Posted On: Mar 22, 2023

Application Load Balancer (ALB) now supports version 1.3 of the Transport Layer Security (TLS) protocol, enabling you to optimize the performance of your backend application servers while helping to keep your workloads secure. TLS 1.3 on ALB works by offloading encryption and decryption of TLS traffic from your application servers to the load balancer. TLS 1.3 is optimized for performance and security by using one round trip (1-RTT) TLS handshakes, and only supporting ciphers that provide perfect forward secrecy.

Using TLS with ALB provides you with the tools to more easily manage your application security, enabling you to improve the security posture of your applications. ALB allows you to centralize the deployment of SSL certificates using ALB’s integration with Amazon Certificate Manager (ACM) and Amazon Identity and Access Management (IAM). You can also analyze TLS traffic patterns and troubleshoot issues using ALB TLS metrics and access logs. ALB also allows you to use predefined security polices, which control the ciphers and protocols that your ALB presents to your clients.

TLS 1.3 is available on ALBs in both Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD. Please visit the ALB documentation to learn more.