – TLS_RSA_WITH_AES_256_GCM_SHA384

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09

9d

OpenSSL – AES256-SHA256

IANA – TLS_RSA_WITH_AES_256_CBC_SHA256

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09

3d

OpenSSL – AES256-SHA

IANA – TLS_RSA_WITH_AES_256_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09

  • ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04

  • ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09

35

RFC 9151(CNSA 1.0) 보안 정책

Application Load Balancer는 미국 국가안보국(NSA)에서 지정한 상용 국가안보 알고리즘(CNSA) 1.0 제품군에 대한 TLS 요구 사항을 정의하는 RFC 9151을 준수하는 데 도움이 되는 보안 정책을 지원합니다. RFC 9151은 TLS 1.2 및 TLS 1.3 프로토콜과 함께 CNSA 제품군을 사용하는 방법을 지정하여 정부 보안 표준을 충족하는 보안 통신에 대한 암호화 요구 사항을 정의합니다. RFC 9151에 대한 자세한 내용은 RFC 9151을 참조하세요.

RFC 9151 정책은 다음 두 가지 범주로 제공됩니다.

  • 엄격한 정책 - 엄격한 RFC 9151 암호 및 서명 체계 요구 사항을 적용합니다. 모든 클라이언트가 RFC 9151을 지원할 수 있는 경우 이를 사용합니다.

  • 상호 작용 정책 - RFC 9151 규정 준수 및 비RFC 9151 암호와 서명 체계를 모두 지원하여 RFC 9151 규정 준수로 점진적으로 전환하는 데 도움이 됩니다. 모든 클라이언트가 RFC 9151을 지원할 수 있는지 확실하지 않거나 전환 중에 클라이언트가 중단되지 않도록 하려는 경우이 옵션을 사용합니다. 모든 상호 작용 정책에는 정책 이름에 "INTEROP"가 포함됩니다.

AWS 에서는 기존 TLS 1.3ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07, TLS 1.2 또는 엄격한 RFC 9151 알고리즘을 협상하여 중단을 최소화할 수 있는 클라이언트를 지원하는 상호 작용 정책 부터 시작할 것을 권장합니다. 클라이언트가 엄격한 RFC 9151을 협상할 수 있으므로 점진적으로 더 엄격한 정책으로 이동할 수 있습니다. ALB 연결 로그의 tls_protocoltls_cipher, 및 tls_keyexchange 필드를 사용하여 클라이언트의 연결 방식을 모니터링할 수 있습니다.

중요

리스너에 대한 RFC 9151 보안 정책을 선택하면 로드 밸런서가 대상 및 기타 서비스에 ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07 대한 백엔드 연결에를 사용합니다. 그러나 로드 밸런서는 대상에 대한 연결 또는 고객이 구성한 외부 서비스(예: 타사 ID 제공업체 또는 인증 엔드포인트)를 포함하여 송신 연결에 대한 RFC 9151 규정 준수를 보장하거나 적용할 수 없습니다.

다음을 보장하는 것은 사용자의 책임입니다.

  • 대상과 구성한 외부 서비스는 백엔드 연결 정책의 프로토콜과 암호를 지원할 수 있습니다.

  • 로드 밸런서와 대상 간의 엄격한 RFC 9151 규정 준수를 위해 대상에 RFC 9151 규정 준수 인증서 및 암호가 구현되어 있어야 합니다.

  • 백엔드 대상이 TLS 1.0 또는 TLS 1.1만 지원하는 경우 연결이 실패합니다. ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07 정책에서 지원하는 암호에 맞게 대상의 프로토콜과 암호를 업데이트해야 합니다.

정책별 프로토콜

다음 표에서는 각 RFC 9151 보안 정책이 지원하는 프로토콜을 설명합니다.

보안 정책 TLS 1.3 TLS 1.2 TLS 1.1 TLS 1.0
ELBSecurityPolicy-TLS13-1-3-RFC9151-FIPS-2023-07 아니요 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-RFC9151-FIPS-2023-07 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-Ext0-RFC9151-FIPS-2023-07 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP1-FIPS-2023-07 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP2-FIPS-2023-07 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP3-FIPS-2023-07 아니요 아니요
ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07 아니요 아니요

정책별 암호

다음 표에서는 각 RFC 9151 보안 정책이 지원하는 암호에 대해 설명합니다.

보안 정책 암호(Ciphers)
ELBSecurityPolicy-TLS13-1-3-RFC9151-FIPS-2023-07

  • TLS_AES_256_GCM_SHA384
ELBSecurityPolicy-TLS13-1-2-RFC9151-FIPS-2023-07

  • TLS_AES_256_GCM_SHA384

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384
ELBSecurityPolicy-TLS13-1-2-Ext0-RFC9151-FIPS-2023-07

  • TLS_AES_256_GCM_SHA384

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • AES256-GCM-SHA384
ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP1-FIPS-2023-07

  • TLS_AES_256_GCM_SHA384

  • TLS_AES_128_GCM_SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256
ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP2-FIPS-2023-07

  • TLS_AES_256_GCM_SHA384

  • TLS_AES_128_GCM_SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256
ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP3-FIPS-2023-07

  • TLS_AES_256_GCM_SHA384

  • TLS_AES_128_GCM_SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA
ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07

  • TLS_AES_256_GCM_SHA384

  • TLS_AES_128_GCM_SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • AES256-GCM-SHA384

  • AES256-SHA256

  • AES256-SHA

  • AES128-GCM-SHA256

  • AES128-SHA256

  • AES128-SHA

암호별 정책

다음 표에서는 각 암호를 지원하는 RFC 9151 보안 정책을 설명합니다.

암호 이름 보안 정책 암호 그룹

OpenSSL – TLS_AES_256_GCM_SHA384

IANA – TLS_AES_256_GCM_SHA384

  • ELBSecurityPolicy-TLS13-1-3-RFC9151-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-Ext0-RFC9151-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP1-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP2-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP3-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07

1302

OpenSSL – TLS_AES_128_GCM_SHA256

IANA – TLS_AES_128_GCM_SHA256

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP1-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP2-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP3-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07

1301

OpenSSL – ECDHE-ECDSA-AES256-GCM-SHA384

IANA – TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-Ext0-RFC9151-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP1-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP2-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP3-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07

c02c

OpenSSL – ECDHE-RSA-AES256-GCM-SHA384

IANA – TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-Ext0-RFC9151-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP1-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP2-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP3-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07

c030

OpenSSL – AES256-GCM-SHA384

IANA – TLS_RSA_WITH_AES_256_GCM_SHA384

  • ELBSecurityPolicy-TLS13-1-2-Ext0-RFC9151-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07

9d

OpenSSL – ECDHE-ECDSA-AES128-GCM-SHA256

IANA – TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP1-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP2-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP3-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07

c02b

OpenSSL – ECDHE-RSA-AES128-GCM-SHA256

IANA – TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP1-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP2-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP3-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07

c02f

OpenSSL – ECDHE-ECDSA-AES256-SHA384

IANA – TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP2-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP3-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07

c024

OpenSSL – ECDHE-RSA-AES256-SHA384

IANA – TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP2-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP3-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07

c028

OpenSSL – ECDHE-ECDSA-AES128-SHA256

IANA – TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP2-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP3-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07

c023

OpenSSL – ECDHE-RSA-AES128-SHA256

IANA – TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP2-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP3-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07

c027

OpenSSL – ECDHE-ECDSA-AES256-SHA

IANA – TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP3-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07

c00a

OpenSSL – ECDHE-RSA-AES256-SHA

IANA – TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP3-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07

c014

OpenSSL – ECDHE-ECDSA-AES128-SHA

IANA – TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP3-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07

c009

OpenSSL – ECDHE-RSA-AES128-SHA

IANA – TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP3-FIPS-2023-07

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07

c013

OpenSSL – AES256-SHA256

IANA – TLS_RSA_WITH_AES_256_CBC_SHA256

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07

3d

OpenSSL – AES256-SHA

IANA – TLS_RSA_WITH_AES_256_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07

35

OpenSSL – AES128-GCM-SHA256

IANA – TLS_RSA_WITH_AES_128_GCM_SHA256

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07

9c

OpenSSL – AES128-SHA256

IANA – TLS_RSA_WITH_AES_128_CBC_SHA256

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07

3c

OpenSSL – AES128-SHA

IANA – TLS_RSA_WITH_AES_128_CBC_SHA

  • ELBSecurityPolicy-TLS13-1-2-RFC9151-INTEROP4-FIPS-2023-07

2f

FS 지원 정책

FS(순방향 비밀성) 지원 보안 정책은 고유한 무작위 세션 키를 사용하여 암호화된 데이터를 도청할 수 없도록 추가적인 보호 기능을 제공합니다. 이렇게 하면 보안 암호 장기 키가 손상되더라도 캡처된 데이터의 디코딩이 방지됩니다.

이 섹션의 정책들은 FS를 지원하며, 해당 이름에 ‘FS’가 포함되어 있습니다. 그러나 이러한 정책이 FS를 지원하는 유일한 정책은 아닙니다. TLS 1.3만 지원하는 정책은 FS를 지원합니다. TLS_* 및 ECDHE_* 형식의 암호만 사용하는 TLS 1.3와 TLS 1.2를 지원하는 정책도 FS를 제공합니다.

정책별 프로토콜

다음 표에서는 각 FS 지원 보안 정책이 지원하는 프로토콜을 설명합니다.

보안 정책 TLS 1.3 TLS 1.2 TLS 1.1 TLS 1.0
ELBSecurityPolicy-FS-1-2-Res-2020-10 아니요 아니요 아니요
ELBSecurityPolicy-FS-1-2-Res-2019-08 아니요 아니요 아니요
ELBSecurityPolicy-FS-1-2-2019-08 아니요 아니요 아니요
ELBSecurityPolicy-FS-1-1-2019-08 아니요 아니요
ELBSecurityPolicy-FS-2018-06 아니요

정책별 암호

다음 표에서는 각 FS 지원 보안 정책이 지원하는 암호를 설명합니다.

보안 정책 암호(Ciphers)
ELBSecurityPolicy-FS-1-2-Res-2020-10

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384
ELBSecurityPolicy-FS-1-2-Res-2019-08

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384
ELBSecurityPolicy-FS-1-2-2019-08

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA
ELBSecurityPolicy-FS-1-1-2019-08

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA
ELBSecurityPolicy-FS-2018-06

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA

암호별 정책

다음 표에서는 각 암호를 지원하는 FS 지원 보안 정책을 설명합니다.

암호 이름 보안 정책 암호 그룹

OpenSSL – ECDHE-ECDSA-AES128-GCM-SHA256

IANA – TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

  • ELBSecurityPolicy-FS-1-2-Res-2020-10

  • ELBSecurityPolicy-FS-1-2-Res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c02b

OpenSSL – ECDHE-RSA-AES128-GCM-SHA256

IANA – TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

  • ELBSecurityPolicy-FS-1-2-Res-2020-10

  • ELBSecurityPolicy-FS-1-2-Res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c02f

OpenSSL – ECDHE-ECDSA-AES128-SHA256

IANA – TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

  • ELBSecurityPolicy-FS-1-2-Res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c023

OpenSSL – ECDHE-RSA-AES128-SHA256

IANA – TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

  • ELBSecurityPolicy-FS-1-2-Res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c027

OpenSSL – ECDHE-ECDSA-AES128-SHA

IANA – TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c009

OpenSSL – ECDHE-RSA-AES128-SHA

IANA – TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c013

OpenSSL – ECDHE-ECDSA-AES256-GCM-SHA384

IANA – TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

  • ELBSecurityPolicy-FS-1-2-Res-2020-10

  • ELBSecurityPolicy-FS-1-2-Res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c02c

OpenSSL – ECDHE-RSA-AES256-GCM-SHA384

IANA – TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

  • ELBSecurityPolicy-FS-1-2-Res-2020-10

  • ELBSecurityPolicy-FS-1-2-Res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c030

OpenSSL – ECDHE-ECDSA-AES256-SHA384

IANA – TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

  • ELBSecurityPolicy-FS-1-2-Res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c024

OpenSSL – ECDHE-RSA-AES256-SHA384

IANA – TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

  • ELBSecurityPolicy-FS-1-2-Res-2019-08

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c028

OpenSSL – ECDHE-ECDSA-AES256-SHA

IANA – TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c00a

OpenSSL – ECDHE-RSA-AES256-SHA

IANA – TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

  • ELBSecurityPolicy-FS-1-2-2019-08

  • ELBSecurityPolicy-FS-1-1-2019-08

  • ELBSecurityPolicy-FS-2018-06

c014