Application Load Balancers now support two new security policies: ELBSecurityPolicy-FS-2018-06 and ELBSecurityPolicy-TLS-1-2-Ext-2018-06.
ELBSecurityPolicy-FS-2018-06 implements ciphers that ensure Forward Secrecy. Customers now have a policy that prevents out-of-band decryption if someone records the traffic and later compromises the server’s private key.
ELBSecurityPolicy-TLS-1-2-Ext-2018-06 gives customers the option of only using the latest TLS 1.2 protocol with the same set of ciphers as available with default ELBSecurityPolicy-2016-08. With cipher parity, this new policy also provides an easy migration path to TLS 1.2-only from TLS 1.1 or TLS 1.0.
ELBSecurityPolicy-FS-2018-06 and ELBSecurityPolicy-TLS-1-2-Ext-2018-06 are available today for all existing and new Application Load Balancers in all AWS public regions. You can get started using the AWS Management Console , AWS Command Line Interface (CLI) , or AWS SDK . To learn more, see HTTPS Listeners for Your Application Load Balancer .