By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

how we can edit cipher in aws

0

During the security assessment conducted it is observed that the application is configured with weak ciphers such as CBC that are found to be vulnerable to Lucky 13 attack and are not recommended for use. Is there any way to update cipher. Our application is already using TLS_1_2 version.

  • Mike_L EXPERT
    6 months ago

    Can you provide more information? Is this for a EC2 instance? If yes, what OS is it running? What is the application and port number running that is flagged to have CBC ciphers?

Topics
Security, Identity, & ComplianceInternet of Things (IoT)
Tags
Security, Identity, & ComplianceTransport Layer Security (TLS)
Language
English
hemant
asked 6 months ago351 views
1 Answer
0

Hi,
do you use AWS Application Load Balancer in your architecture ?

If yes, then you can upgrade to TLS 1.3 supported by ALB since last March: https://aws.amazon.com/about-aws/whats-new/2023/03/application-load-balancer-tls-1-3/

TLS 1.3 provides more secure cryptographic ciphers : see https://www.telerik.com/blogs/tls-1-3-what-is-it-why-use-it (section "more secure cryptographic cyphers")

Best,

Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 6 months ago
  • hemant
    6 months ago

    hi, we are not using load balancer currently. Is there any way to change cipher in that case?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content