When you configure an HTTPS listener, you can select a Transport Layer Security (TLS) policy of a late version to improve the security of your services and websites. A TLS policy consists of the TLS version and corresponding cipher suites.

Background information

With the popularity of HTTPS, more and more enterprises and individuals use HTTPS to deploy websites. HTTPS is the future of Internet development.

However, some HTTPS websites have a high security rating, whereas other HTTPS websites have low security rating. The typical reason why some HTTPS websites have a low security rating is that the servers use TLS policies of early versions. Servers that use TLS policies of early versions have a large number of security vulnerabilities and are vulnerable to attacks.

Application Load Balancer (ALB) supports custom TLS policies. You can specify a custom TLS version and corresponding cipher suites. This improves the security of your services and websites.

Limits

Basic Edition Application Load Balancer (ALB ) instances do not support custom TLS policies. To use custom TLS policies, you must upgrade ALB to Standard Edition. For more information, see Modify the configurations of an ALB instance.

Create an HTTPS listener and use a custom TLS policy

  1. In the region where the ALB instance is deployed, create a custom TLS policy. For more information, see TLS security policies.
  2. Create an HTTPS listener and select the custom TLS policy that you created. For more information, see Add an HTTPS listener.

Customize the TLS policy of the HTTPS listener

  1. In the region where the ALB instance is deployed, create a custom TLS policy. For more information, see TLS security policies.
  2. In the left-side navigation pane, choose ALB > Instances.
  3. Find the ALB instance that you want to manage and click its ID.
  4. On the Listener tab, find the HTTPS listener that you want to manage and click its ID.
  5. In the SSL Certificates section, click The Edit icon next to TLS Security Policy.
  6. In the Edit TLS Security Policy dialog box, select the custom TLS policy that you created, and click Save.