How can I determine if my load balancer supports SSL/TLS renegotiation?

1 minute read

I want to determine if my load balancer supports Secure Sockets Layer/Transport Layer Security (SSL/TLS) renegotiation.


Although only the client can initiate a session resumption, either side can initiate session renegotiation. Support of SSL/TLS renegotiation varies by the load balancer type:

  • Classic Load Balancers: Classic Load Balancers support secure client-initiated renegotiations for incoming SSL/TLS client connections. They also support server-initiated renegotiation for the backend SSL/TLS connection.
    Note: To turn off client-initiated renegotiations for incoming SSL/TLS connections, migrate to an Application Load Balancer where these renegotiations aren't supported.
  • Application Load Balancers: Application Load Balancers support SSL/TLS renegotiation for target connections. They don't support client-initiated renegotiations for incoming SSL client connections.
  • Network Load Balancers: Network Load Balancers don't support SSL/TLS renegotiation.

All load balancers support session resumption. However, only Network Load Balancers support resuming an SSL session that was originally negotiated with a different IP address that's associated with the same load balancer.

Related Information

Update the SSL negotiation configuration of your Classic Load Balancer

AWS OFFICIALUpdated 9 months ago