AWS Certified Advanced Networking - Specialty Exam: SSL Negotiation Configuration Security Policy

SSL Negotiation Configuration Security Policy

Prev Question Next Question

Question

A user has configured Elastic Load Balancing by enabling a Secure Socket Layer - SSL.

Negotiation Configuration known as a Security Policy.

Which of the below mentioned options is not part of this secure policy while negotiating the SSL connection between the user and the client?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - B.

If you see the AWS documentation for all possible SSL options in the below link you will see that SSL Protocols, SSL Ciphers and Server Order Preference are all part of the pre-defined policies.

Only Client Order Preference is not present.

For more information on Secure ELB, please visit the link:

http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.html
Security Policy 2016-08 2015-05 2015-03 2015-02 2014-10 2014-01 2011-08

SSL Protocols

Protocol-SSLv3 . .
Protocol-TLSv1 . . . . . . .
Protocol-TLSv1.1 . . . . . .
Protocol-TLSv1.2 . . . . . .

SSL Options

Server Order Preference ’ . . . . .

SSL Ciphers

ECDHE-ECDSA-AES128-GCM-SHA256 + . . . . .
ECDHE-RSA-AES128-GCM-SHA256 ’ . . . . .

ECDHE-ECDSA-AES128-SHA256 . . . . . .

When an SSL connection is established between a client and a server, the two parties negotiate various parameters to ensure a secure connection. These parameters include the SSL protocol version, SSL cipher suites, and other security options.

In the context of Elastic Load Balancing (ELB) on AWS, a security policy is a set of SSL/TLS options that ELB uses to negotiate SSL connections between clients and backend servers. When the user enables SSL on ELB, they can choose a security policy that best meets their security requirements.

The security policy includes the following four components:

A. SSL protocols: These are the versions of SSL/TLS that the server and client support. The security policy specifies the allowed SSL protocols that the client and server can use during the SSL handshake.

B. Client order preference: This specifies the order in which the client should use SSL protocols and cipher suites during the SSL handshake.

C. SSL ciphers: These are the algorithms used to encrypt the SSL connection. The security policy specifies the allowed SSL ciphers that the client and server can use during the SSL handshake.

D. Server order preference: This specifies the order in which the server should use SSL protocols and cipher suites during the SSL handshake.

Therefore, option B, which mentions the client order preference, is not part of the secure policy for negotiating SSL connections between the user and the client. The client order preference is part of the client's SSL negotiation process and is not controlled by the server.

In summary, the security policy used in ELB determines which SSL protocols and cipher suites are used during the SSL handshake between the server and client. It does not specify the order in which the client should use SSL protocols and cipher suites.