AWS010 - An outdated SSL policy is in use by a load balancer.

Written by tfsec

Explanation

You should not use outdated/insecure TLS versions for encryption. You should be using TLS v1.2+.

Insecure Example

The following example will fail the AWS010 check.

resource "aws_alb_listener" "bad_example" {
	ssl_policy = "ELBSecurityPolicy-TLS-1-1-2017-01"
	protocol = "HTTPS"
}

Secure Example

The following example will pass the AWS010 check.

resource "aws_alb_listener" "good_example" {
	ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01"
	protocol = "HTTPS"
}

Related Links

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener

---