SslPolicy (software.amazon.awscdk:aws-cdk-lib 2.42.1 API)

java.lang.Object
- java.lang.Enum<SslPolicy>
- - software.amazon.awscdk.services.elasticloadbalancingv2.SslPolicy

All Implemented Interfaces:: Serializable, Comparable<SslPolicy>

@Generated(value="jsii-pacmak/1.67.0 (build 2c027f5)",
           date="2022-09-19T20:26:39.134Z")
 @Stability(value=Stable)
public enum SslPolicy
extends Enum<SslPolicy>

Elastic Load Balancing provides the following security policies for Application Load Balancers.

We recommend the Recommended policy for general use. You can use the ForwardSecrecy policy if you require Forward Secrecy (FS).

You can use one of the TLS policies to meet compliance and security standards that require disabling certain TLS protocol versions, or to support legacy clients that require deprecated ciphers.

Example:

 import software.amazon.awscdk.services.certificatemanager.Certificate;
 import software.amazon.awscdk.services.ec2.InstanceType;
 import software.amazon.awscdk.services.ecs.Cluster;
 import software.amazon.awscdk.services.ecs.ContainerImage;
 import software.amazon.awscdk.services.elasticloadbalancingv2.ApplicationProtocol;
 import software.amazon.awscdk.services.elasticloadbalancingv2.SslPolicy;
 import software.amazon.awscdk.services.route53.PublicHostedZone;
 Vpc vpc = Vpc.Builder.create(this, "Vpc").maxAzs(1).build();
 ApplicationMultipleTargetGroupsFargateService loadBalancedFargateService = ApplicationMultipleTargetGroupsFargateService.Builder.create(this, "myService")
         .cluster(Cluster.Builder.create(this, "EcsCluster").vpc(vpc).build())
         .memoryLimitMiB(256)
         .taskImageOptions(ApplicationLoadBalancedTaskImageProps.builder()
                 .image(ContainerImage.fromRegistry("amazon/amazon-ecs-sample"))
                 .build())
         .enableExecuteCommand(true)
         .loadBalancers(List.of(ApplicationLoadBalancerProps.builder()
                 .name("lb")
                 .idleTimeout(Duration.seconds(400))
                 .domainName("api.example.com")
                 .domainZone(PublicHostedZone.Builder.create(this, "HostedZone").zoneName("example.com").build())
                 .listeners(List.of(ApplicationListenerProps.builder()
                         .name("listener")
                         .protocol(ApplicationProtocol.HTTPS)
                         .certificate(Certificate.fromCertificateArn(this, "Cert", "helloworld"))
                         .sslPolicy(SslPolicy.TLS12_EXT)
                         .build()))
                 .build(), ApplicationLoadBalancerProps.builder()
                 .name("lb2")
                 .idleTimeout(Duration.seconds(120))
                 .domainName("frontend.com")
                 .domainZone(PublicHostedZone.Builder.create(this, "HostedZone").zoneName("frontend.com").build())
                 .listeners(List.of(ApplicationListenerProps.builder()
                         .name("listener2")
                         .protocol(ApplicationProtocol.HTTPS)
                         .certificate(Certificate.fromCertificateArn(this, "Cert2", "helloworld"))
                         .sslPolicy(SslPolicy.TLS12_EXT)
                         .build()))
                 .build()))
         .targetGroups(List.of(ApplicationTargetProps.builder()
                 .containerPort(80)
                 .listener("listener")
                 .build(), ApplicationTargetProps.builder()
                 .containerPort(90)
                 .pathPattern("a/b/c")
                 .priority(10)
                 .listener("listener")
                 .build(), ApplicationTargetProps.builder()
                 .containerPort(443)
                 .listener("listener2")
                 .build(), ApplicationTargetProps.builder()
                 .containerPort(80)
                 .pathPattern("a/b/c")
                 .priority(10)
                 .listener("listener2")
                 .build()))
         .build();

See Also:: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html

Enum Constant Summary

Enum Constants
Enum Constant and Description
`FORWARD_SECRECY` Forward secrecy ciphers only.
`FORWARD_SECRECY_TLS11` Forward secrecy ciphers only with TLS1.1 and 1.2.
`FORWARD_SECRECY_TLS12` Forward secrecy ciphers and TLS1.2 only.
`FORWARD_SECRECY_TLS12_RES` Strong forward secrecy ciphers and TLS1.2 only.
`FORWARD_SECRECY_TLS12_RES_GCM` Strong foward secrecy ciphers and TLV1.2 only (2020 edition).
`LEGACY` Support for DES-CBC3-SHA.
`RECOMMENDED` The recommended policy for http listeners.
`RECOMMENDED_TLS` The recommended security policy for TLS listeners.
`TLS11` TLS1.1 and 1.2 with all ciphers.
`TLS12` TLS1.2 only and no SHA ciphers.
`TLS12_EXT` TLS1.2 only with all ciphers.
`TLS13_10` TLS1.0 through 1.3 with all ciphers.
`TLS13_11` TLS1.1 through 1.3 with all ciphers.
`TLS13_13` TLS1.3 only.
`TLS13_EXT1` TLS1.2 and 1.3 and no SHA ciphers.
`TLS13_EXT2` TLS1.2 and 1.3 with all ciphers.
`TLS13_RES` TLS1.2 and 1.3.

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method and Description
`static SslPolicy`	`valueOf(String name)` Returns the enum constant of this type with the specified name.
`static SslPolicy[]`	`values()` Returns an array containing the constants of this enum type, in the order they are declared.

Methods inherited from class java.lang.Enum
clone, compareTo, equals, finalize, getDeclaringClass, hashCode, name, ordinal, toString, valueOf

Methods inherited from class java.lang.Object
getClass, notify, notifyAll, wait, wait, wait

- Enum Constant Detail
  - RECOMMENDED_TLS
```
@Stability(value=Stable)
public static final SslPolicy RECOMMENDED_TLS
```
    The recommended security policy for TLS listeners.
    This is the default policy for listeners created using the AWS Management Console
  - RECOMMENDED
```
@Stability(value=Stable)
public static final SslPolicy RECOMMENDED
```
    The recommended policy for http listeners.
    This is the default security policy for listeners created using the AWS CLI
  - TLS13_RES
```
@Stability(value=Stable)
public static final SslPolicy TLS13_RES
```
    TLS1.2 and 1.3.
  - TLS13_EXT1
```
@Stability(value=Stable)
public static final SslPolicy TLS13_EXT1
```
    TLS1.2 and 1.3 and no SHA ciphers.
  - TLS13_EXT2
```
@Stability(value=Stable)
public static final SslPolicy TLS13_EXT2
```
    TLS1.2 and 1.3 with all ciphers.
  - TLS13_10
```
@Stability(value=Stable)
public static final SslPolicy TLS13_10
```
    TLS1.0 through 1.3 with all ciphers.
  - TLS13_11
```
@Stability(value=Stable)
public static final SslPolicy TLS13_11
```
    TLS1.1 through 1.3 with all ciphers.
  - TLS13_13
```
@Stability(value=Stable)
public static final SslPolicy TLS13_13
```
    TLS1.3 only.
  - FORWARD_SECRECY_TLS12_RES_GCM
```
@Stability(value=Stable)
public static final SslPolicy FORWARD_SECRECY_TLS12_RES_GCM
```
    Strong foward secrecy ciphers and TLV1.2 only (2020 edition). Same as FORWARD_SECRECY_TLS12_RES, but only supports GCM versions of the TLS ciphers.
  - FORWARD_SECRECY_TLS12_RES
```
@Stability(value=Stable)
public static final SslPolicy FORWARD_SECRECY_TLS12_RES
```
    Strong forward secrecy ciphers and TLS1.2 only.
  - FORWARD_SECRECY_TLS12
```
@Stability(value=Stable)
public static final SslPolicy FORWARD_SECRECY_TLS12
```
    Forward secrecy ciphers and TLS1.2 only.
  - FORWARD_SECRECY_TLS11
```
@Stability(value=Stable)
public static final SslPolicy FORWARD_SECRECY_TLS11
```
    Forward secrecy ciphers only with TLS1.1 and 1.2.
  - FORWARD_SECRECY
```
@Stability(value=Stable)
public static final SslPolicy FORWARD_SECRECY
```
    Forward secrecy ciphers only.
  - TLS12
```
@Stability(value=Stable)
public static final SslPolicy TLS12
```
    TLS1.2 only and no SHA ciphers.
  - TLS12_EXT
```
@Stability(value=Stable)
public static final SslPolicy TLS12_EXT
```
    TLS1.2 only with all ciphers.
  - TLS11
```
@Stability(value=Stable)
public static final SslPolicy TLS11
```
    TLS1.1 and 1.2 with all ciphers.
  - LEGACY
```
@Stability(value=Stable)
public static final SslPolicy LEGACY
```
    Support for DES-CBC3-SHA.
    Do not use this security policy unless you must support a legacy client that requires the DES-CBC3-SHA cipher, which is a weak cipher.
- Method Detail
  - values
```
public static SslPolicy[] values()
```
    Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows:
```
for (SslPolicy c : SslPolicy.values())
    System.out.println(c);
```
    Returns:
    
    an array containing the constants of this enum type, in the order they are declared
  - valueOf
```
public static SslPolicy valueOf(String name)
```
    Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)
    
    Parameters:
    
    name - the name of the enum constant to be returned.
    
    Returns:
    
    the enum constant with the specified name
    
    Throws:
    
    IllegalArgumentException - if this enum type has no constant with the specified name
    
    NullPointerException - if the argument is null

Enum SslPolicy

Enum Constant Summary

Method Summary

Methods inherited from class java.lang.Enum

Methods inherited from class java.lang.Object

Enum Constant Detail

RECOMMENDED_TLS

RECOMMENDED

TLS13_RES

TLS13_EXT1

TLS13_EXT2

TLS13_10

TLS13_11

TLS13_13

FORWARD_SECRECY_TLS12_RES_GCM

FORWARD_SECRECY_TLS12_RES

FORWARD_SECRECY_TLS12

FORWARD_SECRECY_TLS11

FORWARD_SECRECY

TLS12

TLS12_EXT

TLS11

LEGACY

Method Detail

values

valueOf