Classic Load Balancer Security Policy for Client Cipher Preference
Question
A user is trying to setup a security policy for a Classic Load Balancer.
The user wants ELB to meet the cipher supported by the client by configuring the server order preference in ELB security policy.
Which of the below mentioned preconfigured policies supports this feature?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - A.
As per the AWS documentation the Server order preference is supported by the ELBSecurity Policy-2016-08 security policy.
For more information on ELB security policies, please visit the link:
https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.htmlThe AWS Classic Load Balancer supports SSL/TLS termination to provide secure communication between clients and servers. When configuring SSL/TLS for the Classic Load Balancer, the user can specify a security policy, which is a predefined set of SSL/TLS protocols and ciphers that the load balancer uses to negotiate a secure connection with the client.
To meet the cipher supported by the client by configuring the server order preference in the ELB security policy, the user needs to choose a security policy that supports this feature. The server order preference determines the order of preference for ciphers used by the load balancer when negotiating a secure connection with the client.
Out of the given preconfigured policies, only two policies support this feature - ELBSecurity Policy-2016-08 and ELBDefault Negotiation Policy.
ELBSecurity Policy-2016-08 is a recommended security policy that provides strong security and meets the latest security standards. It supports the server order preference feature, allowing the load balancer to negotiate a secure connection with the client based on the client's preferred cipher order.
ELBDefault Negotiation Policy is a default security policy that provides basic security and supports server order preference. It allows the load balancer to negotiate a secure connection with the client based on the client's preferred cipher order.
ELBSecurity Policy-2011-08 and ELBSample-OpenSSLDefault Cipher Policy do not support the server order preference feature and cannot be used to meet the cipher supported by the client by configuring the server order preference.
Therefore, the correct answer to the question is either A. ELBSecurity Policy-2016-08 or C. ELBDefault Negotiation Policy, depending on the user's requirements for security and compliance.
