기계 번역으로 제공되는 번역입니다. 제공된 번역과 원본 영어의 내용이 상충하는 경우에는 영어 버전이 우선합니다.

# Network Load Balancer의 보안 정책
<a name="describe-ssl-policies"></a>

TLS 리스너를 생성할 때 보안 정책을 선택해야 합니다. 보안 정책은 로드 밸런서와 클라이언트 간의 SSL 협상 동안 어떤 암호와 프로토콜이 지원되는지 결정합니다. 요구 사항이 변경되거나 새 보안 정책을 릴리스할 때 로드 밸런서의 보안 정책을 업데이트할 수 있습니다. 자세한 내용은 [보안 정책 업데이트](listener-update-certificates.md#update-security-policy) 단원을 참조하십시오.

**고려 사항**
+ TLS 리스너에는 보안 정책이 필요합니다. 리스너를 생성할 때 보안 정책을 지정하지 않으면 기본 보안 정책이 사용됩니다. 기본 보안 정책은 TLS 리스너를 생성한 방법에 따라 달라집니다.
  + **콘솔** – 기본 보안 정책은 `ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09`입니다.
  + **기타 방법**(예: 및 AWS CLI AWS CloudFormation AWS CDK) - 기본 보안 정책은 입니다`ELBSecurityPolicy-2016-08`.
+ 이름에 PQ가 있는 보안 정책은 하이브리드 포스트 양자 키 교환을 제공합니다. 호환성을 위해 클래식 및 포스트 양자 ML-KEM 키 교환 알고리즘을 모두 지원합니다. 클라이언트는 키 교환에 하이브리드 포스트 양자 TLS를 사용하려면 ML-KEM 키 교환을 지원해야 합니다. 하이브리드 포스트 양자 정책은 SecP256r1MLKEM768, SecP384r1MLKEM1024 및 X25519MLKEM768 알고리즘을 지원합니다. 자세한 내용은 [포스트 양자 암호화를 참조하세요](https://aws.amazon.com/security/post-quantum-cryptography/).
+ AWS는 새로운 포스트 양자 TLS(PQ-TLS) 기반 보안 정책  `ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09` 또는를 구현할 것을 권장합니다`ELBSecurityPolicy-TLS13-1-2-FIPS-PQ-2025-09`. 이 정책은 하이브리드 PQ-TLS, TLS 1.3 전용 또는 TLS 1.2 전용을 협상할 수 있는 클라이언트를 지원하여 이전 버전과의 호환성을 보장하므로 포스트 양자 암호화로 전환하는 동안 서비스 중단을 최소화합니다. 클라이언트 애플리케이션이 키 교환 작업을 위해 PQ-TLS를 협상하는 기능을 개발함에 따라 보다 제한적인 보안 정책으로 점진적으로 마이그레이션할 수 있습니다.
+ Network Load Balancer로 전송된 TLS 요청에 대한 정보를 제공하는 액세스 로그를 활성화하고, TLS 트래픽 패턴을 분석하고, 보안 정책 업그레이드를 관리하고, 문제를 해결할 수 있습니다. 로드 밸런서에 대한 액세스 로깅을 활성화하고 해당 액세스 로그 항목을 검사합니다. 자세한 내용은 [액세스 로그](load-balancer-access-logs.md) 및 [Network Load Balancer 예시 쿼리](https://docs.aws.amazon.com/athena/latest/ug/networkloadbalancer-classic-logs.html#query-nlb-example)를 참조하세요.
+ 로드 밸런서에 대한 액세스 요청에 대한 TLS 프로토콜 버전(로그 필드 위치 5) 및 키 교환(로그 필드 위치 13)을 보려면 액세스 로깅을 활성화하고 해당 로그 항목을 검사합니다. 자세한 내용은 [액세스 로그](load-balancer-access-logs.md)를 참조하십시오.
+ IAM AWS 계정 및 AWS Organizations 서비스 제어 정책(SCPs)의 [ Elastic Load Balancing 조건 키를](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/security_iam_service-with-iam.html) 각각 사용하여 및에서 사용자가 사용할 수 있는 보안 정책을 제한할 수 있습니다. 자세한 내용은 *AWS Organizations 사용 설명서*의 [서비스 제어 정책(SCP)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html)을 참조하세요.
+ TLS 1.3만 지원하는 정책은 FS(Forward Secrecy)를 지원합니다. TLS\_\* 및 ECDHE\_\* 형식의 암호만 사용하는 TLS 1.3와 TLS 1.2를 지원하는 정책도 FS를 제공합니다.
+ Network Load Balancer는 TLS 1.2용 EMS(Extended Master Secret) 확장을 지원합니다.

**백엔드 연결**

백엔드 연결이 아니라 프론트엔드 연결에서 사용되는 보안 정책을 선택할 수 있습니다. 백엔드 연결에 대한 보안 정책은 리스너의 보안 정책에 따라 다릅니다. 리스너가 사용 중인 경우:
+ **FIPS 포스트 양자 TLS 정책 -** 백엔드 연결 사용 `ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09`
+ **FIPS 정책** - 백엔드 연결 사용 `ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04`
+ **포스트 양자 TLS 정책 -** 백엔드 연결 사용 `ELBSecurityPolicy-TLS13-1-0-PQ-2025-09`
+ **TLS 1.3 정책** - 백엔드 연결 사용 `ELBSecurityPolicy-TLS13-1-0-2021-06`
+ 다른 모든 TLS 정책 백엔드 연결은 `ELBSecurityPolicy-2016-08`

[describe-ssl-policies](https://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-ssl-policies.html) AWS CLI 명령을 사용하거나 아래 표를 참조하여 여 프로토콜 및 암호를 설명할 수 있습니다.

**Contents**
+ [TLS 보안 정책](#tls-security-policies)
  + [정책별 프로토콜](#tls-protocols)
  + [정책별 암호](#tls-policy-ciphers)
  + [암호별 정책](#tls-cipher-policies)
+ [FIPS 보안 정책](#fips-security-policies)
  + [정책별 프로토콜](#fips-protocols)
  + [정책별 암호](#fips-policy-ciphers)
  + [암호별 정책](#fips-cipher-policies)
+ [FS 지원 보안 정책](#fs-security-policies)
  + [정책별 프로토콜](#fs-protocols)
  + [정책별 암호](#fs-policy-ciphers)
  + [암호별 정책](#fs-cipher-policies)

## TLS 보안 정책
<a name="tls-security-policies"></a>

TLS 보안 정책을 사용하여 특정한 TLS 프로토콜 버전을 비활성화해야 하는 규정 준수 및 보안 표준을 충족하거나 암호 사용 중지가 필요한 기존 클라이언트를 지원할 수 있습니다.

TLS 1.3만 지원하는 정책은 FS(Forward Secrecy)를 지원합니다. TLS\_\* 및 ECDHE\_\* 형식의 암호만 사용하는 TLS 1.3와 TLS 1.2를 지원하는 정책도 FS를 제공합니다.

**Topics**
+ [정책별 프로토콜](#tls-protocols)
+ [정책별 암호](#tls-policy-ciphers)
+ [암호별 정책](#tls-cipher-policies)

### 정책별 프로토콜
<a name="tls-protocols"></a>

다음 표에서는 각 TLS 보안 정책이 지원하는 프로토콜을 설명합니다.


| 보안 정책 | TLS 1.3 | TLS 1.2 | TLS 1.1 | TLS 1.0 | 
| --- | --- | --- | --- | --- | 
| ELBSecurityPolicy-TLS13-1-3-2021-06 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-3-PQ-2025-09 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-2-2021-06 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-2-PQ-2025-09 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-2-Res-2021-06 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-2-Ext1-PQ-2025-09 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-1-2021-06 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-0-2021-06 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | 
| ELBSecurityPolicy-TLS13-1-0-PQ-2025-09 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | 
| ELBSecurityPolicy-TLS-1-2-Ext-2018-06 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS-1-2-2017-01 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS-1-1-2017-01 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-2016-08 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | 
| ELBSecurityPolicy-2015-05 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | 

### 정책별 암호
<a name="tls-policy-ciphers"></a>

다음 표에서는 각 TLS 보안 정책이 지원하는 암호를 설명합니다.


| 보안 정책 | 암호(Ciphers) | 
| --- | --- | 
| ELBSecurityPolicy-TLS13-1-3-2021-06<br />ELBSecurityPolicy-TLS13-1-3-PQ-2025-09 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 
| ELBSecurityPolicy-TLS13-1-2-2021-06<br />ELBSecurityPolicy-TLS13-1-2-PQ-2025-09 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 
| ELBSecurityPolicy-TLS13-1-2-Res-2021-06<br />ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 
| ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06<br />ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 
| ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06<br />ELBSecurityPolicy-TLS13-1-2-Ext1-PQ-2025-09 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 
| ELBSecurityPolicy-TLS13-1-1-2021-06 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 
| ELBSecurityPolicy-TLS13-1-0-2021-06<br />ELBSecurityPolicy-TLS13-1-0-PQ-2025-09 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 
| ELBSecurityPolicy-TLS-1-2-Ext-2018-06 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 
| ELBSecurityPolicy-TLS-1-2-2017-01 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 
| ELBSecurityPolicy-TLS-1-1-2017-01 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 
| ELBSecurityPolicy-2016-08 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 
| ELBSecurityPolicy-2015-05 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 

### 암호별 정책
<a name="tls-cipher-policies"></a>

다음 표에서는 각 암호를 지원하는 TLS 보안 정책을 설명합니다.


| 암호 이름 | 보안 정책 | 암호 그룹 | 
| --- | --- | --- | 
| **OpenSSL** – TLS\_AES\_128\_GCM\_SHA256<br />**IANA** – TLS\_AES\_128\_GCM\_SHA256 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 1301 | 
| **OpenSSL** – TLS\_AES\_256\_GCM\_SHA384<br />**IANA** – TLS\_AES\_256\_GCM\_SHA384 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 1302 | 
| **OpenSSL** – TLS\_CHACHA20\_POLY1305\_SHA256<br />**IANA** – TLS\_CHACHA20\_POLY1305\_SHA256 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 1303 | 
| **OpenSSL** – ECDHE-ECDSA-AES128-GCM-SHA256<br />**IANA** – TLS\_ECDHE\_ECDSA\_WITH\_AES\_128\_GCM\_SHA256 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c02b | 
| **OpenSSL** – ECDHE-RSA-AES128-GCM-SHA256<br />**IANA** – TLS\_ECDHE\_RSA\_WITH\_AES\_128\_GCM\_SHA256 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c02f | 
| **OpenSSL** – ECDHE-ECDSA-AES128-SHA256<br />**IANA** – TLS\_ECDHE\_ECDSA\_WITH\_AES\_128\_CBC\_SHA256 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c023 | 
| **OpenSSL** – ECDHE-RSA-AES128-SHA256<br />**IANA** – TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA256 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c027 | 
| **OpenSSL** – ECDHE-ECDSA-AES128-SHA<br />**IANA** – TLS\_ECDHE\_ECDSA\_WITH\_AES\_128\_CBC\_SHA |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c009 | 
| **OpenSSL** – ECDHE-RSA-AES128-SHA<br />**IANA** – TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c013 | 
| **OpenSSL** – ECDHE-ECDSA-AES256-GCM-SHA384<br />**IANA** – TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_GCM\_SHA384 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c02c | 
| **OpenSSL** – ECDHE-RSA-AES256-GCM-SHA384<br />**IANA** – TLS\_ECDHE\_RSA\_WITH\_AES\_256\_GCM\_SHA384 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c030 | 
| **OpenSSL** – ECDHE-ECDSA-AES256-SHA384<br />**IANA** – TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_CBC\_SHA384 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c024 | 
| **OpenSSL** – ECDHE-RSA-AES256-SHA384<br />**IANA** – TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA384 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c028 | 
| **OpenSSL** – ECDHE-ECDSA-AES256-SHA<br />**IANA** – TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_CBC\_SHA |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c00a | 
| **OpenSSL** – ECDHE-RSA-AES256-SHA<br />**IANA** – TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c014 | 
| **OpenSSL** – AES128-GCM-SHA256<br />**IANA** – TLS\_RSA\_WITH\_AES\_128\_GCM\_SHA256 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 9c | 
| **OpenSSL** – AES128-SHA256<br />**IANA** – TLS\_RSA\_WITH\_AES\_128\_CBC\_SHA256 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 3c | 
| **OpenSSL** – AES128-SHA<br />**IANA** – TLS\_RSA\_WITH\_AES\_128\_CBC\_SHA |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 2f | 
| **OpenSSL** – AES256-GCM-SHA384<br />**IANA** – TLS\_RSA\_WITH\_AES\_256\_GCM\_SHA384 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 9d | 
| **OpenSSL** – AES256-SHA256<br />**IANA** – TLS\_RSA\_WITH\_AES\_256\_CBC\_SHA256 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 3d | 
| **OpenSSL** – AES256-SHA<br />**IANA** – TLS\_RSA\_WITH\_AES\_256\_CBC\_SHA |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 35 | 

## FIPS 보안 정책
<a name="fips-security-policies"></a>

Federal Information Processing Standard(FIPS)는 미국 및 캐나다 정부 보안 표준으로서, 기밀 정보를 보호하는 암호 모듈의 보안 요건을 규정하고 있습니다. 자세한 내용은 *AWS 클라우드 보안 규정 준수* 페이지의 [Federal Information Processing Standard(FIPS) 140](https://aws.amazon.com/compliance/fips/)을 참조하세요.

모든 FIPS 정책은 AWS-LC FIPS 검증 암호화 모듈을 활용합니다. 자세한 내용은 *NIST 암호화 모듈 검증 프로그램* 사이트의 [AWS-LC 암호화 모듈](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4631) 페이지를 참조하세요.

**중요**  
`ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04` 및 `ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04` 정책은 레거시 호환성을 위해서만 제공됩니다. 이들 정책은 FIPS140 모듈을 사용하는 FIPS 암호화를 활용하지만 TLS 구성에 대한 최신 NIST 지침을 준수하지 않을 수 있습니다.

**Topics**
+ [정책별 프로토콜](#fips-protocols)
+ [정책별 암호](#fips-policy-ciphers)
+ [암호별 정책](#fips-cipher-policies)

### 정책별 프로토콜
<a name="fips-protocols"></a>

다음 표에서는 각 FIPS 보안 정책이 지원하는 프로토콜을 설명합니다.


| 보안 정책 | TLS 1.3 | TLS 1.2 | TLS 1.1 | TLS 1.0 | 
| --- | --- | --- | --- | --- | 
| ELBSecurityPolicy-TLS13-1-3-FIPS-2023-04 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-3-FIPS-PQ-2025-09 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-2-FIPS-PQ-2025-09  | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-2-Res-FIPS-PQ-2025-09 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-PQ-2025-09 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-PQ-2025-09 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | 
| ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | 

### 정책별 암호
<a name="fips-policy-ciphers"></a>

다음 표에서는 각 FIPS 보안 정책이 지원하는 암호를 설명합니다.


| 보안 정책 | 암호(Ciphers) | 
| --- | --- | 
| ELBSecurityPolicy-TLS13-1-3-FIPS-2023-04<br />ELBSecurityPolicy-TLS13-1-3-FIPS-PQ-2025-09 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 
| ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04<br />ELBSecurityPolicy-TLS13-1-2-FIPS-PQ-2025-09 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 
| ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04<br />ELBSecurityPolicy-TLS13-1-2-Res-FIPS-PQ-2025-09 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 
| ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04<br />ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09  |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 
| ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04<br />ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-PQ-2025-09 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 
| ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04<br />ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-PQ-2025-09 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 
| ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 
| ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04<br />ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 

### 암호별 정책
<a name="fips-cipher-policies"></a>

다음 표에서는 각 암호를 지원하는 FIPS 보안 정책을 설명합니다.


| 암호 이름 | 보안 정책 | 암호 그룹 | 
| --- | --- | --- | 
| **OpenSSL** – TLS\_AES\_128\_GCM\_SHA256<br />**IANA** – TLS\_AES\_128\_GCM\_SHA256 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 1301 | 
| **OpenSSL** – TLS\_AES\_256\_GCM\_SHA384<br />**IANA** – TLS\_AES\_256\_GCM\_SHA384 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 1302 | 
| **OpenSSL** – ECDHE-ECDSA-AES128-GCM-SHA256<br />**IANA** – TLS\_ECDHE\_ECDSA\_WITH\_AES\_128\_GCM\_SHA256 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c02b | 
| **OpenSSL** – ECDHE-RSA-AES128-GCM-SHA256<br />**IANA** – TLS\_ECDHE\_RSA\_WITH\_AES\_128\_GCM\_SHA256 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c02f | 
| **OpenSSL** – ECDHE-ECDSA-AES128-SHA256<br />**IANA** – TLS\_ECDHE\_ECDSA\_WITH\_AES\_128\_CBC\_SHA256 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c023 | 
| **OpenSSL** – ECDHE-RSA-AES128-SHA256<br />**IANA** – TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA256 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c027 | 
| **OpenSSL** – ECDHE-ECDSA-AES128-SHA<br />**IANA** – TLS\_ECDHE\_ECDSA\_WITH\_AES\_128\_CBC\_SHA |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c009 | 
| **OpenSSL** – ECDHE-RSA-AES128-SHA<br />**IANA** – TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c013 | 
| **OpenSSL** – ECDHE-ECDSA-AES256-GCM-SHA384<br />**IANA** – TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_GCM\_SHA384 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c02c | 
| **OpenSSL** – ECDHE-RSA-AES256-GCM-SHA384<br />**IANA** – TLS\_ECDHE\_RSA\_WITH\_AES\_256\_GCM\_SHA384 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c030 | 
| **OpenSSL** – ECDHE-ECDSA-AES256-SHA384<br />**IANA** – TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_CBC\_SHA384 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c024 | 
| **OpenSSL** – ECDHE-RSA-AES256-SHA384<br />**IANA** – TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA384 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c028 | 
| **OpenSSL** – ECDHE-ECDSA-AES256-SHA<br />**IANA** – TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_CBC\_SHA |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c00a | 
| **OpenSSL** – ECDHE-RSA-AES256-SHA<br />**IANA** – TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c014 | 
| **OpenSSL** – AES128-GCM-SHA256<br />**IANA** – TLS\_RSA\_WITH\_AES\_128\_GCM\_SHA256 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 9c | 
| **OpenSSL** – AES128-SHA256<br />**IANA** – TLS\_RSA\_WITH\_AES\_128\_CBC\_SHA256 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 3c | 
| **OpenSSL** – AES128-SHA<br />**IANA** – TLS\_RSA\_WITH\_AES\_128\_CBC\_SHA |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 2f | 
| **OpenSSL** – AES256-GCM-SHA384<br />**IANA** – TLS\_RSA\_WITH\_AES\_256\_GCM\_SHA384 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 9d | 
| **OpenSSL** – AES256-SHA256<br />**IANA** – TLS\_RSA\_WITH\_AES\_256\_CBC\_SHA256 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 3d | 
| **OpenSSL** – AES256-SHA<br />**IANA** – TLS\_RSA\_WITH\_AES\_256\_CBC\_SHA |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 35 | 

## FS 지원 보안 정책
<a name="fs-security-policies"></a>

FS(Forward Secrecy) 지원 보안 정책은 고유한 무작위 세션 키를 사용하여 암호화된 데이터를 도청하지 못하도록 추가적인 보호 기능을 제공합니다. 이렇게 하면 보안 암호 장기 키가 손상되더라도 캡처된 데이터의 디코딩이 방지됩니다.

이 섹션의 정책들은 FS를 지원하며, 해당 이름에 ‘FS’가 포함되어 있습니다. 그러나 이러한 정책이 FS를 지원하는 유일한 정책은 아닙니다. TLS 1.3만 지원하는 정책은 FS를 지원합니다. TLS\_\* 및 ECDHE\_\* 형식의 암호만 사용하는 TLS 1.3와 TLS 1.2를 지원하는 정책도 FS를 제공합니다.

**Topics**
+ [정책별 프로토콜](#fs-protocols)
+ [정책별 암호](#fs-policy-ciphers)
+ [암호별 정책](#fs-cipher-policies)

### 정책별 프로토콜
<a name="fs-protocols"></a>

다음 표에서는 각 FS 지원 보안 정책이 지원하는 프로토콜을 설명합니다.


| 보안 정책 | TLS 1.3 | TLS 1.2 | TLS 1.1 | TLS 1.0 | 
| --- | --- | --- | --- | --- | 
| ELBSecurityPolicy-FS-1-2-Res-2020-10 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-FS-1-2-Res-2019-08 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-FS-1-2-2019-08 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-FS-1-1-2019-08 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | 
| ELBSecurityPolicy-FS-2018-06 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/negative_icon.png) 아니요 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | ![](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/images/success_icon.png) 예 | 

### 정책별 암호
<a name="fs-policy-ciphers"></a>

다음 표에서는 각 FS 지원 보안 정책이 지원하는 암호를 설명합니다.


| 보안 정책 | 암호(Ciphers) | 
| --- | --- | 
| ELBSecurityPolicy-FS-1-2-Res-2020-10 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 
| ELBSecurityPolicy-FS-1-2-Res-2019-08 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 
| ELBSecurityPolicy-FS-1-2-2019-08 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 
| ELBSecurityPolicy-FS-1-1-2019-08 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 
| ELBSecurityPolicy-FS-2018-06 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | 

### 암호별 정책
<a name="fs-cipher-policies"></a>

다음 표에서는 각 암호를 지원하는 FS 지원 보안 정책을 설명합니다.


| 암호 이름 | 보안 정책 | 암호 그룹 | 
| --- | --- | --- | 
| **OpenSSL** – ECDHE-ECDSA-AES128-GCM-SHA256<br />**IANA** – TLS\_ECDHE\_ECDSA\_WITH\_AES\_128\_GCM\_SHA256 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c02b | 
| **OpenSSL** – ECDHE-RSA-AES128-GCM-SHA256<br />**IANA** – TLS\_ECDHE\_RSA\_WITH\_AES\_128\_GCM\_SHA256 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c02f | 
| **OpenSSL** – ECDHE-ECDSA-AES128-SHA256<br />**IANA** – TLS\_ECDHE\_ECDSA\_WITH\_AES\_128\_CBC\_SHA256 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c023 | 
| **OpenSSL** – ECDHE-RSA-AES128-SHA256<br />**IANA** – TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA256 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c027 | 
| **OpenSSL** – ECDHE-ECDSA-AES128-SHA<br />**IANA** – TLS\_ECDHE\_ECDSA\_WITH\_AES\_128\_CBC\_SHA |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c009 | 
| **OpenSSL** – ECDHE-RSA-AES128-SHA<br />**IANA** – TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c013 | 
| **OpenSSL** – ECDHE-ECDSA-AES256-GCM-SHA384<br />**IANA** – TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_GCM\_SHA384 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c02c | 
| **OpenSSL** – ECDHE-RSA-AES256-GCM-SHA384<br />**IANA** – TLS\_ECDHE\_RSA\_WITH\_AES\_256\_GCM\_SHA384 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c030 | 
| **OpenSSL** – ECDHE-ECDSA-AES256-SHA384<br />**IANA** – TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_CBC\_SHA384 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c024 | 
| **OpenSSL** – ECDHE-RSA-AES256-SHA384<br />**IANA** – TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA384 |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c028 | 
| **OpenSSL** – ECDHE-ECDSA-AES256-SHA<br />**IANA** – TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_CBC\_SHA |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c00a | 
| **OpenSSL** – ECDHE-RSA-AES256-SHA<br />**IANA** – TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA |  [See the AWS documentation website for more details](http://docs.aws.amazon.com/ko_kr/elasticloadbalancing/latest/network/describe-ssl-policies.html)  | c014 |