Server Order Preference option in ALB

Question

There is no feature like [Server Order Preference option][1] in ALB as similar as CLB.  
Customer wants to restrict clients to use TLS1.2 on ALB.  
Without the Server Order Preference option in ALB, any guidance would be acceptable.

[1]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-ssl-security-policy.html#server-order-preference

Accepted Answer

Server Order Preference in CLB ensures the first cipher in the list of ciphers on the server (Load balancer) that matches the client cipher list is used. This is the default behaviour of [ALB][1]

> Security policies
> 
> Elastic Load Balancing uses a Secure Socket Layer (SSL) negotiation
> configuration, known as a security policy, to negotiate SSL
> connections between a client and the load balancer. A security policy
> is a combination of protocols and ciphers. The protocol establishes a
> secure connection between a client and a server and ensures that all
> data passed between the client and your load balancer is private. A
> cipher is an encryption algorithm that uses encryption keys to create
> a coded message. Protocols use several ciphers to encrypt data over
> the internet. During the connection negotiation process, the client
> and the load balancer present a list of ciphers and protocols that
> they each support, in order of preference. **By default, the first
> cipher on the server's list that matches any one of the client's
> ciphers is selected for the secure connection.**

[1]: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies

Server Order Preference option in ALB

관련 콘텐츠