事前定義セキュリティポリシー
対象リージョン:東日本第1/第2、西日本第1/第2
ロードバランサーの作成時に、リスナーに設定可能なセキュリティポリシーについて説明します。
使用可能なSSLプロトコル、SSL暗号スイートなど、事前定義された最新のセキュリティポリシーの詳細を表に示します。表には事前定義されたセキュリティポリシーを2種類示していますが、ご利用の際は最新のセキュリティポリシーを使用することをお勧めします。
事前定義されたSSLのセキュリティポリシー(最新)
最新のセキュリティポリシー名は、以下になります。表の "2017-5" の列を参照してください。
- セキュリティポリシー名:LBServiceSecurityPolicy-2017-05
事前定義されたSSLのセキュリティポリシー(旧)
前回まで公開されていたセキュリティポリシー名は、以下になります。表の "2015-12" の列を参照してください。
- セキュリティポリシー名:LBServiceSecurityPolicy-2015-12
| 暗号プロトコル | 暗号スイート | 暗号スイートパラメタ名(ユーザ指定) | 事前定義セキュリティポリシー | |
|---|---|---|---|---|
| "2017-05" | "2015-12" | |||
| TLS1.2 Default : true | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ECDHE-RSA-AES256-GCM-SHA384 | ◯ | ◯ |
| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | ECDHE-ECDSA-AES256-GCM-SHA384 | ◯ | ◯ | |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | ECDHE-RSA-AES256-SHA384 | ◯ | ◯ | |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | ECDHE-ECDSA-AES256-SHA384 | ◯ | ◯ | |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ECDHE-RSA-AES256-SHA | ◯ | ◯ | |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | ECDHE-ECDSA-AES256-SHA | ◯ | ◯ | |
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | DHE-RSA-AES256-GCM-SHA384 | ◯ | ◯ | |
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | DHE-RSA-AES256-SHA256 | ◯ | ◯ | |
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA | DHE-RSA-AES256-SHA | ◯ | ◯ | |
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA | DHE-RSA-CAMELLIA256-SHA | ◯ | ◯ | |
| TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 | ECDH-RSA-AES256-GCM-SHA384 | ◯ | ◯ | |
| TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 | ECDH-ECDSA-AES256-GCM-SHA384 | ◯ | ◯ | |
| TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 | ECDH-RSA-AES256-SHA384 | ◯ | ◯ | |
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 | ECDH-ECDSA-AES256-SHA384 | ◯ | ◯ | |
| TLS_ECDH_RSA_WITH_AES_256_CBC_SHA | ECDH-RSA-AES256-SHA | ◯ | ◯ | |
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA | ECDH-ECDSA-AES256-SHA | ◯ | ◯ | |
| TLS_RSA_WITH_AES_256_GCM_SHA384 | AES256-GCM-SHA384 | ◯ | ◯ | |
| TLS_RSA_WITH_AES_256_CBC_SHA256 | AES256-SHA256 | ◯ | ◯ | |
| TLS_RSA_WITH_AES_256_CBC_SHA | AES256-SHA | ◯ | ◯ | |
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA | CAMELLIA256-SHA | ◯ | ◯ | |
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ECDHE-RSA-AES128-GCM-SHA256 | ◯ | ◯ | |
| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | ECDHE-ECDSA-AES128-GCM-SHA256 | ◯ | ◯ | |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | ECDHE-RSA-AES128-SHA256 | ◯ | ◯ | |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | ECDHE-ECDSA-AES128-SHA256 | ◯ | ◯ | |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | ECDHE-RSA-AES128-SHA | ◯ | ◯ | |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | ECDHE-ECDSA-AES128-SHA | ◯ | ◯ | |
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | DHE-RSA-AES128-GCM-SHA256 | ◯ | ◯ | |
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | DHE-RSA-AES128-SHA256 | ◯ | ◯ | |
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA | DHE-RSA-AES128-SHA | ◯ | ◯ | |
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA | DHE-RSA-CAMELLIA128-SHA | ◯ | ◯ | |
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | EDH-RSA-DES-CBC3-SHA | - | ◯ | |
| TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 | ECDH-RSA-AES128-GCM-SHA256 | ◯ | ◯ | |
| TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 | ECDH-ECDSA-AES128-GCM-SHA256 | ◯ | ◯ | |
| TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 | ECDH-RSA-AES128-SHA256 | ◯ | ◯ | |
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 | ECDH-ECDSA-AES128-SHA256 | ◯ | ◯ | |
| TLS_ECDH_RSA_WITH_AES_128_CBC_SHA | ECDH-RSA-AES128-SHA | ◯ | ◯ | |
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA | ECDH-ECDSA-AES128-SHA | ◯ | ◯ | |
| TLS_RSA_WITH_AES_128_GCM_SHA256 | AES128-GCM-SHA256 | ◯ | ◯ | |
| TLS_RSA_WITH_AES_128_CBC_SHA256 | AES128-SHA256 | ◯ | ◯ | |
| TLS_RSA_WITH_AES_128_CBC_SHA | AES128-SHA | ◯ | ◯ | |
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA | CAMELLIA128-SHA | ◯ | ◯ | |
| TLS_RSA_WITH_3DES_EDE_CBC_SHA | DES-CBC3-SHA | - | ◯ | |
| TLS1.1 Default : true | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ECDHE-RSA-AES256-SHA | ◯ | ◯ |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | ECDHE-ECDSA-AES256-SHA | ◯ | ◯ | |
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA | DHE-RSA-AES256-SHA | ◯ | ◯ | |
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA | DHE-RSA-CAMELLIA256-SHA | ◯ | ◯ | |
| TLS_ECDH_RSA_WITH_AES_256_CBC_SHA | ECDH-RSA-AES256-SHA | ◯ | ◯ | |
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA | ECDH-ECDSA-AES256-SHA | ◯ | ◯ | |
| TLS_RSA_WITH_AES_256_CBC_SHA | AES256-SHA | ◯ | ◯ | |
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA | CAMELLIA256-SHA | ◯ | ◯ | |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | ECDHE-RSA-AES128-SHA | ◯ | ◯ | |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | ECDHE-ECDSA-AES128-SHA | ◯ | ◯ | |
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA | DHE-RSA-AES128-SHA | ◯ | ◯ | |
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA | DHE-RSA-CAMELLIA128-SHA | ◯ | ◯ | |
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | EDH-RSA-DES-CBC3-SHA | - | ◯ | |
| TLS_ECDH_RSA_WITH_AES_128_CBC_SHA | ECDH-RSA-AES128-SHA | ◯ | ◯ | |
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA | ECDH-ECDSA-AES128-SHA | ◯ | ◯ | |
| TLS_RSA_WITH_AES_128_CBC_SHA | AES128-SHA | ◯ | ◯ | |
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA | CAMELLIA128-SHA | ◯ | ◯ | |
| TLS_RSA_WITH_3DES_EDE_CBC_SHA | DES-CBC3-SHA | - | ◯ | |
| TLS1.0 Default : false | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ECDHE-RSA-AES256-SHA | - | - |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | ECDHE-ECDSA-AES256-SHA | - | - | |
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA | DHE-RSA-AES256-SHA | - | - | |
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA | DHE-RSA-CAMELLIA256-SHA | - | - | |
| TLS_ECDH_RSA_WITH_AES_256_CBC_SHA | ECDH-RSA-AES256-SHA | - | - | |
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA | ECDH-ECDSA-AES256-SHA | - | - | |
| TLS_RSA_WITH_AES_256_CBC_SHA | AES256-SHA | - | - | |
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA | CAMELLIA256-SHA | - | - | |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | ECDHE-RSA-AES128-SHA | - | - | |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | ECDHE-ECDSA-AES128-SHA | - | - | |
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA | DHE-RSA-AES128-SHA | - | - | |
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA | DHE-RSA-CAMELLIA128-SHA | - | - | |
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | EDH-RSA-DES-CBC3-SHA | - | - | |
| TLS_ECDH_RSA_WITH_AES_128_CBC_SHA | ECDH-RSA-AES128-SHA | - | - | |
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA | ECDH-ECDSA-AES128-SHA | - | - | |
| TLS_RSA_WITH_AES_128_CBC_SHA | AES128-SHA | - | - | |
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA | CAMELLIA128-SHA | - | - | |
| TLS_RSA_WITH_3DES_EDE_CBC_SHA | DES-CBC3-SHA | - | - | |
| SSL3.0 Default : false | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ECDHE-RSA-AES256-SHA | - | - |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | ECDHE-ECDSA-AES256-SHA | - | - | |
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA | DHE-RSA-AES256-SHA | - | - | |
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA | DHE-RSA-CAMELLIA256-SHA | - | - | |
| TLS_ECDH_RSA_WITH_AES_256_CBC_SHA | ECDH-RSA-AES256-SHA | - | - | |
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA | ECDH-ECDSA-AES256-SHA | - | - | |
| TLS_RSA_WITH_AES_256_CBC_SHA | AES256-SHA | - | - | |
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA | CAMELLIA256-SHA | - | - | |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | ECDHE-RSA-AES128-SHA | - | - | |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | ECDHE-ECDSA-AES128-SHA | - | - | |
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA | DHE-RSA-AES128-SHA | - | - | |
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA | DHE-RSA-CAMELLIA128-SHA | - | - | |
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | EDH-RSA-DES-CBC3-SHA | - | - | |
| TLS_ECDH_RSA_WITH_AES_128_CBC_SHA | ECDH-RSA-AES128-SHA | - | - | |
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA | ECDH-ECDSA-AES128-SHA | - | - | |
| TLS_RSA_WITH_AES_128_CBC_SHA | AES128-SHA | - | - | |
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA | CAMELLIA128-SHA | - | - | |
| TLS_RSA_WITH_3DES_EDE_CBC_SHA | DES-CBC3-SHA | - | - | |