software.amazon.awscdk.services.elasticloadbalancingv2

Enum SslPolicy

java.lang.Object

java.lang.Enum<SslPolicy>

software.amazon.awscdk.services.elasticloadbalancingv2.SslPolicy

All Implemented Interfaces:

Serializable, Comparable<SslPolicy>

@Generated(value="jsii-pacmak/1.57.0 (build f614666)",
           date="2022-04-22T22:36:22.227Z")
 @Stability(value=Stable)
public enum SslPolicy
extends Enum<SslPolicy>

Elastic Load Balancing provides the following security policies for Application Load Balancers.

We recommend the Recommended policy for general use. You can use the ForwardSecrecy policy if you require Forward Secrecy (FS).

You can use one of the TLS policies to meet compliance and security standards that require disabling certain TLS protocol versions, or to support legacy clients that require deprecated ciphers.

Example:

 import software.amazon.awscdk.services.route53.HostedZone;
 import software.amazon.awscdk.services.certificatemanager.Certificate;
 import software.amazon.awscdk.services.elasticloadbalancingv2.SslPolicy;
 Vpc vpc;
 Cluster cluster;
 IHostedZone domainZone = HostedZone.fromLookup(this, "Zone", HostedZoneProviderProps.builder().domainName("example.com").build());
 ICertificate certificate = Certificate.fromCertificateArn(this, "Cert", "arn:aws:acm:us-east-1:123456:certificate/abcdefg");
 ApplicationLoadBalancedFargateService loadBalancedFargateService = ApplicationLoadBalancedFargateService.Builder.create(this, "Service")
         .vpc(vpc)
         .cluster(cluster)
         .certificate(certificate)
         .sslPolicy(SslPolicy.RECOMMENDED)
         .domainName("api.example.com")
         .domainZone(domainZone)
         .redirectHTTP(true)
         .taskImageOptions(ApplicationLoadBalancedTaskImageOptions.builder()
                 .image(ContainerImage.fromRegistry("amazon/amazon-ecs-sample"))
                 .build())
         .build();
 

See Also:

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html

Enum Constant Summary

Enum Constants

Enum Constant and Description
FORWARD_SECRECY Forward secrecy ciphers only.
FORWARD_SECRECY_TLS11 Forward secrecy ciphers only with TLS1.1 and higher.
FORWARD_SECRECY_TLS12 Forward secrecy ciphers and TLS1.2 only.
FORWARD_SECRECY_TLS12_RES Strong forward secrecy ciphers and TLS1.2 only.
FORWARD_SECRECY_TLS12_RES_GCM Strong foward secrecy ciphers and TLV1.2 only (2020 edition).
LEGACY Support for DES-CBC3-SHA.
RECOMMENDED The recommended security policy.
TLS11 TLS1.1 and higher with all ciphers.
TLS12 TLS1.2 only and no SHA ciphers.
TLS12_EXT TLS1.2 only with all ciphers.

Method Summary

Modifier and Type	Method and Description
static SslPolicy	valueOf(String name) Returns the enum constant of this type with the specified name.
static SslPolicy[]	values() Returns an array containing the constants of this enum type, in the order they are declared.

Methods inherited from class java.lang.Enum

clone, compareTo, equals, finalize, getDeclaringClass, hashCode, name, ordinal, toString, valueOf

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Enum Constant Detail

RECOMMENDED

@Stability(value=Stable)
public static final SslPolicy RECOMMENDED

The recommended security policy.

FORWARD_SECRECY_TLS12_RES_GCM

@Stability(value=Stable)
public static final SslPolicy FORWARD_SECRECY_TLS12_RES_GCM

Strong foward secrecy ciphers and TLV1.2 only (2020 edition). Same as FORWARD_SECRECY_TLS12_RES, but only supports GCM versions of the TLS ciphers.

FORWARD_SECRECY_TLS12_RES

@Stability(value=Stable)
public static final SslPolicy FORWARD_SECRECY_TLS12_RES

Strong forward secrecy ciphers and TLS1.2 only.

FORWARD_SECRECY_TLS12

@Stability(value=Stable)
public static final SslPolicy FORWARD_SECRECY_TLS12

Forward secrecy ciphers and TLS1.2 only.

FORWARD_SECRECY_TLS11

@Stability(value=Stable)
public static final SslPolicy FORWARD_SECRECY_TLS11

Forward secrecy ciphers only with TLS1.1 and higher.

FORWARD_SECRECY

@Stability(value=Stable)
public static final SslPolicy FORWARD_SECRECY

Forward secrecy ciphers only.

TLS12

@Stability(value=Stable)
public static final SslPolicy TLS12

TLS1.2 only and no SHA ciphers.

TLS12_EXT

@Stability(value=Stable)
public static final SslPolicy TLS12_EXT

TLS1.2 only with all ciphers.

TLS11

@Stability(value=Stable)
public static final SslPolicy TLS11

TLS1.1 and higher with all ciphers.

LEGACY

@Stability(value=Stable)
public static final SslPolicy LEGACY

Support for DES-CBC3-SHA.

Do not use this security policy unless you must support a legacy client that requires the DES-CBC3-SHA cipher, which is a weak cipher.

Method Detail

values

public static SslPolicy[] values()

Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows:

for (SslPolicy c : SslPolicy.values())
    System.out.println(c);

Returns:

an array containing the constants of this enum type, in the order they are declared

valueOf

public static SslPolicy valueOf(String name)

Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)

Parameters:

name - the name of the enum constant to be returned.

Returns:

the enum constant with the specified name

Throws:

IllegalArgumentException - if this enum type has no constant with the specified name

NullPointerException - if the argument is null