本文属于机器翻译版本。若本译文内容与英语原文存在差异，则一律以英文原文为准。

# 经典负载均衡器的预定义 SSL 安全策略
<a name="elb-security-policy-table"></a>

您可以为 HTTPS/SSL 侦听器选择预定义的安全策略之一。您可以使用 `ELBSecurityPolicy-TLS` 策略之一来满足要求禁用某些 TLS 协议版本的合规性和安全标准。或者，您也可以创建自定义安全策略。有关更多信息，请参阅 [更新 SSL 协商配置](ssl-config-update.md)。

基于 RSA 和 DSA 的密码特定于用于创建 SSL 证书的签名算法。请确保使用基于为安全策略启用的密码的签名算法来创建 SSL 证书。

如果选择为“服务器顺序首选项”启用的策略，则负载均衡器会按密码在这里的指定顺序使用密码，以协商客户端与负载均衡器之间的连接。否则，负载均衡器会按客户端提供的密码的顺序使用密码。



以下章节介绍了经典负载均衡器的最新预定义安全策略，包括其启用的 SSL 协议和 SSL 密码。您也可以使用[describe-load-balancer-policies](https://docs.aws.amazon.com/cli/latest/reference/elb/describe-load-balancer-policies.html)命令描述预定义的策略。

**提示**  
这些信息仅适用于经典负载均衡器。有关适用于其他负载均衡器的信息，请参阅[适用于应用程序负载均衡器的安全策略](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/describe-ssl-policies.html)和[适用于网络负载均衡器的安全策略](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/describe-ssl-policies.html)。

**Topics**
+ [按策略划分的协议](#tls-protocols)
+ [按策略划分的密码](#tls-policy-ciphers)
+ [按密码划分的策略](#tls-cipher-policies)

## 按策略划分的协议
<a name="tls-protocols"></a>

下表描述了每个安全策略支持的 TLS 协议。


| 安全策略 | TLS 1.2 | TLS 1.1 | TLS 1.0 | 
| --- | --- | --- | --- | 
| ELBSecurityPolicy-tls-1-2-2017-01 | ![\[alt text not found\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/images/success_icon.svg) 是 | ![\[alt text not found\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/images/negative_icon.svg)没有 | ![\[alt text not found\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/images/negative_icon.svg)没有 | 
| ELBSecurity政策-tls-1-1-2017-01 | ![\[alt text not found\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/images/success_icon.svg) 是 | ![\[alt text not found\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/images/success_icon.svg) 是 | ![\[alt text not found\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/images/negative_icon.svg)没有 | 
| ELBSecurity政策-2016-08 | ![\[alt text not found\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/images/success_icon.svg) 是 | ![\[alt text not found\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/images/success_icon.svg) 是 | ![\[alt text not found\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/images/success_icon.svg) 是 | 
| ELBSecurity政策-2015-05 | ![\[alt text not found\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/images/success_icon.svg) 是 | ![\[alt text not found\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/images/success_icon.svg) 是 | ![\[alt text not found\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/images/success_icon.svg) 是 | 
| ELBSecurity政策-2015-03 | ![\[alt text not found\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/images/success_icon.svg) 是 | ![\[alt text not found\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/images/success_icon.svg) 是 | ![\[alt text not found\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/images/success_icon.svg) 是 | 
| ELBSecurity政策-2015-02 | ![\[alt text not found\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/images/success_icon.svg) 是 | ![\[alt text not found\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/images/success_icon.svg) 是 | ![\[alt text not found\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/images/success_icon.svg) 是 | 

## 按策略划分的密码
<a name="tls-policy-ciphers"></a>

下表描述了每个安全策略支持的密码。


| 安全策略 | 密码 | 
| --- | --- | 
| ELBSecurityPolicy-tls-1-2-2017-01 |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | 
| ELBSecurity政策-tls-1-1-2017-01 |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | 
| ELBSecurity政策-2016-08 |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | 
| ELBSecurity政策-2015-05 |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | 
| ELBSecurity政策-2015-03 |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | 
| ELBSecurity政策-2015-02 |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | 

## 按密码划分的策略
<a name="tls-cipher-policies"></a>

下表描述了支持每个密码的安全策略。


| 密码名称 | 安全策略 | 密码套件 | 
| --- | --- | --- | 
|  **OpenSSL** — ECDHE-ECDSA-AES 128-GCM-SHA256 **IANA** — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1128\$1GCM\$1 SHA256  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | c02b | 
|  **OpenSSL** — ECDHE-RSA-AES 128-GCM-SHA256 **IANA** — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1128\$1GCM\$1 SHA256  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | c02f | 
|  **OpenSSL — 12** 8- ECDHE-ECDSA-AES SHA256 **IANA** — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1128\$1CBC\$1 SHA256  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | c023 | 
|  **OpenSSL — 12** 8- ECDHE-RSA-AES SHA256 **IANA** — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1 SHA256  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | c027 | 
|  **OpenSSL — 128**-SHA ECDHE-ECDSA-AES **IANA**：TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1128\$1CBC\$1SHA  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | c009 | 
|  **OpenSSL — 128**-SHA ECDHE-RSA-AES **IANA**：TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1SHA  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | c013 | 
|  **OpenSSL** — ECDHE-ECDSA-AES 256-GCM-SHA384 **IANA** — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1256\$1GCM\$1 SHA384  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | c02c | 
|  **OpenSSL** — ECDHE-RSA-AES 256-GCM-SHA384 **IANA** — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1256\$1GCM\$1 SHA384  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | c030 | 
|  **OpenSSL — 25** 6- ECDHE-ECDSA-AES SHA384 **IANA** — TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1256\$1CBC\$1 SHA384  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | c024 | 
|  **OpenSSL — 25** 6- ECDHE-RSA-AES SHA384 **IANA** — TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1 SHA384  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | c028 | 
|  **OpenSSL — 256-SHA** ECDHE-ECDSA-AES **IANA**：TLS\$1ECDHE\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1SHA  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | c014 | 
|  **OpenSSL — 256-SHA** ECDHE-RSA-AES **IANA**：TLS\$1ECDHE\$1ECDSA\$1WITH\$1AES\$1256\$1CBC\$1SHA  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | c00a | 
|  **OpenSSL —- AES128 G** CM-SHA256 **IANA** — TLS\$1RSA\$1WITH\$1AES\$1128\$1GCM\$1 SHA256  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | 9c | 
|  **OpenSSL —**- AES128 SHA256 **IANA** — TLS\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1 SHA256  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | 3c | 
|  **OpenSSL —**-SHA AES128 **IANA**：TLS\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1SHA  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | 2f | 
|  **OpenSSL —- AES256 G** CM-SHA384 **IANA** — TLS\$1RSA\$1WITH\$1AES\$1256\$1GCM\$1 SHA384  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | 9d | 
|  **OpenSSL —**- AES256 SHA256 **IANA** — TLS\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1 SHA256  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | 3d | 
|  **OpenSSL —**-SHA AES256 **IANA**：TLS\$1RSA\$1WITH\$1AES\$1256\$1CBC\$1SHA  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | 35 | 
|  **OpenSSL — 128**-SHA DHE-RSA-AES **IANA**：TLS\$1DHE\$1RSA\$1WITH\$1AES\$1128\$1CBC\$1SHA  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | 33 | 
|  **OpenSSL — 128**-SHA DHE-DSS-AES **IANA**：TLS\$1DHE\$1DSS\$1WITH\$1AES\$1128\$1CBC\$1SHA  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | 32 | 
|  **OpenSSL** — DES-SHA CBC3 **IANA**：TLS\$1RSA\$1WITH\$13DES\$1EDE\$1CBC\$1SHA  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/elasticloadbalancing/latest/classic/elb-security-policy-table.html)  | 0a |