Skip to content

Instantly share code, notes, and snippets.

@tedder

tedder/gist:d45a7fc2893647324632

Last active August 29, 2015 14:07
Show Gist options
  • Save tedder/d45a7fc2893647324632 to your computer and use it in GitHub Desktop.
Save tedder/d45a7fc2893647324632 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
---
PolicyDescriptions:
- PolicyName: ELBSecurityPolicy-2014-10
PolicyTypeName: SSLNegotiationPolicyType
PolicyAttributeDescriptions:
- AttributeName: Protocol-SSLv2
AttributeValue: false # http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
- AttributeName: Protocol-TLSv1
AttributeValue: true # generally recognized as safe
- AttributeName: Protocol-SSLv3
AttributeValue: false # POODLE, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
- AttributeName: Protocol-TLSv1.1
AttributeValue: true # generally recognized as safe
- AttributeName: Protocol-TLSv1.2
AttributeValue: true # generally recognized as safe
- AttributeName: Server-Defined-Cipher-Order
AttributeValue: true # a best practice
- AttributeName: ECDHE-ECDSA-AES128-GCM-SHA256
AttributeValue: true #GRAS
- AttributeName: ECDHE-RSA-AES128-GCM-SHA256
AttributeValue: true #GRAS, http://blog.cloudflare.com/staying-on-top-of-tls-attacks/
- AttributeName: ECDHE-ECDSA-AES128-SHA256
AttributeValue: true # assuming GRAS
- AttributeName: ECDHE-RSA-AES128-SHA256
AttributeValue: true # assuming GRAS
- AttributeName: ECDHE-ECDSA-AES128-SHA
AttributeValue: true # GRAS, cloudflare
- AttributeName: ECDHE-RSA-AES128-SHA
AttributeValue: true # GRAS, cloudflare
- AttributeName: DHE-RSA-AES128-SHA
AttributeValue: true # GRAS, cloudflare
- AttributeName: ECDHE-ECDSA-AES256-GCM-SHA384
AttributeValue: true # assuming GRAS
- AttributeName: ECDHE-RSA-AES256-GCM-SHA384
AttributeValue: true # assuming GRAS
- AttributeName: ECDHE-ECDSA-AES256-SHA384
AttributeValue: true # assuming GRAS
- AttributeName: ECDHE-RSA-AES256-SHA384
AttributeValue: true # assuming GRAS
- AttributeName: ECDHE-RSA-AES256-SHA
AttributeValue: true # GRAS, cloudflare
- AttributeName: ECDHE-ECDSA-AES256-SHA
AttributeValue: true # GRAS, cloudflare
- AttributeName: AES128-GCM-SHA256
AttributeValue: false # mozilla, https://wiki.mozilla.org/Security/Server_Side_TLS#elb_ciphers.py
- AttributeName: AES128-SHA256
AttributeValue: false # mozilla
- AttributeName: AES128-SHA
AttributeValue: false # mozilla
- AttributeName: AES256-GCM-SHA384
AttributeValue: false # mozilla
- AttributeName: AES256-SHA256
AttributeValue: false # mozilla
- AttributeName: AES256-SHA
AttributeValue: false # mozilla
- AttributeName: DHE-DSS-AES128-SHA
AttributeValue: false # unpopular
- AttributeName: CAMELLIA128-SHA
AttributeValue: false # mozilla
- AttributeName: EDH-RSA-DES-CBC3-SHA
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: DES-CBC3-SHA
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: ECDHE-RSA-RC4-SHA
AttributeValue: false # http://www.isg.rhul.ac.uk/tls/#Version
- AttributeName: RC4-SHA
AttributeValue: false # http://www.isg.rhul.ac.uk/tls/#Version
- AttributeName: ECDHE-ECDSA-RC4-SHA
AttributeValue: false # http://blog.cloudflare.com/killing-rc4-the-long-goodbye/
- AttributeName: DHE-DSS-AES256-GCM-SHA384
AttributeValue: false # unpopular
- AttributeName: DHE-RSA-AES256-GCM-SHA384
AttributeValue: true # GRAS
- AttributeName: DHE-RSA-AES256-SHA256
AttributeValue: true # GRAS
- AttributeName: DHE-DSS-AES256-SHA256
AttributeValue: false # mozilla
- AttributeName: DHE-RSA-AES256-SHA
AttributeValue: true # cloudflare
- AttributeName: DHE-DSS-AES256-SHA
AttributeValue: false # mozilla
- AttributeName: DHE-RSA-CAMELLIA256-SHA
AttributeValue: false # mozilla
- AttributeName: DHE-DSS-CAMELLIA256-SHA
AttributeValue: false # mozilla, unpopular
- AttributeName: CAMELLIA256-SHA
AttributeValue: false # mozilla
- AttributeName: EDH-DSS-DES-CBC3-SHA
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957 ; unpopular
- AttributeName: DHE-DSS-AES128-GCM-SHA256
AttributeValue: false # unpopular
- AttributeName: DHE-RSA-AES128-GCM-SHA256
AttributeValue: true # mozilla
- AttributeName: DHE-RSA-AES128-SHA256
AttributeValue: true # mozilla
- AttributeName: DHE-DSS-AES128-SHA256
AttributeValue: false # unpopular
- AttributeName: DHE-RSA-CAMELLIA128-SHA
AttributeValue: false # mozilla
- AttributeName: DHE-DSS-CAMELLIA128-SHA
AttributeValue: false # mozilla
- AttributeName: ADH-AES128-GCM-SHA256
AttributeValue: false # ADH vulnerable to MITM
- AttributeName: ADH-AES128-SHA
AttributeValue: false # ADH vulnerable to MITM
- AttributeName: ADH-AES128-SHA256
AttributeValue: false # ADH vulnerable to MITM
- AttributeName: ADH-AES256-GCM-SHA384
AttributeValue: false # ADH vulnerable to MITM
- AttributeName: ADH-AES256-SHA
AttributeValue: false # ADH vulnerable to MITM
- AttributeName: ADH-AES256-SHA256
AttributeValue: false # ADH vulnerable to MITM
- AttributeName: ADH-CAMELLIA128-SHA
AttributeValue: false # ADH vulnerable to MITM
- AttributeName: ADH-CAMELLIA256-SHA
AttributeValue: false # ADH vulnerable to MITM
- AttributeName: ADH-DES-CBC3-SHA
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957 ; also ADH vulnerable to MITM
- AttributeName: ADH-DES-CBC-SHA
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957 ; also ADH vulnerable to MITM
- AttributeName: ADH-RC4-MD5
AttributeValue: false # http://www.isg.rhul.ac.uk/tls/#Version ; also ADH vulnerable to MITM
- AttributeName: ADH-SEED-SHA
AttributeValue: false # ADH vulnerable to MITM
- AttributeName: DES-CBC-SHA
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: DHE-DSS-SEED-SHA
AttributeValue: false # mozilla
- AttributeName: DHE-RSA-SEED-SHA
AttributeValue: false # mozilla
- AttributeName: EDH-DSS-DES-CBC-SHA
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: EDH-RSA-DES-CBC-SHA
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: IDEA-CBC-SHA
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: RC4-MD5
AttributeValue: false # http://www.isg.rhul.ac.uk/tls/#Version
- AttributeName: SEED-SHA
AttributeValue: false # mozilla
- AttributeName: DES-CBC3-MD5
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: DES-CBC-MD5
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: RC2-CBC-MD5
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: PSK-AES256-CBC-SHA
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: PSK-3DES-EDE-CBC-SHA
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: KRB5-DES-CBC3-SHA
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: KRB5-DES-CBC3-MD5
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: PSK-AES128-CBC-SHA
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: PSK-RC4-SHA
AttributeValue: false # http://www.isg.rhul.ac.uk/tls/#Version
- AttributeName: KRB5-RC4-SHA
AttributeValue: false # http://www.isg.rhul.ac.uk/tls/#Version
- AttributeName: KRB5-RC4-MD5
AttributeValue: false # http://www.isg.rhul.ac.uk/tls/#Version
- AttributeName: KRB5-DES-CBC-SHA
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: KRB5-DES-CBC-MD5
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: EXP-EDH-RSA-DES-CBC-SHA
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: EXP-EDH-DSS-DES-CBC-SHA
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: EXP-ADH-DES-CBC-SHA
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: EXP-DES-CBC-SHA
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: EXP-RC2-CBC-MD5
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: EXP-KRB5-RC2-CBC-SHA
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: EXP-KRB5-DES-CBC-SHA
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: EXP-KRB5-RC2-CBC-MD5
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: EXP-KRB5-DES-CBC-MD5
AttributeValue: false # BEAST/CBC https://forums.aws.amazon.com/message.jspa?messageID=426034#jive-message-376957
- AttributeName: EXP-ADH-RC4-MD5
AttributeValue: false # http://www.isg.rhul.ac.uk/tls/#Version
- AttributeName: EXP-RC4-MD5
AttributeValue: false # http://www.isg.rhul.ac.uk/tls/#Version
- AttributeName: EXP-KRB5-RC4-SHA
AttributeValue: false # http://www.isg.rhul.ac.uk/tls/#Version
- AttributeName: EXP-KRB5-RC4-MD5
AttributeValue: false # http://www.isg.rhul.ac.uk/tls/#Version
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment