Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
# Kebijakan keamanan untuk Network Load Balancer
Ketika Anda membuat pendengar TLS, Anda harus memilih kebijakan keamanan. Kebijakan keamanan menentukan sandi dan protokol mana yang didukung selama negosiasi SSL antara penyeimbang beban dan klien Anda. Anda dapat memperbarui kebijakan keamanan untuk penyeimbang beban jika persyaratan Anda berubah atau saat kami merilis kebijakan keamanan baru. Untuk informasi selengkapnya, lihat [Memperbarui kebijakan keamanan](listener-update-certificates.md#update-security-policy).
**Pertimbangan**
+ Pendengar TLS memerlukan kebijakan keamanan. Jika Anda tidak menentukan kebijakan keamanan saat membuat listener, kami menggunakan kebijakan keamanan default. Kebijakan keamanan default bergantung pada cara Anda membuat listener TLS:
+ **Konsol** — Kebijakan keamanan default adalah`ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09`.
+ **Metode lain** (misalnya, AWS CLI, AWS CloudFormation, dan AWS CDK) — Kebijakan keamanan default adalah`ELBSecurityPolicy-2016-08`.
+ Kebijakan keamanan dengan PQ dalam nama mereka menawarkan pertukaran kunci pasca-kuantum hibrida. Untuk kompatibilitas, mereka mendukung algoritma pertukaran kunci ML-KEM klasik dan pasca-kuantum. Klien harus mendukung pertukaran kunci ML-KEM untuk menggunakan TLS pasca-kuantum hibrida untuk pertukaran kunci. Kebijakan pasca-kuantum hibrida mendukung algoritma Secp256R1, Secp384r1 dan MLKEM768 X25519. MLKEM1024 MLKEM768 Untuk informasi lebih lanjut, lihat [Post-Quantum Cryptography](https://aws.amazon.com/security/post-quantum-cryptography/).
+ AWS merekomendasikan penerapan kebijakan keamanan berbasis TLS pasca-kuantum (PQ-TLS) baru atau. `ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-2-FIPS-PQ-2025-09` Kebijakan ini memastikan kompatibilitas mundur dengan mendukung klien yang mampu menegosiasikan hybrid PQ-TLS, TLS 1.3 saja, atau TLS 1.2 saja, sehingga meminimalkan gangguan layanan selama transisi ke kriptografi pasca-kuantum. Anda dapat bermigrasi secara progresif ke kebijakan keamanan yang lebih ketat saat aplikasi klien Anda mengembangkan kemampuan untuk menegosiasikan PQ-TLS untuk operasi pertukaran kunci.
+ Anda dapat mengaktifkan log akses untuk informasi tentang permintaan TLS yang dikirim ke Network Load Balancer, menganalisis pola lalu lintas TLS, mengelola peningkatan kebijakan keamanan, dan memecahkan masalah. Aktifkan pencatatan akses untuk penyeimbang beban Anda dan periksa entri log akses yang sesuai. Untuk informasi selengkapnya, lihat [Access log](load-balancer-access-logs.md) dan [Contoh Query Network Load Balancer](https://docs.aws.amazon.com/athena/latest/ug/networkloadbalancer-classic-logs.html#query-nlb-example).
+ Untuk melihat versi protokol TLS (posisi bidang log 5) dan pertukaran kunci (posisi bidang log 13) untuk permintaan akses ke penyeimbang beban Anda, aktifkan pencatatan akses dan periksa entri log yang sesuai. Untuk informasi selengkapnya, lihat [Log akses](load-balancer-access-logs.md).
+ Anda dapat membatasi kebijakan keamanan yang tersedia untuk pengguna di seluruh Anda Akun AWS dan AWS Organizations dengan menggunakan kunci [kondisi Elastic Load Balancing](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/security_iam_service-with-iam.html) di IAM dan kebijakan kontrol layanan SCPs (), masing-masing. Untuk informasi selengkapnya, lihat [Kebijakan kontrol layanan (SCPs)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html) di *Panduan AWS Organizations Pengguna*.
+ Kebijakan yang hanya mendukung TLS 1.3 mendukung Forward Secrecy (FS). Kebijakan yang mendukung TLS 1.3 dan TLS 1.2 yang hanya memiliki cipher dari bentuk TLS\$1\$1 dan ECDHE\$1\$1 juga menyediakan FS.
+ Network Load Balancers mendukung ekstensi Extended Master Secret (EMS) untuk TLS 1.2.
**Koneksi Backend**
Anda dapat memilih kebijakan keamanan yang digunakan untuk koneksi front-end, tetapi tidak koneksi backend. Kebijakan keamanan untuk koneksi backend bergantung pada kebijakan keamanan pendengar. Jika ada pendengar Anda yang menggunakan:
+ **Kebijakan TLS pasca-kuantum FIPS** - Koneksi backend digunakan `ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09`
+ **Kebijakan FIPS - Koneksi** backend digunakan `ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04`
+ **Kebijakan TLS pasca-kuantum - Koneksi** backend digunakan `ELBSecurityPolicy-TLS13-1-0-PQ-2025-09`
+ **Kebijakan TLS 1.3 - Koneksi** backend digunakan `ELBSecurityPolicy-TLS13-1-0-2021-06`
+ Semua kebijakan TLS lainnya menggunakan koneksi backend `ELBSecurityPolicy-2016-08`
Anda dapat menggambarkan protokol dan cipher menggunakan [describe-ssl-policies](https://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-ssl-policies.html) AWS CLI perintah, atau merujuk ke tabel di bawah ini.
**Contents**
+ [Kebijakan keamanan TLS](#tls-security-policies)
+ [Protokol berdasarkan kebijakan](#tls-protocols)
+ [Cipher berdasarkan kebijakan](#tls-policy-ciphers)
+ [Kebijakan oleh cipher](#tls-cipher-policies)
+ [Kebijakan keamanan FIPS](#fips-security-policies)
+ [Protokol berdasarkan kebijakan](#fips-protocols)
+ [Cipher berdasarkan kebijakan](#fips-policy-ciphers)
+ [Kebijakan oleh cipher](#fips-cipher-policies)
+ [FS mendukung kebijakan keamanan](#fs-security-policies)
+ [Protokol berdasarkan kebijakan](#fs-protocols)
+ [Cipher berdasarkan kebijakan](#fs-policy-ciphers)
+ [Kebijakan oleh cipher](#fs-cipher-policies)
## Kebijakan keamanan TLS
Anda dapat menggunakan kebijakan keamanan TLS untuk memenuhi standar kepatuhan dan keamanan yang mengharuskan menonaktifkan versi protokol TLS tertentu, atau untuk mendukung klien lama yang memerlukan cipher usang.
Kebijakan yang hanya mendukung TLS 1.3 mendukung Forward Secrecy (FS). Kebijakan yang mendukung TLS 1.3 dan TLS 1.2 yang hanya memiliki cipher dari bentuk TLS\$1\$1 dan ECDHE\$1\$1 juga menyediakan FS.
**Topics**
+ [Protokol berdasarkan kebijakan](#tls-protocols)
+ [Cipher berdasarkan kebijakan](#tls-policy-ciphers)
+ [Kebijakan oleh cipher](#tls-cipher-policies)
### Protokol berdasarkan kebijakan
Tabel berikut menjelaskan protokol yang didukung oleh setiap kebijakan keamanan TLS.
| Kebijakan Keamanan | TLS 1.3 | TLS 1.2 | TLS 1.1 | TLS 1.0 |
| --- | --- | --- | --- | --- |
| ELBSecurityKebijakan- TLS13 -1-3-2021-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-3-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-2-2021-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-2-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-2-Re-2021-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-2-RES-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-2-Ext2-2021-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-2-Ext2-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-2-Ext1-2021-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-2-EXT1-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-1-2021-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-0-2021-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya |
| ELBSecurityKebijakan- TLS13 -1-0-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya |
| ELBSecurityKebijakan-TLS-1-2-EXT-2018-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan-TLS-1-2-2017-01 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan-TLS-1-1-2017-01 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan-2016-08 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya |
| ELBSecurityKebijakan-2015-05 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya |
### Cipher berdasarkan kebijakan
Tabel berikut menjelaskan cipher yang didukung oleh setiap kebijakan keamanan TLS.
| Kebijakan keamanan | Cipher |
| --- | --- |
| ELBSecurityKebijakan- TLS13 -1-3-2021-06 ELBSecurityKebijakan- TLS13 -1-3-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityKebijakan- TLS13 -1-2-2021-06 ELBSecurityKebijakan- TLS13 -1-2-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityKebijakan- TLS13 -1-2-Re-2021-06 ELBSecurityKebijakan- TLS13 -1-2-RES-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityKebijakan- TLS13 -1-2-Ext2-2021-06 ELBSecurityKebijakan- TLS13 -1-2-Ext2-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityKebijakan- TLS13 -1-2-Ext1-2021-06 ELBSecurityKebijakan- TLS13 -1-2-EXT1-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityKebijakan- TLS13 -1-1-2021-06 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityKebijakan- TLS13 -1-0-2021-06 ELBSecurityKebijakan- TLS13 -1-0-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityKebijakan-TLS-1-2-EXT-2018-06 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityKebijakan-TLS-1-2-2017-01 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityKebijakan-TLS-1-1-2017-01 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityKebijakan-2016-08 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityKebijakan-2015-05 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
### Kebijakan oleh cipher
Tabel berikut menjelaskan kebijakan keamanan TLS yang mendukung setiap cipher.
| Nama sandi | Kebijakan Keamanan | Rangkaian Penyandian |
| --- | --- | --- |
| **OpenSSL** — TLS\$1AES\$1128\$1GCM\$1 SHA256 **IANA — TLS\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 1301 |
| **OpenSSL** — TLS\$1AES\$1256\$1GCM\$1 SHA384 **IANA — TLS\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 1302 |
| **OpenSSL** - TLS \$1 \$1 \$1 CHACHA20 POLY1305 SHA256 **IANA** - TLS\$1 \$1 \$1 CHACHA20 POLY1305 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 1303 |
| ** ECDHE-ECDSA-AESOpenSSL** - 128-GCM- SHA256 **IANA — TLS\$1ECDHE\$1ECDSA\$1DENGAN\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c02b |
| ** ECDHE-RSA-AESOpenSSL** - 128-GCM- SHA256 **IANA — TLS\$1ECDHE\$1RSA\$1DENGAN\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c02f |
| ** ECDHE-ECDSA-AESOpenSSL** - 128- SHA256 **IANA — TLS\$1ECDHE\$1ECDSA\$1DENGAN\$1AES\$1128\$1CBC\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c023 |
| ** ECDHE-RSA-AESOpenSSL** - 128- SHA256 **IANA — TLS\$1ECDHE\$1RSA\$1DENGAN\$1AES\$1128\$1CBC\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c027 |
| **OpenSSL** — ECDHE-ECDSA-AES 128-SHA **IANA — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1128\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c009 |
| **OpenSSL** — ECDHE-RSA-AES 128-SHA **IANA — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c013 |
| ** ECDHE-ECDSA-AESOpenSSL** - 256-GCM- SHA384 **IANA — TLS\$1ECDHE\$1ECDSA\$1DENGAN\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c02c |
| ** ECDHE-RSA-AESOpenSSL** - 256-GCM- SHA384 **IANA — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c030 |
| ** ECDHE-ECDSA-AESOpenSSL** — 256- SHA384 **IANA — TLS\$1ECDHE\$1ECDSA\$1DENGAN\$1AES\$1256\$1CBC\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c024 |
| ** ECDHE-RSA-AESOpenSSL** — 256- SHA384 **IANA — TLS\$1ECDHE\$1RSA\$1DENGAN\$1AES\$1256\$1CBC\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c028 |
| **OpenSSL** — ECDHE-ECDSA-AES 256-SHA **IANA — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1256\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c00a |
| **OpenSSL** — ECDHE-RSA-AES 256-SHA **IANA — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c014 |
| ** AES128OpenSSL** — -GCM- SHA256 **IANA — TLS\$1RSA\$1WITH\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 9c |
| ** AES128OpenSSL** — - SHA256 **IANA — TLS\$1RSA\$1DENGAN\$1AES\$1128\$1CBC\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 3c |
| **OpenSSL** — AES128 -SHA **IANA — TLS\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 2f |
| ** AES256OpenSSL** — -GCM- SHA384 **IANA — TLS\$1RSA\$1WITH\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 9d |
| ** AES256OpenSSL** — - SHA256 **IANA — TLS\$1RSA\$1DENGAN\$1AES\$1256\$1CBC\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 3d |
| **OpenSSL** — AES256 -SHA **IANA — TLS\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 35 |
## Kebijakan keamanan FIPS
Federal Information Processing Standard (FIPS) adalah standar pemerintah AS dan Kanada yang menetapkan persyaratan keamanan untuk modul kriptografi yang melindungi informasi sensitif. Untuk mempelajari lebih lanjut, lihat [Federal Information Processing Standard (FIPS) 140](https://aws.amazon.com/compliance/fips/) di halaman *Kepatuhan Keamanan AWS Cloud*.
Semua kebijakan FIPS memanfaatkan modul kriptografi yang divalidasi AWS-LC FIPS. Untuk mempelajari lebih lanjut, lihat halaman [Modul Kriptografi AWS-LC di situs Program Validasi Modul](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4631) *Kriptografi NIST*.
**penting**
Kebijakan `ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04` dan `ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04` disediakan hanya untuk kompatibilitas lama. Meskipun mereka menggunakan kriptografi FIPS menggunakan FIPS140 modul, mereka mungkin tidak sesuai dengan panduan NIST terbaru untuk konfigurasi TLS.
**Topics**
+ [Protokol berdasarkan kebijakan](#fips-protocols)
+ [Cipher berdasarkan kebijakan](#fips-policy-ciphers)
+ [Kebijakan oleh cipher](#fips-cipher-policies)
### Protokol berdasarkan kebijakan
Tabel berikut menjelaskan protokol yang didukung oleh setiap kebijakan keamanan FIPS.
| Kebijakan Keamanan | TLS 1.3 | TLS 1.2 | TLS 1.1 | TLS 1.0 |
| --- | --- | --- | --- | --- |
| ELBSecurityKebijakan- TLS13 -1-3-FIPS-2023-04 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-3-FIPS-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-2-FIPS-2023-04 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-2-FIPS-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-2-RES-FIPS-2023-04 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-2-RES-FIPS-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-2-EXT2-FIPS-2023-04 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-2-EXT2-FIPS-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-2-EXT1-FIPS-2023-04 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-2-EXT1-FIPS-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-2-EXT0-FIPS-2023-04 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-2-EXT0-FIPS-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-1-FIPS-2023-04 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan- TLS13 -1-0-FIPS-2023-04 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya |
| ELBSecurityKebijakan- TLS13 -1-0-FIPS-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya |
### Cipher berdasarkan kebijakan
Tabel berikut menjelaskan cipher yang didukung oleh setiap kebijakan keamanan FIPS.
| Kebijakan keamanan | Cipher |
| --- | --- |
| ELBSecurityKebijakan- TLS13 -1-3-FIPS-2023-04 ELBSecurityKebijakan- TLS13 -1-3-FIPS-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityKebijakan- TLS13 -1-2-FIPS-2023-04 ELBSecurityKebijakan- TLS13 -1-2-FIPS-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityKebijakan- TLS13 -1-2-RES-FIPS-2023-04 ELBSecurityKebijakan- TLS13 -1-2-RES-FIPS-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityKebijakan- TLS13 -1-2-EXT2-FIPS-2023-04 ELBSecurityKebijakan- TLS13 -1-2-EXT2-FIPS-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityKebijakan- TLS13 -1-2-EXT1-FIPS-2023-04 ELBSecurityKebijakan- TLS13 -1-2-EXT1-FIPS-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityKebijakan- TLS13 -1-2-EXT0-FIPS-2023-04 ELBSecurityKebijakan- TLS13 -1-2-EXT0-FIPS-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityKebijakan- TLS13 -1-1-FIPS-2023-04 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityKebijakan- TLS13 -1-0-FIPS-2023-04 ELBSecurityKebijakan- TLS13 -1-0-FIPS-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
### Kebijakan oleh cipher
Tabel berikut menjelaskan kebijakan keamanan FIPS yang mendukung setiap cipher.
| Nama sandi | Kebijakan Keamanan | Rangkaian Penyandian |
| --- | --- | --- |
| **OpenSSL** — TLS\$1AES\$1128\$1GCM\$1 SHA256 **IANA — TLS\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 1301 |
| **OpenSSL** — TLS\$1AES\$1256\$1GCM\$1 SHA384 **IANA — TLS\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 1302 |
| ** ECDHE-ECDSA-AESOpenSSL** - 128-GCM- SHA256 **IANA — TLS\$1ECDHE\$1ECDSA\$1DENGAN\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c02b |
| ** ECDHE-RSA-AESOpenSSL** - 128-GCM- SHA256 **IANA — TLS\$1ECDHE\$1RSA\$1DENGAN\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c02f |
| ** ECDHE-ECDSA-AESOpenSSL** - 128- SHA256 **IANA — TLS\$1ECDHE\$1ECDSA\$1DENGAN\$1AES\$1128\$1CBC\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c023 |
| ** ECDHE-RSA-AESOpenSSL** - 128- SHA256 **IANA — TLS\$1ECDHE\$1RSA\$1DENGAN\$1AES\$1128\$1CBC\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c027 |
| **OpenSSL** — ECDHE-ECDSA-AES 128-SHA **IANA — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1128\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c009 |
| **OpenSSL** — ECDHE-RSA-AES 128-SHA **IANA — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c013 |
| ** ECDHE-ECDSA-AESOpenSSL** - 256-GCM- SHA384 **IANA — TLS\$1ECDHE\$1ECDSA\$1DENGAN\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c02c |
| ** ECDHE-RSA-AESOpenSSL** - 256-GCM- SHA384 **IANA — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c030 |
| ** ECDHE-ECDSA-AESOpenSSL** — 256- SHA384 **IANA — TLS\$1ECDHE\$1ECDSA\$1DENGAN\$1AES\$1256\$1CBC\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c024 |
| ** ECDHE-RSA-AESOpenSSL** — 256- SHA384 **IANA — TLS\$1ECDHE\$1RSA\$1DENGAN\$1AES\$1256\$1CBC\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c028 |
| **OpenSSL** — ECDHE-ECDSA-AES 256-SHA **IANA — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1256\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c00a |
| **OpenSSL** — ECDHE-RSA-AES 256-SHA **IANA — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c014 |
| ** AES128OpenSSL** — -GCM- SHA256 **IANA — TLS\$1RSA\$1WITH\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 9c |
| ** AES128OpenSSL** — - SHA256 **IANA — TLS\$1RSA\$1DENGAN\$1AES\$1128\$1CBC\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 3c |
| **OpenSSL** — AES128 -SHA **IANA — TLS\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 2f |
| ** AES256OpenSSL** — -GCM- SHA384 **IANA — TLS\$1RSA\$1WITH\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 9d |
| ** AES256OpenSSL** — - SHA256 **IANA — TLS\$1RSA\$1DENGAN\$1AES\$1256\$1CBC\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 3d |
| **OpenSSL** — AES256 -SHA **IANA — TLS\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | 35 |
## FS mendukung kebijakan keamanan
Kebijakan keamanan yang didukung FS (Forward Secrecy) memberikan perlindungan tambahan terhadap penyadapan data terenkripsi, melalui penggunaan kunci sesi acak yang unik. Ini mencegah decoding data yang diambil, bahkan jika kunci rahasia jangka panjang dikompromikan.
Kebijakan di bagian ini mendukung FS, dan “FS” disertakan dalam nama mereka. Namun, ini bukan satu-satunya kebijakan yang mendukung FS. Kebijakan yang hanya mendukung TLS 1.3 mendukung FS. Kebijakan yang mendukung TLS 1.3 dan TLS 1.2 yang hanya memiliki cipher dari bentuk TLS\$1\$1 dan ECDHE\$1\$1 juga menyediakan FS.
**Topics**
+ [Protokol berdasarkan kebijakan](#fs-protocols)
+ [Cipher berdasarkan kebijakan](#fs-policy-ciphers)
+ [Kebijakan oleh cipher](#fs-cipher-policies)
### Protokol berdasarkan kebijakan
Tabel berikut menjelaskan protokol yang didukung oleh setiap kebijakan keamanan FS yang didukung.
| Kebijakan Keamanan | TLS 1.3 | TLS 1.2 | TLS 1.1 | TLS 1.0 |
| --- | --- | --- | --- | --- |
| ELBSecurityKebijakan-FS-1-2-RES-2020-10 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan-FS-1-2-RES-2019-08 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan-FS-1-2-2019-08 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan-FS-1-1-2019-08 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak |
| ELBSecurityKebijakan-FS-2018-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/negative_icon.svg) Tidak | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya | ![\[alt text not found\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/images/success_icon.svg) Ya |
### Cipher berdasarkan kebijakan
Tabel berikut menjelaskan sandi yang didukung oleh setiap kebijakan keamanan yang didukung FS.
| Kebijakan keamanan | Cipher |
| --- | --- |
| ELBSecurityKebijakan-FS-1-2-RES-2020-10 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityKebijakan-FS-1-2-RES-2019-08 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityKebijakan-FS-1-2-2019-08 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityKebijakan-FS-1-1-2019-08 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
| ELBSecurityKebijakan-FS-2018-06 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) |
### Kebijakan oleh cipher
Tabel berikut menjelaskan kebijakan keamanan yang didukung FS yang mendukung setiap cipher.
| Nama sandi | Kebijakan Keamanan | Rangkaian Penyandian |
| --- | --- | --- |
| ** ECDHE-ECDSA-AESOpenSSL** - 128-GCM- SHA256 **IANA — TLS\$1ECDHE\$1ECDSA\$1DENGAN\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c02b |
| ** ECDHE-RSA-AESOpenSSL** - 128-GCM- SHA256 **IANA — TLS\$1ECDHE\$1RSA\$1DENGAN\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c02f |
| ** ECDHE-ECDSA-AESOpenSSL** - 128- SHA256 **IANA — TLS\$1ECDHE\$1ECDSA\$1DENGAN\$1AES\$1128\$1CBC\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c023 |
| ** ECDHE-RSA-AESOpenSSL** - 128- SHA256 **IANA — TLS\$1ECDHE\$1RSA\$1DENGAN\$1AES\$1128\$1CBC\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c027 |
| **OpenSSL** — ECDHE-ECDSA-AES 128-SHA **IANA — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1128\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c009 |
| **OpenSSL** — ECDHE-RSA-AES 128-SHA **IANA — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c013 |
| ** ECDHE-ECDSA-AESOpenSSL** - 256-GCM- SHA384 **IANA — TLS\$1ECDHE\$1ECDSA\$1DENGAN\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c02c |
| ** ECDHE-RSA-AESOpenSSL** - 256-GCM- SHA384 **IANA — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c030 |
| ** ECDHE-ECDSA-AESOpenSSL** — 256- SHA384 **IANA — TLS\$1ECDHE\$1ECDSA\$1DENGAN\$1AES\$1256\$1CBC\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c024 |
| ** ECDHE-RSA-AESOpenSSL** — 256- SHA384 **IANA — TLS\$1ECDHE\$1RSA\$1DENGAN\$1AES\$1256\$1CBC\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c028 |
| **OpenSSL** — ECDHE-ECDSA-AES 256-SHA **IANA — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1256\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c00a |
| **OpenSSL** — ECDHE-RSA-AES 256-SHA **IANA — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/elasticloadbalancing/latest/network/describe-ssl-policies.html) | c014 |