diff --git a/aws-tools/apply_security_assurance_elb_ciphersuite_policy.py b/aws-tools/apply_security_assurance_elb_ciphersuite_policy.py index 01f14c3..0761f76 100755 --- a/aws-tools/apply_security_assurance_elb_ciphersuite_policy.py +++ b/aws-tools/apply_security_assurance_elb_ciphersuite_policy.py @@ -18,7 +18,19 @@ #import logging #logging.basicConfig(level=logging.DEBUG) -policy_attributes = {"ADH-AES128-GCM-SHA256": False, +policy_attributes = {"ECDHE-ECDSA-AES128-GCM-SHA256": True, + "ECDHE-RSA-AES128-GCM-SHA256": True, + "ECDHE-ECDSA-AES128-SHA256": True, + "ECDHE-RSA-AES128-SHA256": True, + "ECDHE-ECDSA-AES128-SHA": True, + "ECDHE-RSA-AES128-SHA": True, + "ECDHE-ECDSA-AES256-GCM-SHA384": True, + "ECDHE-RSA-AES256-GCM-SHA384": True, + "ECDHE-ECDSA-AES256-SHA384": True, + "ECDHE-RSA-AES256-SHA384": True, + "ECDHE-RSA-AES256-SHA": True, + "ECDHE-ECDSA-AES256-SHA": True, + "ADH-AES128-GCM-SHA256": False, "ADH-AES256-GCM-SHA384": False, "ADH-AES128-SHA": False, "ADH-AES128-SHA256": False, @@ -96,15 +108,17 @@ "RC2-CBC-MD5": False, "RC4-MD5": False, "RC4-SHA": True, - "SEED-SHA": False} + "SEED-SHA": False, + "Server-Defined-Cipher-Order": True + } -policy_name = 'Mozilla-Security-Assurance-Ciphersuite-Policy-v-1-2' +policy_name = 'Mozilla-Security-Assurance-Ciphersuite-Policy-v-1-4' # Create the Ciphersuite Policy params = {'LoadBalancerName': load_balancer_name, 'PolicyName': policy_name, 'PolicyTypeName': 'SSLNegotiationPolicyType'} -conn_elb.build_complex_list_params(params, +conn_elb.build_complex_list_params(params, [(x, policy_attributes[x]) for x in policy_attributes.keys()], 'PolicyAttributes.member', ('AttributeName', 'AttributeValue'))