How can I determine if my load balancer supports SSL/TLS renegotiation?

1 minutos de lectura
0

I want to determine if my load balancer supports Secure Sockets Layer/Transport Layer Security (SSL/TLS) renegotiation.

Resolution

Although only the client can initiate a session resumption, either side can initiate session renegotiation. Support of SSL/TLS renegotiation varies by the load balancer type:

  • Classic Load Balancers: Classic Load Balancers support secure client-initiated renegotiations for incoming SSL/TLS client connections. They also support server-initiated renegotiation for the backend SSL/TLS connection.
    Note: To turn off client-initiated renegotiations for incoming SSL/TLS connections, migrate to an Application Load Balancer where these renegotiations aren't supported.
  • Application Load Balancers: Application Load Balancers support SSL/TLS renegotiation for target connections. They don't support client-initiated renegotiations for incoming SSL client connections.
  • Network Load Balancers: Network Load Balancers don't support SSL/TLS renegotiation.

All load balancers support session resumption. However, only Network Load Balancers support resuming an SSL session that was originally negotiated with a different IP address that's associated with the same load balancer.

Related Information

Update the SSL negotiation configuration of your Classic Load Balancer

OFICIAL DE AWS
OFICIAL DE AWSActualizada hace 10 meses
Sin comentarios