Posted On: Feb 18, 2024

Network Load Balancer (NLB) now supports RSA 3072-bit certificates, and Elliptic Curve Digital Signature Algorithm (ECDSA) 256, 384 and 521-bit certificates via Amazon Certificate Manager (ACM). This launch enables customers use stronger encryption during transit to meet their compliance goals.

RSA and ECDSA are two widely used public-key cryptographic algorithms to encrypt and decrypt data. With RSA 3072-bit and ECDSA 384/521-bit certificates, the longer key size will enhance security, making it more difficult for an attacker to decrypt the communication. Compared to RSA, ECDSA has the advantage of increased performance, providing higher security strength with smaller key sizes and lower computational cost. You can learn more about ECDSA security, performance and compatibility in this Amazon Security blog post.

To get started, you can use these certificates through ACM. You can request and issue ECDSA P256 and P384 certificates directly through ACM. If you need to use either RSA 3072 or ECDSA P-521, you can import them for use through ACM.

This feature is available in Amazon Web Services China (Beijing) Region, operated by Sinnet and Amazon Web Services China (Ningxia) Region, operated by NWCD. To learn more, please refer to the NLB documentation.