https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-ssl-security-policy.html
AWS ELB lets me select or create a custom "security policy" for SSL. I can set the "Server Order Preference" and ciphers. I want to understand what part of this is AWS specific and which part I would see on any load balancer Im configuring with SSL. I've worked with other load balancers and have never had to set SSL Security Policies like this.
Best Answer
An ELB SSL listener security policy is the combination of SSL protocols, SSL ciphers, and their order preferences that specifies the set of SSL settings an ELB will use to communicate with clients via SSL/TLS.
All SSL clients and servers negotiate a protocol supported by both sides, including encryption algorithm and key exchange protocol, TLS level supported, key length etc.
You would see a similar set of specifications or settings on any SSL client for example putty or curl.
We run PCI compliant websites and have to tune the ELB security policies to only allow the TLS version and ciphers that are mandated by the current PCI standard. We always use a custom policy that is more restrictive than normal for this reason, and have to pick and choose the correct set of encryption options for us.
I have used other SSL load balancers and they have all had similar configuration options for SSL. They are sometimes buried in the configuration screens but they are there.