amazon web services - AWS Cloudformation: Loadbalancer Custom SSL Negotiation Policy -



amazon web services - AWS Cloudformation: Loadbalancer Custom SSL Negotiation Policy -

trying set cloudformation template custom ssl negotiation policy. cloudformation error getting is:

create_failed aws::elasticloadbalancing::loadbalancer backendelb sslnegotiationpolicy cannot enabled

my cloudformation template section follows:

"policies" : [ { "policyname": "sslnegotiationpolicy", "policytype": "sslnegotiationpolicytype", "attributes": [ { "name" : "protocol-tlsv1", "value" : "true" }, { "name" : "protocol-tlsv1.1", "value" : "true" }, { "name" : "protocol-tlsv1.2", "value" : "true" }, { "name" : "protocol-sslv2", "value" : "false" }, { "name" : "protocol-sslv3", "value" : "false" }, { "name" : "ecdhe-rsa-aes128-gcm-sha256", "value" : "true" }, { "name" : "ecdhe-ecdsa-aes128-sha256", "value" : "true" }, { "name" : "ecdhe-rsa-aes128-sha256", "value" : "true" }, { "name" : "ecdhe-ecdsa-aes128-sha", "value" : "true" }, { "name" : "ecdhe-rsa-aes128-sha", "value" : "true" }, { "name" : "dhe-rsa-aes128-sha", "value" : "true" }, { "name" : "ecdhe-ecdsa-aes256-gcm-sha384", "value" : "true" }, { "name" : "ecdhe-rsa-aes256-gcm-sha384", "value" : "true" }, { "name" : "ecdhe-ecdsa-aes256-sha384", "value" : "true" }, { "name" : "ecdhe-rsa-aes256-sha384", "value" : "true" }, { "name" : "ecdhe-rsa-aes256-sha", "value" : "true" }, { "name" : "ecdhe-ecdsa-aes256-sha", "value" : "true" }, { "name" : "aes128-gcm-sha256", "value" : "true" }, { "name" : "aes128-sha256", "value" : "true" }, { "name" : "aes128-sha", "value" : "true" }, { "name" : "aes256-gcm-sha384", "value" : "true" }, { "name" : "aes256-sha256", "value" : "true" }, { "name" : "aes256-sha", "value" : "true" }, { "name" : "dhe-dss-aes128-sha", "value" : "true" }, { "name" : "rc4-sha", "value" : "false" }, { "name" : "ecdhe-ecdsa-rc4-sha", "value" : "false" } ], "instanceports" : [ "443" ] } ]

if remove instanceports section elb creates no errors, new load balancer doesn't utilize policy outlined.

any ideas?

side question: necessary set every value of policy either true or false or if cipher not defined in template, default value defined in recommended ssl policy?

i think you're on right track. can view existing security policy contents with:

aws elb describe-load-balancer-policies

i specify completeness, such policy below:

"policies" : [ { "policyname" : "my-elbsecuritypolicy-2014-10-disablerc4", "policytype" : "sslnegotiationpolicytype", "attributes" : [ { "name": "protocol-sslv2", "value": "false" }, { "name": "protocol-tlsv1", "value": "true" }, { "name": "protocol-sslv3", "value": "false" }, { "name": "protocol-tlsv1.1", "value": "true" }, { "name": "protocol-tlsv1.2", "value": "true" }, { "name": "server-defined-cipher-order", "value": "true" }, { "name": "ecdhe-ecdsa-aes128-gcm-sha256", "value": "true" }, { "name": "ecdhe-rsa-aes128-gcm-sha256", "value": "true" }, { "name": "ecdhe-ecdsa-aes128-sha256", "value": "true" }, { "name": "ecdhe-rsa-aes128-sha256", "value": "true" }, { "name": "ecdhe-ecdsa-aes128-sha", "value": "true" }, { "name": "ecdhe-rsa-aes128-sha", "value": "true" }, { "name": "dhe-rsa-aes128-sha", "value": "true" }, { "name": "ecdhe-ecdsa-aes256-gcm-sha384", "value": "true" }, { "name": "ecdhe-rsa-aes256-gcm-sha384", "value": "true" }, { "name": "ecdhe-ecdsa-aes256-sha384", "value": "true" }, { "name": "ecdhe-rsa-aes256-sha384", "value": "true" }, { "name": "ecdhe-rsa-aes256-sha", "value": "true" }, { "name": "ecdhe-ecdsa-aes256-sha", "value": "true" }, { "name": "aes128-gcm-sha256", "value": "true" }, { "name": "aes128-sha256", "value": "true" }, { "name": "aes128-sha", "value": "true" }, { "name": "aes256-gcm-sha384", "value": "true" }, { "name": "aes256-sha256", "value": "true" }, { "name": "aes256-sha", "value": "true" }, { "name": "dhe-dss-aes128-sha", "value": "true" }, { "name": "camellia128-sha", "value": "false" }, { "name": "edh-rsa-des-cbc3-sha", "value": "false" }, { "name": "des-cbc3-sha", "value": "false" }, { "name": "ecdhe-rsa-rc4-sha", "value": "false" }, { "name": "rc4-sha", "value": "false" }, { "name": "ecdhe-ecdsa-rc4-sha", "value": "false" }, { "name": "dhe-dss-aes256-gcm-sha384", "value": "false" }, { "name": "dhe-rsa-aes256-gcm-sha384", "value": "false" }, { "name": "dhe-rsa-aes256-sha256", "value": "false" }, { "name": "dhe-dss-aes256-sha256", "value": "false" }, { "name": "dhe-rsa-aes256-sha", "value": "false" }, { "name": "dhe-dss-aes256-sha", "value": "false" }, { "name": "dhe-rsa-camellia256-sha", "value": "false" }, { "name": "dhe-dss-camellia256-sha", "value": "false" }, { "name": "camellia256-sha", "value": "false" }, { "name": "edh-dss-des-cbc3-sha", "value": "false" }, { "name": "dhe-dss-aes128-gcm-sha256", "value": "false" }, { "name": "dhe-rsa-aes128-gcm-sha256", "value": "false" }, { "name": "dhe-rsa-aes128-sha256", "value": "false" }, { "name": "dhe-dss-aes128-sha256", "value": "false" }, { "name": "dhe-rsa-camellia128-sha", "value": "false" }, { "name": "dhe-dss-camellia128-sha", "value": "false" }, { "name": "adh-aes128-gcm-sha256", "value": "false" }, { "name": "adh-aes128-sha", "value": "false" }, { "name": "adh-aes128-sha256", "value": "false" }, { "name": "adh-aes256-gcm-sha384", "value": "false" }, { "name": "adh-aes256-sha", "value": "false" }, { "name": "adh-aes256-sha256", "value": "false" }, { "name": "adh-camellia128-sha", "value": "false" }, { "name": "adh-camellia256-sha", "value": "false" }, { "name": "adh-des-cbc3-sha", "value": "false" }, { "name": "adh-des-cbc-sha", "value": "false" }, { "name": "adh-rc4-md5", "value": "false" }, { "name": "adh-seed-sha", "value": "false" }, { "name": "des-cbc-sha", "value": "false" }, { "name": "dhe-dss-seed-sha", "value": "false" }, { "name": "dhe-rsa-seed-sha", "value": "false" }, { "name": "edh-dss-des-cbc-sha", "value": "false" }, { "name": "edh-rsa-des-cbc-sha", "value": "false" }, { "name": "idea-cbc-sha", "value": "false" }, { "name": "rc4-md5", "value": "false" }, { "name": "seed-sha", "value": "false" }, { "name": "des-cbc3-md5", "value": "false" }, { "name": "des-cbc-md5", "value": "false" }, { "name": "rc2-cbc-md5", "value": "false" }, { "name": "psk-aes256-cbc-sha", "value": "false" }, { "name": "psk-3des-ede-cbc-sha", "value": "false" }, { "name": "krb5-des-cbc3-sha", "value": "false" }, { "name": "krb5-des-cbc3-md5", "value": "false" }, { "name": "psk-aes128-cbc-sha", "value": "false" }, { "name": "psk-rc4-sha", "value": "false" }, { "name": "krb5-rc4-sha", "value": "false" }, { "name": "krb5-rc4-md5", "value": "false" }, { "name": "krb5-des-cbc-sha", "value": "false" }, { "name": "krb5-des-cbc-md5", "value": "false" }, { "name": "exp-edh-rsa-des-cbc-sha", "value": "false" }, { "name": "exp-edh-dss-des-cbc-sha", "value": "false" }, { "name": "exp-adh-des-cbc-sha", "value": "false" }, { "name": "exp-des-cbc-sha", "value": "false" }, { "name": "exp-rc2-cbc-md5", "value": "false" }, { "name": "exp-krb5-rc2-cbc-sha", "value": "false" }, { "name": "exp-krb5-des-cbc-sha", "value": "false" }, { "name": "exp-krb5-rc2-cbc-md5", "value": "false" }, { "name": "exp-krb5-des-cbc-md5", "value": "false" }, { "name": "exp-adh-rc4-md5", "value": "false" }, { "name": "exp-rc4-md5", "value": "false" }, { "name": "exp-krb5-rc4-sha", "value": "false" }, { "name": "exp-krb5-rc4-md5", "value": "false" } ] } ]

you have reference policy in elb specification itself:

"listeners" : [ { "loadbalancerport" : "80", "instanceport" : "80", "protocol" : "http" }, { "loadbalancerport" : "443", "instanceport" : "80", "protocol" : "https", "sslcertificateid" : "arn:aws:iam::111111111111:server-certificate/somedomain.com", "policynames" : [ "my-elbsecuritypolicy-2014-10-disablerc4", "someotherpolicy" ] } ],

ssl amazon-web-services amazon-cloudformation

Comments

Post a Comment

Popular posts from this blog

assembly - What is the addressing mode for ld, add, and rjmp instructions? -

assembly - What is the addressing mode for ld, add, and rjmp instructions? - hey guys know ldi (load immediate) addressing mode set immediate , st instruction addressing mode set index. however, have no thought others curious are! thanks :) the addressing modes explained in instruction set, in first few pages. in table of instructions see operands instruction determine addressing mode. mode indicated arguments assembly instruction. for example, ld had several different ways of operating, depending on arguments. 1 of them ld rd,x d number of register, such ld r3,x . ld r3,-z else (although both indirect addressing). rjmp k relative addressing, jumping pc + k + 1. add rr,rd direct register addressing. result contained in rd. assembly avr instructions
Read more

vowpalwabbit - Interpreting Vowpal Wabbit results: Why are some lines appended by "h"? -

vowpalwabbit - Interpreting Vowpal Wabbit results: Why are some lines appended by "h"? - below part of log training vw model. why of these lines followed h? you'll notice that's true of "average loss" line in summary @ end. i'm not sure means, or if should care. ... average since illustration illustration current current current loss lastly counter weight label predict features 1.000000 1.000000 1 1.0 -1.0000 0.0000 15 0.500000 0.000000 2 2.0 1.0000 1.0000 15 1.250000 2.000000 4 4.0 -1.0000 1.0000 9 1.167489 1.084979 8 8.0 -1.0000 1.0000 29 1.291439 1.415389 16 16.0 1.0000 1.0000 45 1.096302 0.901166 32 32.0 -1.0000 -1.0000 21 1.299807 1.503312 64 64.0 -1.0000 1.0000 ...
Read more

Is there a way to convert an HTML page styled with Bootstrap CSS into email-compatible html? -

Is there a way to convert an HTML page styled with Bootstrap CSS into email-compatible html? - is there way convert html page styled bootstrap css html email compatible form? see there exclusively different css frameworks, ink, creating email compatible html, there flow creating email doesn't require utilize of different css framework? there html -> pdf -> email html flow? or other flow? no, couple of reasons... first, there no reliable css or html email. clients on place in terms of css back upwards & how render html, structural/semantic problem. isn't converting classes much altering html structure. as explained in this css tricks post, typical solution ol-skool techniques table-based layouts, requiring exclusively restructure existing html. have add together client-specific hacks. second, , more importantly, shouldn't send everything on existing page email. if it's newsletter subscribers, people won't read it. instead, create ...
Read more