Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.
# Politiche di sicurezza per il tuo Application Load Balancer
Elastic Load Balancing utilizza una configurazione di negoziazione Secure Socket Layer (SSL), nota come policy di sicurezza, per negoziare le connessioni SSL tra un client e il load balancer. Una policy di sicurezza è una combinazione di protocolli e codici. Il protocollo stabilisce una connessione sicura tra un client e un server e garantisce che tutti i dati trasmessi tra il client e il sistema di bilanciamento del carico siano privati. Un codice è un algoritmo di crittografia che utilizza chiavi di crittografia per creare un messaggio codificato. I protocolli utilizzano diversi codici per crittografare i dati su Internet. Durante il processo di negoziazione della connessione, il client e il sistema di bilanciamento del carico forniscono un elenco di crittografie e protocolli supportati, in ordine di preferenza. Per impostazione predefinita, la prima crittografia nell'elenco del server che corrisponde a una qualsiasi delle crittografie del client viene selezionata per la connessione sicura.
**Considerazioni**
+ Un listener HTTPS richiede una politica di sicurezza. Se non specifichi una politica di sicurezza quando crei il listener, utilizziamo la politica di sicurezza predefinita. La politica di sicurezza predefinita dipende da come è stato creato il listener HTTPS:
+ **Console**: la politica di sicurezza predefinita è`ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09`.
+ **Altri metodi** (ad esempio, la AWS CLI AWS CloudFormation, e la AWS CDK): la politica di sicurezza predefinita è`ELBSecurityPolicy-2016-08`.
+ Per visualizzare la versione del protocollo TLS (posizione 5 del campo di registro) e lo scambio di chiavi (posizione del campo di registro 13) per le richieste di connessione al sistema di bilanciamento del carico, abilita la registrazione delle connessioni ed esamina le voci di registro corrispondenti. [Per ulteriori informazioni, consulta Registri di connessione.](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-connection-logs.html)
+ Le politiche di sicurezza con PQ nel nome offrono lo scambio di chiavi ibrido post-quantistico. Per motivi di compatibilità, supportano algoritmi di scambio di chiavi ML-KEM classici e post-quantistici. I client devono supportare lo scambio di chiavi ML-KEM per utilizzare il TLS post-quantistico ibrido per lo scambio di chiavi. Le politiche post-quantistiche ibride supportano gli algoritmi SecP256R1, SecP384R1 e X25519. MLKEM768 MLKEM1024 MLKEM768 Per ulteriori informazioni[, vedere Crittografia](https://aws.amazon.com/security/post-quantum-cryptography/) post-quantistica.
+ AWS consiglia di implementare la nuova policy di sicurezza basata su TLS post-quantum (PQ-TLS) o. `ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-2-FIPS-PQ-2025-09` Questa politica garantisce la compatibilità con le versioni precedenti supportando i clienti in grado di negoziare solo PQ-TLS ibrido, TLS 1.3 o solo TLS 1.2, riducendo così al minimo l'interruzione del servizio durante la transizione alla crittografia post-quantistica. È possibile migrare progressivamente a politiche di sicurezza più restrittive man mano che le applicazioni client sviluppano la capacità di negoziare PQ-TLS per le operazioni di scambio di chiavi.
+ Per soddisfare gli standard di conformità e sicurezza che richiedono la disabilitazione di determinate versioni del protocollo TLS o per supportare client legacy che richiedono cifrari obsoleti, puoi utilizzare una delle politiche di sicurezza. `ELBSecurityPolicy-TLS-` Per visualizzare la versione del protocollo TLS per le richieste all'Application Load Balancer, abilita la registrazione degli accessi per il tuo load balancer ed esamina le voci del registro di accesso corrispondenti. Per ulteriori informazioni, consulta [Log di accesso](load-balancer-access-logs.md).
+ Puoi limitare le policy di sicurezza disponibili per gli utenti in tutto il tuo Account AWS e AWS Organizations utilizzando le [chiavi di condizione Elastic Load Balancing](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/security_iam_service-with-iam.html) nelle tue policy IAM e service control (SCPs), rispettivamente. Per ulteriori informazioni, consulta [Service control policies (SCPs)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html) nella *Guida per l'AWS Organizations utente*.
+ Le politiche che supportano solo TLS 1.3 supportano Forward Secrecy (FS). Le politiche che supportano TLS 1.3 e TLS 1.2 che hanno solo cifrari del formato TLS\$1\$1 ed ECDHE\$1\$1 forniscono anche FS.
+ Gli Application Load Balancer supportano la ripresa del TLS utilizzando PSK (TLS 1.3) e ticket di sessione (TLS 1.2 e versioni precedenti). IDs/session Le riprese sono supportate solo nelle connessioni allo stesso indirizzo IP di Application Load Balancer. La funzionalità 0-RTT Data e l'estensione early\$1data non sono implementate.
+ Gli Application Load Balancer non supportano policy di sicurezza personalizzate.
+ Gli Application Load Balancer supportano la rinegoziazione SSL solo per le connessioni di destinazione.
**Compatibilità**
+ Tutti i listener sicuri collegati allo stesso sistema di bilanciamento del carico devono utilizzare politiche di sicurezza compatibili. Per migrare tutti i listener sicuri per un sistema di bilanciamento del carico verso politiche di sicurezza non compatibili con quelle attualmente in uso, rimuovete tutti i listener sicuri tranne uno, modificate la politica di sicurezza del listener sicuro e quindi create altri listener sicuri.
+ **Politiche TLS post-quantistiche FIPS e politiche FIPS: compatibili**
+ **Politiche TLS post-quantistiche e politiche TLS post-quantistiche FIPS o FIPS - Compatibili**
+ **Politiche TLS (non FIPS) e politiche TLS post-quantistiche FIPS o FIPS - Non compatibili non-post-quantum**
+ **Politiche TLS (non FIPS) e politiche TLS post-quantistiche: non compatibili non-post-quantum**
**Connessioni back-end**
+ È possibile scegliere la politica di sicurezza utilizzata per le connessioni front-end, ma non per le connessioni backend. La politica di sicurezza per le connessioni di backend dipende dalla politica di sicurezza del listener. Se qualcuno dei tuoi ascoltatori utilizza:
+ Politica **TLS post-quantistica FIPS: utilizzo delle connessioni** di backend `ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09`
+ **Politica** FIPS: utilizzo delle connessioni di backend `ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04`
+ Policy **TLS post-quantistica: utilizzo** delle connessioni di backend `ELBSecurityPolicy-TLS13-1-0-PQ-2025-09`
+ **Politica TLS 1.3** - Utilizzo delle connessioni di backend `ELBSecurityPolicy-TLS13-1-0-2021-06`
+ **Altra politica TLS: utilizzo delle connessioni di** backend `ELBSecurityPolicy-2016-08`
**Contents**
+ [Comandi di esempio describe-ssl-policies](#describe-ssl-policies-examples)
+ [Policy di sicurezza TLS](#tls-security-policies)
+ [Protocolli per politica](#tls-protocols)
+ [Cifre per politica](#tls-policy-ciphers)
+ [Politiche per codice](#tls-cipher-policies)
+ [Politiche di sicurezza FIPS](#fips-security-policies)
+ [Protocolli per politica](#fips-protocols)
+ [Cifre per politica](#fips-policy-ciphers)
+ [Politiche per codice](#fips-cipher-policies)
+ [Policy FS supportate](#fs-supported-policies)
+ [Protocolli per politica](#fs-protocols)
+ [Cifre per politica](#fs-policy-ciphers)
+ [Politiche per codice](#fs-cipher-policies)
## Comandi di esempio describe-ssl-policies
È possibile descrivere i protocolli e i codici per una politica di sicurezza o trovare una politica che soddisfi le proprie esigenze utilizzando il [describe-ssl-policies](https://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-ssl-policies.html) AWS CLI comando.
L'esempio seguente descrive la politica specificata.
```
aws elbv2 describe-ssl-policies \
--names "ELBSecurityPolicy-TLS13-1-2-Res-2021-06"
```
L'esempio seguente elenca le politiche con la stringa specificata nel nome della politica.
```
aws elbv2 describe-ssl-policies \
--query "SslPolicies[?contains(Name,'FIPS')].Name"
```
L'esempio seguente elenca le politiche che supportano il protocollo specificato.
```
aws elbv2 describe-ssl-policies \
--query "SslPolicies[?contains(SslProtocols,'TLSv1.3')].Name"
```
L'esempio seguente elenca le politiche che supportano il codice specificato.
```
aws elbv2 describe-ssl-policies \
--query "SslPolicies[?Ciphers[?contains(Name,'TLS_AES_128_GCM_SHA256')]].Name"
```
L'esempio seguente elenca le politiche che non supportano il codice specificato.
```
aws elbv2 describe-ssl-policies \
--query 'SslPolicies[?length(Ciphers[?starts_with(Name,`AES128-GCM-SHA256`)]) == `0`].Name'
```
## Policy di sicurezza TLS
È possibile utilizzare le politiche di sicurezza TLS per soddisfare gli standard di conformità e sicurezza che richiedono la disabilitazione di determinate versioni del protocollo TLS o per supportare client legacy che richiedono cifrari obsoleti.
Le politiche che supportano solo TLS 1.3 supportano Forward Secrecy (FS). Le politiche che supportano TLS 1.3 e TLS 1.2 che hanno solo cifrari del formato TLS\$1\$1 ed ECDHE\$1\$1 forniscono anche FS.
**Topics**
+ [Protocolli per politica](#tls-protocols)
+ [Cifre per politica](#tls-policy-ciphers)
+ [Politiche per codice](#tls-cipher-policies)
### Protocolli per politica
La tabella seguente descrive i protocolli supportati da ogni policy di sicurezza TLS.
| Policy di sicurezza | TLS 1.3 | TLS 1.2 | TLS 1.1 | TLS 1.0 |
| --- | --- | --- | --- | --- |
| ELBSecurityPolitica- -1-3-2021-06 TLS13 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-3-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-2-2021-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-2-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-2-Res-2021-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-2-res-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-2-Ext2-2021-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-2-Ext2-pq-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-2-Ext1-2021-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-2-Ext1-pq-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-1-2021-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-0-2021-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì |
| ELBSecurityPolitica- TLS13 -1-0-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì |
| ELBSecurityPolitica-TLS-1-2-EXT-2018-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica-TLS-1-2-2017-01 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica-TLS-1-1-2017-01 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica - 2016-08 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì |
### Cifre per politica
La tabella seguente descrive i codici supportati da ogni politica di sicurezza TLS.
| Policy di sicurezza | Crittografie |
| --- | --- |
| ELBSecurityPolitica- -1-3-2021-06 TLS13 ELBSecurityPolitica- TLS13 -1-3-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
| ELBSecurityPolitica- -1-2-2021-06 TLS13 ELBSecurityPolitica- TLS13 -1-2-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
| ELBSecurityPolitica- -1-2-Res-2021-06 TLS13 ELBSecurityPolitica- TLS13 -1-2-res-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
| ELBSecurityPolitica- TLS13 -1-2-Ext2-2021-06 ELBSecurityPolitica- TLS13 -1-2-Ext2-pq-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
| ELBSecurityPolitica- -1-2-Ext1-2021-06 TLS13 ELBSecurityPolitica- TLS13 -1-2-Ext1-pq-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
| ELBSecurityPolitica- -1-1-2021-06 TLS13 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
| ELBSecurityPolitica- -1-0-2021-06 TLS13 ELBSecurityPolitica- TLS13 -1-0-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
| ELBSecurityPolitica-TLS-1-2-EXT-2018-06 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
| ELBSecurityPolitica-TLS-1-2-2017-01 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
| ELBSecurityPolitica-TLS-1-1-2017-01 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
| ELBSecurityPolitica - 2016-08 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
### Politiche per codice
La tabella seguente descrive le politiche di sicurezza TLS che supportano ogni cifrario.
| Nome del cifrario | Policy di sicurezza | Suite di cifratura |
| --- | --- | --- |
| **OpenSSL** — TLS\$1AES\$1128\$1GCM\$1 SHA256 **IANA — TLS\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | 1301 |
| **OpenSSL** — TLS\$1AES\$1256\$1GCM\$1 SHA384 **IANA — TLS\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | 1302 |
| **OpenSSL** — TLS\$1 \$1 \$1 CHACHA20 POLY1305 SHA256 **IANA** — TLS\$1 \$1 CHACHA20 POLY1305 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | 1303 |
| ** ECDHE-ECDSA-AESOpenSSL** — 128-GCM- SHA256 IANA — **TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c02b |
| ** ECDHE-RSA-AESOpenSSL** — 128-GCM- SHA256 IANA — **TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c02f |
| ** ECDHE-ECDSA-AESOpenSSL** — 128- SHA256 **IANA** — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1128\$1CBC\$1 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c023 |
| ** ECDHE-RSA-AESOpenSSL** — 128- SHA256 **IANA** — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c-027 |
| **OpenSSL** — ECDHE-ECDSA-AES 128-SHA **IANA — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1128\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c009 |
| **OpenSSL** — ECDHE-RSA-AES 128-SHA **IANA — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c-013 |
| ** ECDHE-ECDSA-AESOpenSSL** — 256-GCM- SHA384 IANA — **TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c02c |
| ** ECDHE-RSA-AESOpenSSL** — 256-GCM- SHA384 IANA — **TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c030 |
| ** ECDHE-ECDSA-AESOpenSSL** — 256- SHA384 **IANA** — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1256\$1CBC\$1 SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c-024 |
| ** ECDHE-RSA-AESOpenSSL** — 256- SHA384 **IANA** — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1 SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c-028 |
| **OpenSSL** — ECDHE-ECDSA-AES 256-SHA **IANA — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1256\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c00a |
| **OpenSSL** — ECDHE-RSA-AES 256-SHA **IANA — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c014 |
| ** AES128OpenSSL** — -GCM- SHA256 **IANA — TLS\$1RSA\$1CON\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | 9c |
| ** AES128OpenSSL** — - SHA256 **IANA** — TLS\$1RSA\$1CON\$1AES\$1128\$1CBC\$1 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | 3c |
| ** AES128OpenSSL** — -SHA IANA — **TLS\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | 2f |
| ** AES256OpenSSL** — -GCM- SHA384 **IANA — TLS\$1RSA\$1CON\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | 9d |
| ** AES256OpenSSL** — - SHA256 **IANA** — TLS\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | 3d |
| ** AES256OpenSSL** — -SHA IANA — **TLS\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | 35 |
## Politiche di sicurezza FIPS
Il Federal Information Processing Standard (FIPS) è uno standard governativo statunitense e canadese che specifica i requisiti di sicurezza per i moduli crittografici che proteggono le informazioni sensibili. Per ulteriori informazioni, consulta [Federal Information Processing Standard (FIPS) 140](https://aws.amazon.com/compliance/fips/) nella pagina *AWS Cloud* Security Compliance.
Tutte le politiche FIPS sfruttano il modulo crittografico convalidato FIPS AWS-LC. Per saperne di più, consulta la pagina del modulo crittografico [AWS-LC sul sito del *NIST Cryptographic* Module](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4631) Validation Program.
**Importante**
Le politiche `ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04` e sono fornite solo per la compatibilità con `ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04` le versioni precedenti. Sebbene utilizzino la crittografia FIPS utilizzando il FIPS140 modulo, potrebbero non essere conformi alle ultime linee guida NIST per la configurazione TLS.
**Topics**
+ [Protocolli per politica](#fips-protocols)
+ [Cifre per politica](#fips-policy-ciphers)
+ [Politiche per codice](#fips-cipher-policies)
### Protocolli per politica
La tabella seguente descrive i protocolli supportati da ogni politica di sicurezza FIPS.
| Policy di sicurezza | TLS 1.3 | TLS 1.2 | TLS 1.1 | TLS 1.0 |
| --- | --- | --- | --- | --- |
| ELBSecurityPolitica- -1-3-FIPS-2023-04 TLS13 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-3-FIPS-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-2-FIPS-2023-04 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-2-FIPS-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-2-res-FIPS-2023-04 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-2-res-FIPS-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-2-EXT2-FIPS-2023-04 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-2-ext2-FIPS-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-2-ext1-FIPS-2023-04 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-2-ext1-FIPS-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-2-ext0-FIPS-2023-04 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-2-ext0-FIPS-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-1-FIPS-2023-04 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica- TLS13 -1-0-FIPS-2023-04 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì |
| ELBSecurityPolitica- TLS13 -1-0-FIPS-PQ-2025-09 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì |
### Cifre per politica
La tabella seguente descrive i codici supportati da ogni politica di sicurezza FIPS.
| Policy di sicurezza | Crittografie |
| --- | --- |
| ELBSecurityPolitica- -1-3-FIPS-2023-04 TLS13 ELBSecurityPolitica- TLS13 -1-3-FIPS-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
| ELBSecurityPolitica- -1-2-FIPS-2023-04 TLS13 ELBSecurityPolitica- TLS13 -1-2-FIPS-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
| ELBSecurityPolitica- -1-2-RES-FIPS-2023-04 TLS13 ELBSecurityPolitica- TLS13 -1-2-res-FIPS-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
| ELBSecurityPolitica- TLS13 -1-2-EXT2-FIPS-2023-04 ELBSecurityPolitica- TLS13 -1-2-ext2-FIPS-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
| ELBSecurityPolitica- -1-2-ext1-FIPS-2023-04 TLS13 ELBSecurityPolitica- TLS13 -1-2-ext1-FIPS-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
| ELBSecurityPolitica- -1-2-Ext0-FIPS-2023-04 TLS13 ELBSecurityPolitica- TLS13 -1-2-ext0-FIPS-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
| ELBSecurityPolitica- -1-1-FIPS-2023-04 TLS13 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
| ELBSecurityPolitica- -1-0-FIPS-2023-04 TLS13 ELBSecurityPolitica- TLS13 -1-0-FIPS-PQ-2025-09 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
### Politiche per codice
La tabella seguente descrive le politiche di sicurezza FIPS che supportano ogni cifrario.
| Nome del cifrario | Policy di sicurezza | Suite di cifratura |
| --- | --- | --- |
| **OpenSSL** — TLS\$1AES\$1128\$1GCM\$1 SHA256 **IANA — TLS\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | 1301 |
| **OpenSSL** — TLS\$1AES\$1256\$1GCM\$1 SHA384 **IANA — TLS\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | 1302 |
| ** ECDHE-ECDSA-AESOpenSSL** — 128-GCM- SHA256 IANA — **TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c02b |
| ** ECDHE-RSA-AESOpenSSL** — 128-GCM- SHA256 IANA — **TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c02f |
| ** ECDHE-ECDSA-AESOpenSSL** — 128- SHA256 **IANA** — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1128\$1CBC\$1 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c023 |
| ** ECDHE-RSA-AESOpenSSL** — 128- SHA256 **IANA** — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c027 |
| **OpenSSL** — ECDHE-ECDSA-AES 128-SHA **IANA — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1128\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c009 |
| **OpenSSL** — ECDHE-RSA-AES 128-SHA **IANA — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c013 |
| ** ECDHE-ECDSA-AESOpenSSL** — 256-GCM- SHA384 IANA — **TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c02c |
| ** ECDHE-RSA-AESOpenSSL** — 256-GCM- SHA384 IANA — **TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c030 |
| ** ECDHE-ECDSA-AESOpenSSL** — 256- SHA384 **IANA** — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1256\$1CBC\$1 SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c024 |
| ** ECDHE-RSA-AESOpenSSL** — 256- SHA384 **IANA** — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1 SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c-028 |
| **OpenSSL** — ECDHE-ECDSA-AES 256-SHA **IANA — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1256\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c00a |
| **OpenSSL** — ECDHE-RSA-AES 256-SHA **IANA — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c014 |
| ** AES128OpenSSL** — -GCM- SHA256 **IANA — TLS\$1RSA\$1CON\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | 9 c |
| ** AES128OpenSSL** — - SHA256 **IANA** — TLS\$1RSA\$1CON\$1AES\$1128\$1CBC\$1 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | 3c |
| ** AES128OpenSSL** — -SHA IANA — **TLS\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | 2 f |
| ** AES256OpenSSL** — -GCM- SHA384 **IANA — TLS\$1RSA\$1CON\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | 9d |
| ** AES256OpenSSL** — - SHA256 **IANA** — TLS\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | 3d |
| ** AES256OpenSSL** — -SHA IANA — **TLS\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | 35 |
## Policy FS supportate
Le politiche di sicurezza supportate da FS (Forward Secrecy) forniscono ulteriori garanzie contro l'intercettazione di dati crittografati, attraverso l'uso di una chiave di sessione casuale unica. Ciò impedisce la decodifica dei dati acquisiti, anche se la chiave segreta a lungo termine è compromessa.
Le politiche in questa sezione supportano FS e «FS» è incluso nei loro nomi. Tuttavia, queste non sono le uniche politiche che supportano FS. Le politiche che supportano solo TLS 1.3 supportano FS. Le politiche che supportano TLS 1.3 e TLS 1.2 che hanno solo cifrari del formato TLS\$1\$1 ed ECDHE\$1\$1 forniscono anche FS.
**Topics**
+ [Protocolli per politica](#fs-protocols)
+ [Cifre per politica](#fs-policy-ciphers)
+ [Politiche per codice](#fs-cipher-policies)
### Protocolli per politica
La tabella seguente descrive i protocolli supportati da ogni policy di sicurezza supportata da FS.
| Policy di sicurezza | TLS 1.3 | TLS 1.2 | TLS 1.1 | TLS 1.0 |
| --- | --- | --- | --- | --- |
| ELBSecurityPolicy-FS-1-2-res-2020-10 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica-FS-1-2-res-2019-08 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica-FS-1-2-2019-08 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica-FS-1-1-2019-08 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No |
| ELBSecurityPolitica-FS-2018-06 | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/negative_icon.svg) No | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì | ![\[alt text not found\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/images/success_icon.svg) Sì |
### Cifre per politica
La tabella seguente descrive i codici supportati da ogni politica di sicurezza supportata da FS.
| Policy di sicurezza | Crittografie |
| --- | --- |
| ELBSecurityPolicy-FS-1-2-res-2020-10 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
| ELBSecurityPolitica-FS-1-2-RES-2019-08 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
| ELBSecurityPolitica-FS-1-2-2019-08 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
| ELBSecurityPolitica-FS-1-1-2019-08 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
| ELBSecurityPolitica-FS-2018-06 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
### Politiche per codice
La tabella seguente descrive le politiche di sicurezza supportate da FS che supportano ogni cifrario.
| Nome del cifrario | Policy di sicurezza | Suite di cifratura |
| --- | --- | --- |
| ** ECDHE-ECDSA-AESOpenSSL** — 128-GCM- SHA256 IANA — **TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c02b |
| ** ECDHE-RSA-AESOpenSSL** — 128-GCM- SHA256 IANA — **TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1128\$1GCM\$1** SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c02f |
| ** ECDHE-ECDSA-AESOpenSSL** — 128- SHA256 **IANA** — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1128\$1CBC\$1 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c023 |
| ** ECDHE-RSA-AESOpenSSL** — 128- SHA256 **IANA** — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1 SHA256 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c027 |
| **OpenSSL** — ECDHE-ECDSA-AES 128-SHA **IANA — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1128\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c009 |
| **OpenSSL** — ECDHE-RSA-AES 128-SHA **IANA — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c013 |
| ** ECDHE-ECDSA-AESOpenSSL** — 256-GCM- SHA384 IANA — **TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c02c |
| ** ECDHE-RSA-AESOpenSSL** — 256-GCM- SHA384 IANA — **TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1256\$1GCM\$1** SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c030 |
| ** ECDHE-ECDSA-AESOpenSSL** — 256- SHA384 **IANA** — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1256\$1CBC\$1 SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c024 |
| ** ECDHE-RSA-AESOpenSSL** — 256- SHA384 **IANA** — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1 SHA384 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c028 |
| **OpenSSL** — ECDHE-ECDSA-AES 256-SHA **IANA — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1256\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c00a |
| **OpenSSL** — ECDHE-RSA-AES 256-SHA **IANA — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1SHA** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/it_it/elasticloadbalancing/latest/application/describe-ssl-policies.html) | c014 |