[trapexit]

Yes. https://forums.aws.amazon.com/thread.jspa?threadID=149690

[nicpottier]

Note that until it gets patched, you can go to your ELB config and disable TLS support, which I believe (someone please correct me if not) will protect you from this particular attack. Whether the cure is better than the disease is up to you.

[ccpost]

Disabling TLS in the ELB config seemed to work for me until AWS finishes the patch rollout. (Looks like they're partway on the rollout.)