事前定義セキュリティポリシー

対象リージョン:東日本第1/第2、西日本第1/第2

ロードバランサーの作成時に、リスナーに設定可能なセキュリティポリシーについて説明します。

使用可能なSSLプロトコル、SSL暗号スイートなど、事前定義された最新のセキュリティポリシーの詳細を表に示します。表には事前定義されたセキュリティポリシーを2種類示していますが、ご利用の際は最新のセキュリティポリシーを使用することをお勧めします。

事前定義されたSSLのセキュリティポリシー(最新)

最新のセキュリティポリシー名は以下のとおりです。表の "2023-09" の列を参照してください

  • セキュリティポリシー名:LBServiceSecurityPolicy-2023-09

事前定義されたSSLのセキュリティポリシー(旧)

前回まで公開されていたセキュリティポリシー名は以下のとおりです。表の "2017-05" の列を参照してください

  • セキュリティポリシー名:LBServiceSecurityPolicy-2017-05
表 1. セキュリティポリシー名
暗号プロトコル 暗号スイート 暗号スイートパラメタ名(ユーザ指定) 事前定義セキュリティポリシー

"2023-09"

"2017-05" "2015-12"
TLS1.2 Default : true TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE-RSA-AES256-GCM-SHA384

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE-RSA-AES256-SHA384

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE-ECDSA-AES256-SHA384

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE-RSA-AES256-SHA

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE-ECDSA-AES256-SHA

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DHE-RSA-AES256-GCM-SHA384

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE-RSA-AES256-SHA256

TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA

TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE-RSA-CAMELLIA256-SHA

TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 ECDH-RSA-AES256-GCM-SHA384

-

TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 ECDH-ECDSA-AES256-GCM-SHA384

-

TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 ECDH-RSA-AES256-SHA384

-

TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 ECDH-ECDSA-AES256-SHA384

-

TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ECDH-RSA-AES256-SHA

-

TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA ECDH-ECDSA-AES256-SHA

-

TLS_RSA_WITH_AES_256_GCM_SHA384 AES256-GCM-SHA384

-

TLS_RSA_WITH_AES_256_CBC_SHA256 AES256-SHA256

-

TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA

-

TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA

-

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES128-SHA256

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE-ECDSA-AES128-SHA256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE-ECDSA-AES128-SHA

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DHE-RSA-AES128-GCM-SHA256

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE-RSA-AES128-SHA256

TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA

TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE-RSA-CAMELLIA128-SHA

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA

-

-
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ECDH-RSA-AES128-GCM-SHA256

-

TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ECDH-ECDSA-AES128-GCM-SHA256

-

TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 ECDH-RSA-AES128-SHA256

-

TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 ECDH-ECDSA-AES128-SHA256

-

TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ECDH-RSA-AES128-SHA

-

TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ECDH-ECDSA-AES128-SHA

-

TLS_RSA_WITH_AES_128_GCM_SHA256 AES128-GCM-SHA256

-

TLS_RSA_WITH_AES_128_CBC_SHA256 AES128-SHA256

-

TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA

-

TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA

-

TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA

-

-
TLS1.1 Default : true TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE-RSA-AES256-SHA

-

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE-ECDSA-AES256-SHA

-

TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA

-

TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE-RSA-CAMELLIA256-SHA

-

TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ECDH-RSA-AES256-SHA

-

TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA ECDH-ECDSA-AES256-SHA

-

TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA

-

TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA

-

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA

-

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE-ECDSA-AES128-SHA

-

TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA

-

TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE-RSA-CAMELLIA128-SHA

-

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA

-

-
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ECDH-RSA-AES128-SHA

-

TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ECDH-ECDSA-AES128-SHA

-

TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA

-

TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA

-

TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA

-

-
TLS1.0 Default : false TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE-RSA-AES256-SHA

-

- -
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE-ECDSA-AES256-SHA

-

- -
TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA

-

- -
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE-RSA-CAMELLIA256-SHA

-

- -
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ECDH-RSA-AES256-SHA

-

- -
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA ECDH-ECDSA-AES256-SHA

-

- -
TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA

-

- -
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA

-

- -
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA

-

- -
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE-ECDSA-AES128-SHA

-

- -
TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA

-

- -
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE-RSA-CAMELLIA128-SHA

-

- -
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA

-

- -
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ECDH-RSA-AES128-SHA

-

- -
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ECDH-ECDSA-AES128-SHA

-

- -
TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA

-

- -
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA

-

- -
TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA

-

- -
SSL3.0 Default : false TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE-RSA-AES256-SHA

-

- -
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE-ECDSA-AES256-SHA

-

- -
TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA

-

- -
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE-RSA-CAMELLIA256-SHA

-

- -
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ECDH-RSA-AES256-SHA

-

- -
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA ECDH-ECDSA-AES256-SHA

-

- -
TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA

-

- -
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA

-

- -
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA

-

- -
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE-ECDSA-AES128-SHA

-

- -
TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA

-

- -
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE-RSA-CAMELLIA128-SHA

-

- -
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA

-

- -
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ECDH-RSA-AES128-SHA

-

- -
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ECDH-ECDSA-AES128-SHA

-

- -
TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA

-

- -
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA

-

- -
TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA

-

- -