[dbarlett]

The current default, ELBSecurity Policy-2014-01 [1] enables ECDSA/PFS and is close to the Mozilla TLS recommendations [2]. Getting an A+ on the Qualys test requires the HSTS header [3], which isn't an ELB issue.

[1] http://docs.aws.amazon.com/ElasticLoadBalancing/latest/Devel...

[2] https://wiki.mozilla.org/Security/Server_Side_TLS#Amazon_Web...

[3] http://mir.aculo.us/2014/04/04/how-to-get-an-a-on-the-qualsy...