Skip to content

Commit

Permalink
feat(elasticloadbalancingv2): FIPS compliant SSL policy to ALB (aws#2…
Browse files Browse the repository at this point in the history
…8479)

This Pull Request introduces a set of new FIPS-compliant SSL policies for the Application Load Balancer (ALB) in AWS Elastic Load Balancing (ELB). These policies enhance the security of ALB by providing options that are compliant with the Federal Information Processing Standards (FIPS).

Closes aws#28455 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
badmintoncryer authored and paulhcsun committed Jan 5, 2024
1 parent 9a63406 commit 0512554
Showing 1 changed file with 40 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,46 @@ export enum SslPolicy {
*/
TLS13_13 = 'ELBSecurityPolicy-TLS13-1-3-2021-06',

/**
* TLS 1.3 only with AES 128 and 256 GCM SHA ciphers
*/
FIPS_TLS13_13 = 'ELBSecurityPolicy-TLS13-1-3-FIPS-2023-04',

/**
* TLS 1.2 and 1.3 with AES and ECDHE GCM/SHA ciphers
*/
FIPS_TLS13_12_RES = 'ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04',

/**
* TLS 1.2 and 1.3 with ECDHE SHA/GCM ciphers, excluding SHA1 ciphers
*/
FIPS_TLS13_12 = 'ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04',

/**
* TLS 1.2 and 1.3 with all ECDHE ciphers
*/
FIPS_TLS13_12_EXT0 = 'ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04',

/**
* TLS 1.2 and 1.3 with all AES and ECDHE ciphers excluding SHA1 ciphers
*/
FIPS_TLS13_12_EXT1 = 'ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04',

/**
* TLS 1.2 and 1.3 with all ciphers
*/
FIPS_TLS13_12_EXT2 = 'ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04',

/**
* TLS1.1 through 1.3 with all ciphers
*/
FIPS_TLS13_11 = 'ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04',

/**
* TLS1.0 through 1.3 with all ciphers
*/
FIPS_TLS13_10 = 'ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04',

/**
* Strong foward secrecy ciphers and TLV1.2 only (2020 edition).
* Same as FORWARD_SECRECY_TLS12_RES, but only supports GCM versions of the TLS ciphers
Expand Down

0 comments on commit 0512554

Please sign in to comment.