Why should you disable TLS 1.0?
Transport Layer Security is a cryptographic protocol used to establish a secure communications channel between two systems. It’s the successor to SSL and has undergone a number of revisions since TLS 1.0 first appeared in 1990.
There are several serious vulnerabilities in SSL (POODLE, BEAST) and early TLS (min-in-the-middle attacks). The only way to mitigate these security risks, is disabling SSLv3 and TLS 1.0 completely, and removing them as fallbacks.
Disable TLS 1.0 on AWS
Disabling TLS 1.0 on Amazon Web Services is very straightforward and should be done as soon as possible. The PCI Security Standards Council set a deadline of 30 June 2018. If the server is found to allow TLS 1.0 connections, it will fail PCI DSS scans. Failing PCI DSS compliance means that legally merchants will not be allowed to store any customer card details.
Step 1
Log into the AWS Console and navigate to the EC2 group. Within this group, click the Load Balancers option under Load Balancing.
Step 2
At the bottom of the screen, click the Listeners tab. You should see your HTTPS listener listed. Click the Change link under the Cipher column.
Step 3
You will see a list of Predefined Security Policies in the window that just opened. Ensure you select at least the TLS 1.1 or higher policy. You will notice the selections in the window to the right changing, leaving both vulnerable protocols unchecked.
Step 4
Finally, click the Save button to confirm the changes. You can make use of a service like Qualys to confirm your changes:
