SSL policies specify the set of SSL features that Google Cloud load balancers use when negotiating SSL with clients. In this document, the term SSL refers to both the SSL and TLS protocols.
SSL policies are supported with the following load balancers:
- Global SSL policies
- Global external Application Load Balancer
- Classic Application Load Balancer
- External proxy Network Load Balancer (with a target SSL proxy)
- Regional SSL policies
- Regional external Application Load Balancer
- Internal Application Load Balancer
By default, these load balancers use a set of SSL features that provide good security and wide compatibility. Some applications require more control over which SSL versions and ciphers are used for their HTTPS or SSL connections. You can define SSL policies to specify the set of SSL features that your load balancer uses when negotiating SSL with clients.
The following example shows how connections from clients are established and terminated at a load balancer.
You can use an SSL policy to configure the minimum TLS version and SSL features that are enabled in the load balancer. SSL policies affect connections between clients and the load balancer (Connection-1 in the illustration). SSL policies do not affect the connections between the load balancer and the backends (Connection-2).
Defining an SSL policy
To define an SSL policy, you specify a minimum TLS version and a profile. The profile selects a set of SSL features to enable in the load balancer.
Three pre-configured Google-managed profiles let you specify the level of compatibility appropriate for your application. The three pre-configured profiles are as follows:
- COMPATIBLE. Allows the broadest set of clients, including clients that support only out-of-date SSL features, to negotiate SSL with the load balancer.
- MODERN. Supports a wide set of SSL features, allowing modern clients to negotiate SSL.
- RESTRICTED. Supports a reduced set of SSL features, intended to meet stricter compliance requirements.
A fourth CUSTOM profile lets you select SSL features individually.
The SSL policy also specifies the minimum version of the TLS protocol that clients can use to establish a connection. A profile can also restrict the versions of TLS that the load balancer can negotiate. For example, ciphers enabled in the RESTRICTED profile are only supported by TLS 1.2. Choosing the RESTRICTED profile effectively requires clients to use TLS 1.2 regardless of the chosen minimum TLS version.
If you do not choose one of the three pre-configured profiles or create a custom SSL policy, your load balancer uses the default SSL policy. The default SSL policy is equivalent to an SSL policy that uses the COMPATIBLE profile with a minimum TLS version of TLS 1.0.
You can attach an SSL policy to more than one target proxy. You cannot configure more than one SSL policy for a particular target proxy. Any changes made to SSL policies don't alter or interrupt existing load balancer connections.
Cloud Load Balancing does not support SSL versions 3.0 or earlier. The following table describes the feature support for each TLS/SSL version.
| TLS/SSL version | Feature support |
|---|---|
| TLS 1.0, 1.1, or 1.2 | Settings in SSL policies control cipher suites applied to client connections. |
| TLS 1.3 | Settings in SSL policies do not control cipher selection. TLS 1.3
supports TLS_AES_128_GCM_SHA256,
TLS_AES_256_GCM_SHA384, and
TLS_CHACHA20_POLY1305_SHA256 ciphers only. |
| QUIC | Settings in SSL policies do not control cipher selection. |
| SSL 3.0 or earlier | Not applicable. Not supported by Cloud Load Balancing. |
The following table lists the available SSL policy features for each pre-configured profile. All of the features control whether particular cipher suites can be used, and apply only to client connections that use TLS version 1.2 or earlier, not to clients that use QUIC.
| IANA value | Feature | In COMPATIBLE profile | In MODERN profile | In RESTRICTED profile |
|---|---|---|---|---|
| 0xCCA9 | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | ♦ | ♦ | ♦ |
| 0xCCA8 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | ♦ | ♦ | ♦ |
| 0xC02B | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | ♦ | ♦ | ♦ |
| 0xC02F | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ♦ | ♦ | ♦ |
| 0xC02C | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | ♦ | ♦ | ♦ |
| 0xC030 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ♦ | ♦ | ♦ |
| 0xC009 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | ♦ | ♦ | |
| 0xC013 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | ♦ | ♦ | |
| 0xC00A | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | ♦ | ♦ | |
| 0xC014 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ♦ | ♦ | |
| 0x009C | TLS_RSA_WITH_AES_128_GCM_SHA256 | ♦ | ||
| 0x009D | TLS_RSA_WITH_AES_256_GCM_SHA384 | ♦ | ||
| 0x002F | TLS_RSA_WITH_AES_128_CBC_SHA | ♦ | ||
| 0x0035 | TLS_RSA_WITH_AES_256_CBC_SHA | ♦ | ||
| 0x000A | TLS_RSA_WITH_3DES_EDE_CBC_SHA | ♦ |
Feature updates
We reserve the right to update the set of features enabled in the COMPATIBLE, MODERN, and RESTRICTED profiles, as well as which features are configurable in a CUSTOM profile. We do this as we remove support for older SSL capabilities and as we add support for newer ones.
When we add features that enhance SSL capabilities, we may enable them immediately in the COMPATIBLE, MODERN, and RESTRICTED profiles so that SSL policies that select those profiles can use the new features. However, if your policy selects the CUSTOM profile, you must modify the policy's settings to use the added features.
When we remove the ability to control a feature (either forcing it on or forcing it off for all policies), we provide advance notice, except when removing the control is necessary for security reasons.
Limitations
Disabling particular SSL versions or ciphers could result in some older clients being unable to connect to your proxy by using HTTPS or SSL. Disabling a sufficiently broad selection of ciphers in the CUSTOM profile could result in no clients being able to negotiate HTTPS.
An SSL certificate associated with your load balancer uses either an ECDSA or an RSA digital signature. The pre-defined profiles are compatible with both types of certificate signatures. A custom profile should enable ciphers that are compatible with the digital signature used by your load balancer's certificates.
The features that control cipher suites apply only to client connections that use TLS version 1.2 and earlier. They do not control cipher selection in connections that use QUIC or TLS 1.3.
What's next
- To create, modify, or delete an SSL policy, see Using SSL policies.
- To configure an SSL certificate, see Creating and using SSL certificates.