This release introduces a new variable ssl_policy which lets you choose a security policy instead of being forced on the least secure one. The default security policy was also updated to force TLS 1.2, so this could break some workflows relying on older protocols or insecure ciphers, unless you set the new variable to the old default policy.
List of security policies documented here:
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html
Security scan finding that led to this change:
https://tfsec.dev/docs/aws/AWS010/