Application Load Balancers now support two new security policies: ELBSecurityPolicy-FS-2018-06 and ELBSecurityPolicy-TLS-1-2-Ext-2018-06.
ELBSecurityPolicy-FS-2018-06 implements ciphers that ensure Forward Secrecy. Customers now have a policy that prevents out-of-band decryption if someone records the traffic and later compromises the server’s private key.
ELBSecurityPolicy-TLS-1-2-Ext-2018-06 gives customers the option of only using the latest TLS 1.2 protocol with the same set of ciphers as available with default ELBSecurityPolicy-2016-08. With cipher parity, this new policy also provides an easy migration path to TLS 1.2-only from TLS 1.1 or TLS 1.0.
ELBSecurityPolicy-FS-2018-06 and ELBSecurityPolicy-TLS-1-2-Ext-2018-06 are available today for all existing and new Application Load Balancers in all AWS public regions. You can get started using the AWS Management Console, AWS Command Line Interface (CLI), or AWS SDK. To learn more, see HTTPS Listeners for Your Application Load Balancer.