Skip to content

AWS_103 Prefix for tls policy is too specific #7184

New issue
New issue
Open
#7253
Open
AWS_103 Prefix for tls policy is too specific#7184
#7253
Labels
checksCheck additions or changes
@bdoyle0182

Description

@bdoyle0182
bdoyle0182
opened on May 22, 2025

Describe the issue
The added support for tls1.3 a few years ago assumed a check with a date in the policy which is now outdated.

'TLS': ("ELBSecurityPolicy-TLS13-1-3-2021-06", "ELBSecurityPolicy-TLS13-1-2", "ELBSecurityPolicy-FS-1-2", "ELBSecurityPolicy-TLS-1-2")

the first supported prefix there should just be ELBSecurityPolicy-TLS13-1-3

https://github.com/bridgecrewio/checkov/pull/2934/files#diff-38f42170d16370bf4ddd20596457e8830d388549768d4b4406d5150b0020aae0R10

Examples
We have a resource attempting to use this policy ELBSecurityPolicy-TLS13-1-3-FIPS-2023-04 failing on this check due to the too strict prefix.

Version (please complete the following information):

  • latest

Additional context

Metadata

Metadata

Assignees

No one assigned

    Labels

    checksCheck additions or changes

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions