---
names: 
  full: "Google HTTPS or SSL Proxy Load Balancer permits SSL policies with weak cipher suites"
  contextual: "HTTPS or SSL Proxy Load Balancer permits SSL policies with weak cipher suites"
description: "Secure Sockets Layer (SSL) policies determine what port Transport Layer Security \
 (TLS) features clients are permitted to use when connecting to load balancers. To prevent usage \ 
 of insecure features, SSL policies should use (a) at least TLS 1.2 with the MODERN profile; or \ 
 (b) the RESTRICTED profile, because it effectively requires clients to use TLS 1.2 regardless of \
 the chosen minimum TLS version; or (3) a CUSTOM profile that does not support any of the \ 
 following features: TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 \ 
 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA"
type: COMPLIANCE_POLICY
categories:
  - "SECURITY"
impossible: true
frameworkMappings:
  - /frameworks/cis-gcp-v3.0.0/03/09
  - /frameworks/cloudaware/secret-and-certificate-governance/cryptographic-configuration
  - /frameworks/nist-sp-800-53-r4/sc/07
  - /frameworks/pci-dss-v3.2.1/04/01
  - /frameworks/iso-iec-27001-2013/14/01/03
similarPolicies:
  cloudConformity:
    - url: "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/gcp/CloudLoadBalancing/weak-cipher-suites-checks.html"
      name: "Check for Insecure SSL Cipher Suites"