Posted On: Jan 19, 2024
Network Load Balancer (NLB) now supports RSA 3072-bit certificates, and Elliptic Curve Digital Signature Algorithm (ECDSA) 256, 384 and 521-bit certificates via AWS Certificate Manager (ACM).ENnbsp;This launch enables customers use stronger encryption during transit to meet their compliance goals.
RSA and ECDSA are two widely used public-key cryptographic algorithms to encrypt and decrypt data. With RSA 3072-bit and ECDSA 384/521-bit certificates, the longer key size will enhance security, making it more difficult for an attacker to decrypt the communication. Compared to RSA, ECDSA has the advantage of increased performance, providing higher security strength with smaller key sizes and lower computational cost. You can learn more about ECDSA security, performance and compatibility inENnbsp;this AWS Security blog post.
To enable this feature, you can get started by creating or importing RSA 3072-bit or ECDSA 256/384/521-bit certificates via ACM and associate the certificates with your NLB using AWS APIs or the AWS Management Console.
This feature is available in all commercial AWS Regions and the AWS GovCloud (US) Regions. To learn more, please refer to the NLB documentation.