Ensure that your Amazon Network Load Balancers (NLBs) are configured to use ALPN policies for the TLS listeners. Application-Layer Protocol Negotiation (ALPN) is a TLS extension supported by all major web browsers, that enables the application layer to negotiate which protocols should be used over a secure connection, such as HTTP/2.
With Application-Layer Protocol Negotiation (ALPN) policies, you can offload your application's TLS HTTP/2 traffic encryption/decryption process to your Network Load Balancer (NLB), improving your service security posture and reducing operational complexity.
Note: ALPN policies can be applied only when forwarding requests to TLS target groups.
Audit
To determine if your Network Load Balancers (NLBs) are configured to use TLS ALPN policies, perform the following operations:
Remediation / Resolution
Application-Layer Protocol Negotiation (ALPN) is a TLS extension that includes the protocol negotiation within the exchange of hello messages. To update your Network Load Balancer listeners configuration in order to implement TLS ALPN policies, perform the following operations:
References
- AWS Documentation
- Elastic Load Balancing FAQs
- Listeners for your Network Load Balancers
- TLS listeners for your Network Load Balancer
- AWS Command Line Interface (CLI) Documentation
- describe-load-balancers
- describe-listeners
- modify-listener
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable TLS ALPN Policy for Network Load Balancers
Risk Level: Medium