Las traducciones son generadas a través de traducción automática. En caso de conflicto entre la traducción y la version original de inglés, prevalecerá la version en inglés.
# Políticas de seguridad para el equilibrador de carga de red
Al crear un agente de escucha TLS, debe seleccionar una política de seguridad. Una política de seguridad determina qué cifrados y protocolos se admiten durante las negociaciones SSL entre el equilibrador de carga y los clientes. Puede actualizar la política de seguridad del equilibrador de carga si cambian sus requisitos, o cuando publicamos una nueva política de seguridad. Para obtener más información, consulte [Actualizar la política de seguridad](listener-update-certificates.md#update-security-policy).
**Consideraciones**
+ Un oyente TLS requiere una política de seguridad. Si no especifica una política de seguridad al crear el oyente, se usará la política de seguridad predeterminada. La política de seguridad predeterminada depende de cómo haya creado el oyente TLS:
+ **Consola**: la política de seguridad predeterminada es `ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09`.
+ **Otros métodos** (por ejemplo, el AWS CLI AWS CloudFormation, y el AWS CDK): la política de seguridad predeterminada es`ELBSecurityPolicy-2016-08`.
+ Las políticas de seguridad con PQ en sus nombres ofrecen un intercambio de claves híbrido poscuántico. Por motivos de compatibilidad, son compatibles con los algoritmos de intercambio de claves ML-KEM clásicos y poscuánticos. Los clientes deben admitir el intercambio de claves ML-KEM para utilizar el TLS poscuántico híbrido para el intercambio de claves. Las políticas poscuánticas híbridas admiten los algoritmos MLKEM768 SeCP256R1, SeCP384R1 y X25519. MLKEM1024 MLKEM768 Para obtener más [información, consulte](https://aws.amazon.com/security/post-quantum-cryptography/) Criptografía poscuántica.
+ AWS recomienda implementar la nueva política de seguridad basada en el TLS poscuántico (PQ-TLS) o. `ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-2-FIPS-PQ-2025-09` Esta política garantiza la compatibilidad con versiones anteriores al ofrecer soporte a los clientes capaces de negociar el PQ-TLS híbrido, el TLS 1.3 o el TLS 1.2 únicamente, lo que minimiza las interrupciones del servicio durante la transición a la criptografía poscuántica. Puede migrar progresivamente a políticas de seguridad más restrictivas a medida que las aplicaciones de sus clientes desarrollen la capacidad de negociar el PQ-TLS para las operaciones de intercambio de claves.
+ Puede habilitar los registros de acceso para obtener información sobre las solicitudes TLS enviadas al equilibrador de carga de red, analizar patrones de tráfico TLS, administrar actualizaciones de políticas de seguridad y solucionar problemas. Habilite el registro de acceso del equilibrador de carga y examine las entradas del registro de acceso correspondientes. Para obtener más información, consulte [Registros de acceso](load-balancer-access-logs.md) y [Consultas de ejemplo del equilibrador de carga de red](https://docs.aws.amazon.com/athena/latest/ug/networkloadbalancer-classic-logs.html#query-nlb-example).
+ Para ver la versión del protocolo TLS (posición del campo de registro 5) y el intercambio de claves (posición del campo de registro 13) para las solicitudes de acceso a su balanceador de cargas, habilite el registro de acceso y examine las entradas de registro correspondientes. Para obtener más información, consulte [Access logs](load-balancer-access-logs.md).
+ Puedes restringir las políticas de seguridad que están disponibles para los usuarios en todas tus políticas de IAM Cuentas de AWS y control de servicios () y AWS Organizations mediante ellas mediante [las claves de condición de Elastic Load Balancing](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/security_iam_service-with-iam.html) en tus políticas de IAM y de control de servicios (SCPs), respectivamente. Para obtener más información, consulte [las políticas de control de servicios (SCPs)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html) en la *Guía del AWS Organizations usuario*.
+ Las políticas que admiten únicamente TLS 1.3 son compatibles con el secreto directo (FS). Las políticas que admiten TLS 1.3 y TLS 1.2 y que incluyen únicamente cifrados de la forma TLS\$1\$1 y ECDHE\$1\$1 también proporcionan secreto directo (FS).
+ Los equilibradores de carga de red admiten la extensión Extended Master Secret (EMS) para TLS 1.2.
**Conexiones de backend**
Puede seleccionar la política de seguridad que se utiliza para las conexiones frontend, pero no para las conexiones backend. La política de seguridad de las conexiones de backend depende de la política de seguridad del oyente. Si alguno de sus oyentes usa:
+ **Política TLS poscuántica del FIPS:** uso de conexiones de backend `ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09`
+ **Política FIPS**: uso de conexiones de backend `ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04`
+ **Política de TLS posterior a Quantum: uso de conexiones de backend** `ELBSecurityPolicy-TLS13-1-0-PQ-2025-09`
+ **Política de TLS 1.3**: uso de conexiones de backend `ELBSecurityPolicy-TLS13-1-0-2021-06`
+ Todas las demás políticas de TLS que utilizan las conexiones de backend `ELBSecurityPolicy-2016-08`
Puede describir los protocolos y los cifrados mediante el [describe-ssl-policies](https://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-ssl-policies.html) AWS CLI comando o consultar las tablas siguientes.
**Contents**
+ [Políticas de seguridad de TLS](#tls-security-policies)
+ [Protocolos por política](#tls-protocols)
+ [Cifrados por política](#tls-policy-ciphers)
+ [Políticas por cifrado](#tls-cipher-policies)
+ [Políticas de seguridad FIPS](#fips-security-policies)
+ [Protocolos por política](#fips-protocols)
+ [Cifrados por política](#fips-policy-ciphers)
+ [Políticas por cifrado](#fips-cipher-policies)
+ [Políticas de seguridad FS admitidas](#fs-security-policies)
+ [Protocolos por política](#fs-protocols)
+ [Cifrados por política](#fs-policy-ciphers)
+ [Políticas por cifrado](#fs-cipher-policies)
## Políticas de seguridad de TLS
Puede utilizar las políticas de seguridad de TLS para ajustarse a los estándares de seguridad y conformidad que requieren que se deshabiliten ciertas versiones del protocolo TLS, o bien para admitir clientes heredados que requieren cifrados obsoletos.
Las políticas que admiten únicamente TLS 1.3 son compatibles con el secreto directo (FS). Las políticas que admiten TLS 1.3 y TLS 1.2 y que incluyen únicamente cifrados de la forma TLS\$1\$1 y ECDHE\$1\$1 también proporcionan secreto directo (FS).
**Topics**
+ [Protocolos por política](#tls-protocols)
+ [Cifrados por política](#tls-policy-ciphers)
+ [Políticas por cifrado](#tls-cipher-policies)
### Protocolos por política
En la siguiente tabla se detallan los protocolos que admite cada política de seguridad TLS.
| Políticas de seguridad | TLS 1.3 | TLS 1.2 | TLS 1.1 | TLS 1.0 |
| --- | --- | --- | --- | --- |
| ELBSecurityPolítica- -1-3-2021-06 TLS13 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-3-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-2-2021-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-2-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-2-Res-2021-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-2-RES-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-2-Ext2-2021-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-2-EXT2-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-2-Ext1-2021-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-2-Ext1-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-1-2021-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-0-2021-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí |
| ELBSecurityPolítica- TLS13 -1-0-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí |
| ELBSecurityPolítica-TLS-1-2-EXT-2018-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica-TLS-1-2-2017-01 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica-TLS-1-1-2017-01 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica-2016-08 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí |
| ELBSecurityPolítica-2015-05 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí |
### Cifrados por política
En la siguiente tabla se detallan los cifrados que admite cada política de seguridad TLS.
| Política de seguridad | Cifrados |
| --- | --- |
| ELBSecurityPolítica- -1-3-2021-06 TLS13 ELBSecurityPolítica- TLS13 -1-3-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityPolítica- -1-2-2021-06 TLS13 ELBSecurityPolítica- TLS13 -1-2-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityPolítica- -1-2-Res-2021-06 TLS13 ELBSecurityPolítica- TLS13 -1-2-RES-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityPolítica- TLS13 -1-2-Ext2-2021-06 ELBSecurityPolítica- TLS13 -1-2-EXT2-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityPolítica- -1-2-Ext1-2021-06 TLS13 ELBSecurityPolítica- TLS13 -1-2-Ext1-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityPolítica- -1-1-2021-06 TLS13 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityPolítica- -1-0-2021-06 TLS13 ELBSecurityPolítica- TLS13 -1-0-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityPolítica-TLS-1-2-EXT-2018-06 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityPolítica-TLS-1-2-2017-01 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityPolítica-TLS-1-1-2017-01 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityPolítica-2016-08 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityPolítica-2015-05 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
### Políticas por cifrado
En la siguiente tabla se detallan las políticas de seguridad TLS que admiten cada cifrado.
| Nombre del cifrado | Políticas de seguridad | Conjunto de cifrado |
| --- | --- | --- |
| **OpenSSL**: TLS\$1AES\$1128\$1GCM\$1 SHA256 **IANA** — TLS\$1AES\$1128\$1GCM\$1 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 1301 |
| **OpenSSL**: TLS\$1AES\$1256\$1GCM\$1 SHA384 **IANA** — TLS\$1AES\$1256\$1GCM\$1 SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 1302 |
| **OpenSSL — TLS\$1** \$1 \$1 CHACHA20 POLY1305 SHA256 **IANA** — TLS\$1\$1\$1 CHACHA20 POLY1305 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 1303 |
| **OpenSSL — 128-GCM** - ECDHE-ECDSA-AES SHA256 IANA — **TLS\$1ECDHE\$1ECDSA\$1CON\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c02b |
| **OpenSSL — 128-GCM** - ECDHE-RSA-AES SHA256 IANA — **TLS\$1ECDHE\$1RSA\$1CON\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c02f |
| **OpenSSL —** 128- ECDHE-ECDSA-AES SHA256 **IANA** — TLS\$1ECDHE\$1ECDSA\$1CON\$1AES\$1128\$1CBC\$1 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c023 |
| **OpenSSL —** 128- ECDHE-RSA-AES SHA256 **IANA** — TLS\$1ECDHE\$1RSA\$1CON\$1AES\$1128\$1CBC\$1 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c027 |
| ** ECDHE-ECDSA-AESOpenSSL**: 128-SHA **IANA**: TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1128\$1CBC\$1SHA | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c009 |
| ** ECDHE-RSA-AESOpenSSL**: 128-SHA **IANA**: TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1SHA | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c013 |
| **OpenSSL — 256-GCM** - ECDHE-ECDSA-AES SHA384 IANA — **TLS\$1ECDHE\$1ECDSA\$1CON\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c02c |
| **OpenSSL — 256-GCM** - ECDHE-RSA-AES SHA384 IANA — **TLS\$1ECDHE\$1RSA\$1CON\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c030 |
| **OpenSSL —** 256- ECDHE-ECDSA-AES SHA384 **IANA** — TLS\$1ECDHE\$1ECDSA\$1CON\$1AES\$1256\$1CBC\$1 SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c024 |
| **OpenSSL —** 256- ECDHE-RSA-AES SHA384 **IANA** — TLS\$1ECDHE\$1RSA\$1CON\$1AES\$1256\$1CBC\$1 SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c028 |
| ** ECDHE-ECDSA-AESOpenSSL**: 256-SHA **IANA**: TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1256\$1CBC\$1SHA | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c00a |
| ** ECDHE-RSA-AESOpenSSL**: 256-SHA **IANA**: TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1SHA | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c014 |
| **OpenSSL —** -GCM- AES128 SHA256 **IANA — TLS\$1RSA\$1CON\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 9c |
| **OpenSSL —** - AES128 SHA256 **IANA** — TLS\$1RSA\$1CON\$1AES\$1128\$1CBC\$1 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 3c |
| **OpenSSL — SHA** AES128 **IANA**: TLS\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1SHA | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 2f |
| **OpenSSL —** -GCM- AES256 SHA384 **IANA — TLS\$1RSA\$1CON\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 9d |
| **OpenSSL —** - AES256 SHA256 **IANA** — TLS\$1RSA\$1CON\$1AES\$1256\$1CBC\$1 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 3d |
| **OpenSSL — SHA** AES256 **IANA**: TLS\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1SHA | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 35 |
## Políticas de seguridad FIPS
El Estándar de procesamiento de la información federal (FIPS) es un estándar de seguridad de los gobiernos de EE. UU. y Canadá que especifica los requisitos de seguridad de los módulos criptográficos que protegen información confidencial. Para obtener más información, consulte [Estándar de procesamiento de la información federal (FIPS) 140](https://aws.amazon.com/compliance/fips/) en la página Conformidad de *Seguridad en la nube de AWS *.
Todas las políticas FIPS utilizan el módulo criptográfico AWS-LC validado para FIPS. Para obtener más información, consulte la página del [módulo criptográfico AWS-LC](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4631) en el sitio *NIST Cryptographic Module Validation Program*.
**importante**
Las políticas `ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04` y `ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04` se proporcionan únicamente para ofrecer compatibilidad con versiones heredadas. Si bien utilizan la criptografía FIPS mediante el FIPS140 módulo, es posible que no se ajusten a las directrices más recientes del NIST para la configuración de TLS.
**Topics**
+ [Protocolos por política](#fips-protocols)
+ [Cifrados por política](#fips-policy-ciphers)
+ [Políticas por cifrado](#fips-cipher-policies)
### Protocolos por política
En la siguiente tabla se detallan los protocolos que admite cada política de seguridad FIPS.
| Políticas de seguridad | TLS 1.3 | TLS 1.2 | TLS 1.1 | TLS 1.0 |
| --- | --- | --- | --- | --- |
| ELBSecurityTLS13Política- -1-3-FIPS-2023-04 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-3-FIPS-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-2-FIPS-2023-04 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-2-FIPS-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-2-RES-FIPS-2023-04 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-2-RES-FIPS-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-2-EXT2-FIPS-2023-04 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-2-EXT2-FIPS-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-2-EXT1-FIPS-2023-04 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-2-EXT1-FIPS-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-2-EXT0-FIPS-2023-04 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-2-EXT0-FIPS-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-1-FIPS-2023-04 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica- TLS13 -1-0-FIPS-2023-04 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí |
| ELBSecurityPolítica- TLS13 -1-0-FIPS-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí |
### Cifrados por política
En la siguiente tabla se detallan los cifrados que admite cada política de seguridad FIPS.
| Política de seguridad | Cifrados |
| --- | --- |
| ELBSecurityPolítica- TLS13 -1-3-FIPS-2023-04 ELBSecurityPolítica- TLS13 -1-3-FIPS-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityPolítica- -1-2-FIPS-2023-04 TLS13 ELBSecurityPolítica- TLS13 -1-2-FIPS-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityPolítica- -1-2-RES-FIPS-2023-04 TLS13 ELBSecurityPolítica- TLS13 -1-2-RES-FIPS-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityPolítica- TLS13 -1-2-EXT2-FIPS-2023-04 ELBSecurityPolítica- TLS13 -1-2-EXT2-FIPS-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityPolítica- -1-2-EXT1-FIPS-2023-04 TLS13 ELBSecurityPolítica- TLS13 -1-2-EXT1-FIPS-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityPolítica- -1-2-EXT0-FIPS-2023-04 TLS13 ELBSecurityPolítica- TLS13 -1-2-EXT0-FIPS-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityPolítica- -1-1-FIPS-2023-04 TLS13 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityPolítica- -1-0-FIPS-2023-04 TLS13 ELBSecurityPolítica- TLS13 -1-0-FIPS-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
### Políticas por cifrado
En la siguiente tabla se detallan las políticas de seguridad FIPS que admiten cada cifrado.
| Nombre del cifrado | Políticas de seguridad | Conjunto de cifrado |
| --- | --- | --- |
| **OpenSSL**: TLS\$1AES\$1128\$1GCM\$1 SHA256 **IANA** — TLS\$1AES\$1128\$1GCM\$1 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 1301 |
| **OpenSSL**: TLS\$1AES\$1256\$1GCM\$1 SHA384 **IANA** — TLS\$1AES\$1256\$1GCM\$1 SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 1302 |
| **OpenSSL — 128-GCM** - ECDHE-ECDSA-AES SHA256 IANA — **TLS\$1ECDHE\$1ECDSA\$1CON\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c02b |
| **OpenSSL — 128-GCM** - ECDHE-RSA-AES SHA256 IANA — **TLS\$1ECDHE\$1RSA\$1CON\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c02f |
| **OpenSSL —** 128- ECDHE-ECDSA-AES SHA256 **IANA** — TLS\$1ECDHE\$1ECDSA\$1CON\$1AES\$1128\$1CBC\$1 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c023 |
| **OpenSSL —** 128- ECDHE-RSA-AES SHA256 **IANA** — TLS\$1ECDHE\$1RSA\$1CON\$1AES\$1128\$1CBC\$1 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c027 |
| ** ECDHE-ECDSA-AESOpenSSL**: 128-SHA **IANA**: TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1128\$1CBC\$1SHA | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c009 |
| ** ECDHE-RSA-AESOpenSSL**: 128-SHA **IANA**: TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1SHA | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c013 |
| **OpenSSL — 256-GCM** - ECDHE-ECDSA-AES SHA384 IANA — **TLS\$1ECDHE\$1ECDSA\$1CON\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c02c |
| **OpenSSL — 256-GCM** - ECDHE-RSA-AES SHA384 IANA — **TLS\$1ECDHE\$1RSA\$1CON\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c030 |
| **OpenSSL —** 256- ECDHE-ECDSA-AES SHA384 **IANA** — TLS\$1ECDHE\$1ECDSA\$1CON\$1AES\$1256\$1CBC\$1 SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c024 |
| **OpenSSL —** 256- ECDHE-RSA-AES SHA384 **IANA** — TLS\$1ECDHE\$1RSA\$1CON\$1AES\$1256\$1CBC\$1 SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c028 |
| ** ECDHE-ECDSA-AESOpenSSL**: 256-SHA **IANA**: TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1256\$1CBC\$1SHA | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c00a |
| ** ECDHE-RSA-AESOpenSSL**: 256-SHA **IANA**: TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1SHA | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c014 |
| **OpenSSL —** -GCM- AES128 SHA256 **IANA — TLS\$1RSA\$1CON\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 9c |
| **OpenSSL —** - AES128 SHA256 **IANA** — TLS\$1RSA\$1CON\$1AES\$1128\$1CBC\$1 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 3c |
| **OpenSSL — SHA** AES128 **IANA**: TLS\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1SHA | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 2f |
| **OpenSSL —** -GCM- AES256 SHA384 **IANA — TLS\$1RSA\$1CON\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 9d |
| **OpenSSL —** - AES256 SHA256 **IANA** — TLS\$1RSA\$1CON\$1AES\$1256\$1CBC\$1 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 3d |
| **OpenSSL — SHA** AES256 **IANA**: TLS\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1SHA | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 35 |
## Políticas de seguridad FS admitidas
Las políticas de seguridad compatibles con FS (secreto hacia adelante) proporcionan protecciones adicionales contra el espionaje de datos cifrados mediante el uso de una clave de sesión aleatoria única. Esto impide la decodificación de los datos capturados, incluso si la clave secreta a largo plazo se ve comprometida.
Las políticas de esta sección son compatibles con el secreto directo (FS) y “FS” está incluido en sus nombres. Sin embargo, estas no son las únicas políticas que admiten secreto directo (FS). Las políticas que admiten únicamente TLS 1.3 son compatibles con el secreto directo (FS). Las políticas que admiten TLS 1.3 y TLS 1.2 y que incluyen únicamente cifrados de la forma TLS\$1\$1 y ECDHE\$1\$1 también proporcionan secreto directo (FS).
**Topics**
+ [Protocolos por política](#fs-protocols)
+ [Cifrados por política](#fs-policy-ciphers)
+ [Políticas por cifrado](#fs-cipher-policies)
### Protocolos por política
En la siguiente tabla se detallan los protocolos que admite cada política de seguridad FS admitida.
| Políticas de seguridad | TLS 1.3 | TLS 1.2 | TLS 1.1 | TLS 1.0 |
| --- | --- | --- | --- | --- |
| ELBSecurityPolítica-FS-1-2-RES-2020-10 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica-FS-1-2-RES-2019-08 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica-FS-1-2-2019-08 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica-FS-1-1-2019-08 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No |
| ELBSecurityPolítica-FS-2018-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí | ![\[alt text not found\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/images/success_icon.svg) Sí |
### Cifrados por política
En la siguiente tabla se detallan los cifrados que admite cada política de seguridad FS admitida.
| Política de seguridad | Cifrados |
| --- | --- |
| ELBSecurityPolítica-FS-1-2-RES-2020-10 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityPolítica-FS-1-2-RES-2019-08 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityPolítica-FS-1-2-2019-08 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityPolítica-FS-1-1-2019-08 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityPolítica-FS-2018-06 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
### Políticas por cifrado
En la siguiente tabla se detallan las políticas de seguridad FS admitidas que admiten cada cifrado.
| Nombre del cifrado | Políticas de seguridad | Conjunto de cifrado |
| --- | --- | --- |
| **OpenSSL — 128-GCM** - ECDHE-ECDSA-AES SHA256 IANA — **TLS\$1ECDHE\$1ECDSA\$1CON\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c02b |
| **OpenSSL — 128-GCM** - ECDHE-RSA-AES SHA256 IANA — **TLS\$1ECDHE\$1RSA\$1CON\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c02f |
| **OpenSSL —** 128- ECDHE-ECDSA-AES SHA256 **IANA** — TLS\$1ECDHE\$1ECDSA\$1CON\$1AES\$1128\$1CBC\$1 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c023 |
| **OpenSSL —** 128- ECDHE-RSA-AES SHA256 **IANA** — TLS\$1ECDHE\$1RSA\$1CON\$1AES\$1128\$1CBC\$1 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c027 |
| ** ECDHE-ECDSA-AESOpenSSL**: 128-SHA **IANA**: TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1128\$1CBC\$1SHA | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c009 |
| ** ECDHE-RSA-AESOpenSSL**: 128-SHA **IANA**: TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1SHA | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c013 |
| **OpenSSL — 256-GCM** - ECDHE-ECDSA-AES SHA384 IANA — **TLS\$1ECDHE\$1ECDSA\$1CON\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c02c |
| **OpenSSL — 256-GCM** - ECDHE-RSA-AES SHA384 IANA — **TLS\$1ECDHE\$1RSA\$1CON\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c030 |
| **OpenSSL —** 256- ECDHE-ECDSA-AES SHA384 **IANA** — TLS\$1ECDHE\$1ECDSA\$1CON\$1AES\$1256\$1CBC\$1 SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c024 |
| **OpenSSL —** 256- ECDHE-RSA-AES SHA384 **IANA** — TLS\$1ECDHE\$1RSA\$1CON\$1AES\$1256\$1CBC\$1 SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c028 |
| ** ECDHE-ECDSA-AESOpenSSL**: 256-SHA **IANA**: TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1256\$1CBC\$1SHA | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c00a |
| ** ECDHE-RSA-AESOpenSSL**: 256-SHA **IANA**: TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1SHA | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/es_es/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c014 |