Classic Load Balancer SSL Protocols

SSL Protocols Unsupported on Classic Load Balancer

Prev Question Next Question

Question

Which of the following protocols are no longer supported for SSL on the classic load balancer?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - A.

The AWS documentation mentions the following on the protocols supported for the classic load balancer.

The following versions of the SSL protocol are supported:

· TLS 1.2

· TLS 1.1

· TLS 1.0

· SSL 3.0

Deprecated SSL Protocol.

If you previously enabled the SSL 2.0 protocol in a custom policy, we recommend that you update your security policy to the default predefined security policy.

For more information on the ELB security policy, please visit the link:

http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-ssl-security-policy.html

The classic load balancer provided by Amazon Web Services (AWS) no longer supports SSL 3.0 and SSL 2.0 protocols. Therefore, options A and B are correct answers to this question.

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols used to secure network communication. SSL 2.0 and SSL 3.0 were early versions of SSL and have known vulnerabilities, including POODLE (Padding Oracle On Downgraded Legacy Encryption) attack, which makes them insecure.

On the other hand, TLS 1.1 and TLS 1.2 are newer versions of TLS and provide better security. However, the classic load balancer still supports TLS 1.1 and TLS 1.2, so option C and D are incorrect answers to this question.

It is important to note that AWS provides the Application Load Balancer and the Network Load Balancer, which support newer versions of TLS, including TLS 1.3, and provide more advanced features for load balancing in AWS. Therefore, it is recommended to use one of these load balancers instead of the classic load balancer for better security and functionality.