Posted On: Oct 14, 2021
Network Load Balancer (NLB) now supports version 1.3 of the Transport Layer Security (TLS) protocol, enabling you to optimize the performance of your backend application servers while helping to keep your workloads secure. TLS 1.3 on NLB works by offloading encryption and decryption of TLS traffic from your application servers to the load balancer, and provides encryption all the way to your targets. TLS 1.3 is optimized for performance and security by using one round trip (1-RTT) TLS handshakes and only supporting ciphers that provide perfect forward secrecy. As with other versions of TLS, NLB preserves the source IP of the clients to the back-end applications while terminating TLS on the load balancer.
NLB with TLS 1.3 provides you with the tools to more easily manage your application security, enabling you to improve the security posture of your applications. Using TLS for NLB, you can centralize the deployment of SSL certificates using NLB’s integration with Amazon Certificate Manager (ACM) and Amazon Identity and Access Management (IAM). You can also analyze TLS traffic patterns and troubleshoot issues. NLB also allows you to use predefined security polices, which control the ciphers and protocols that your NLB presents to your clients.
TLS 1.3 is available on NLBs in in both Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD. Please visit the NLB documentation to learn more.