kennwhite/gist:1d60ff622248d725f1de

## gistfile1.txt
  PolicyDescriptions:
    - PolicyName: ELBSecurityPolicy-2014-10
      PolicyTypeName: SSLNegotiationPolicyType
      PolicyAttributeDescriptions:
        - AttributeName: Protocol-SSLv2
          AttributeValue: false # http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
        - AttributeName: Protocol-TLSv1
          AttributeValue: true # generally recognized as safe
        - AttributeName: Protocol-SSLv3
          AttributeValue: false # POODLE, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
        - AttributeName: Protocol-TLSv1.1
          AttributeValue: true # GRAS
        - AttributeName: Protocol-TLSv1.2
          AttributeValue: true # GRAS
        - AttributeName: Server-Defined-Cipher-Order
          AttributeValue: true
        - AttributeName: ECDHE-RSA-AES256-GCM-SHA384
          AttributeValue: true # this list matches the selections and order of Kenn White's: https://gist.github.com/kennwhite/25183c3f05266ee0ad7f#file-nginx_1-6-x-conf-L52 https://twitter.com/kennwhite/status/522486067480760322/photo/1
        - AttributeName: ECDHE-RSA-AES128-SHA256
          AttributeValue: true
        - AttributeName: ECDHE-RSA-AES128-SHA
          AttributeValue: true
        - AttributeName: DHE-RSA-AES128-SHA
          AttributeValue: true
        - AttributeName: RC4-SHA
          AttributeValue: true
        - AttributeName: ECDHE-ECDSA-AES128-GCM-SHA256
          AttributeValue: false
        - AttributeName: ECDHE-RSA-AES128-GCM-SHA256
          AttributeValue: false
        - AttributeName: ECDHE-ECDSA-AES128-SHA256
          AttributeValue: false
        - AttributeName: ECDHE-ECDSA-AES128-SHA
          AttributeValue: false
        - AttributeName: ECDHE-ECDSA-AES256-GCM-SHA384
          AttributeValue: false
        - AttributeName: ECDHE-ECDSA-AES256-SHA384
          AttributeValue: false
        - AttributeName: ECDHE-RSA-AES256-SHA384
          AttributeValue: false
        - AttributeName: ECDHE-RSA-AES256-SHA
          AttributeValue: false
        - AttributeName: ECDHE-ECDSA-AES256-SHA
          AttributeValue: false
        - AttributeName: AES128-GCM-SHA256
          AttributeValue: false
        - AttributeName: AES128-SHA256
          AttributeValue: false
        - AttributeName: AES128-SHA
          AttributeValue: false
        - AttributeName: AES256-GCM-SHA384
          AttributeValue: false
        - AttributeName: AES256-SHA256
          AttributeValue: false
        - AttributeName: AES256-SHA
          AttributeValue: false
        - AttributeName: DHE-DSS-AES128-SHA
          AttributeValue: false
        - AttributeName: CAMELLIA128-SHA
          AttributeValue: false
        - AttributeName: EDH-RSA-DES-CBC3-SHA
          AttributeValue: false
        - AttributeName: DES-CBC3-SHA
          AttributeValue: false
        - AttributeName: ECDHE-RSA-RC4-SHA
          AttributeValue: false
        - AttributeName: ECDHE-ECDSA-RC4-SHA
          AttributeValue: false
        - AttributeName: DHE-DSS-AES256-GCM-SHA384
          AttributeValue: false
        - AttributeName: DHE-RSA-AES256-GCM-SHA384
          AttributeValue: false
        - AttributeName: DHE-RSA-AES256-SHA256
          AttributeValue: false
        - AttributeName: DHE-DSS-AES256-SHA256
          AttributeValue: false
        - AttributeName: DHE-RSA-AES256-SHA
          AttributeValue: false
        - AttributeName: DHE-DSS-AES256-SHA
          AttributeValue: false
        - AttributeName: DHE-RSA-CAMELLIA256-SHA
          AttributeValue: false
        - AttributeName: DHE-DSS-CAMELLIA256-SHA
          AttributeValue: false
        - AttributeName: CAMELLIA256-SHA
          AttributeValue: false
        - AttributeName: EDH-DSS-DES-CBC3-SHA
          AttributeValue: false
        - AttributeName: DHE-DSS-AES128-GCM-SHA256
          AttributeValue: false
        - AttributeName: DHE-RSA-AES128-GCM-SHA256
          AttributeValue: false
        - AttributeName: DHE-RSA-AES128-SHA256
          AttributeValue: false
        - AttributeName: DHE-DSS-AES128-SHA256
          AttributeValue: false
        - AttributeName: DHE-RSA-CAMELLIA128-SHA
          AttributeValue: false
        - AttributeName: DHE-DSS-CAMELLIA128-SHA
          AttributeValue: false
        - AttributeName: ADH-AES128-GCM-SHA256
          AttributeValue: false
        - AttributeName: ADH-AES128-SHA
          AttributeValue: false
        - AttributeName: ADH-AES128-SHA256
          AttributeValue: false
        - AttributeName: ADH-AES256-GCM-SHA384
          AttributeValue: false
        - AttributeName: ADH-AES256-SHA
          AttributeValue: false
        - AttributeName: ADH-AES256-SHA256
          AttributeValue: false
        - AttributeName: ADH-CAMELLIA128-SHA
          AttributeValue: false
        - AttributeName: ADH-CAMELLIA256-SHA
          AttributeValue: false
        - AttributeName: ADH-DES-CBC3-SHA
          AttributeValue: false
        - AttributeName: ADH-DES-CBC-SHA
          AttributeValue: false
        - AttributeName: ADH-RC4-MD5
          AttributeValue: false
        - AttributeName: ADH-SEED-SHA
          AttributeValue: false
        - AttributeName: DES-CBC-SHA
          AttributeValue: false
        - AttributeName: DHE-DSS-SEED-SHA
          AttributeValue: false
        - AttributeName: DHE-RSA-SEED-SHA
          AttributeValue: false
        - AttributeName: EDH-DSS-DES-CBC-SHA
          AttributeValue: false
        - AttributeName: EDH-RSA-DES-CBC-SHA
          AttributeValue: false
        - AttributeName: IDEA-CBC-SHA
          AttributeValue: false
        - AttributeName: RC4-MD5
          AttributeValue: false
        - AttributeName: SEED-SHA
          AttributeValue: false
        - AttributeName: DES-CBC3-MD5
          AttributeValue: false
        - AttributeName: DES-CBC-MD5
          AttributeValue: false
        - AttributeName: RC2-CBC-MD5
          AttributeValue: false
        - AttributeName: PSK-AES256-CBC-SHA
          AttributeValue: false
        - AttributeName: PSK-3DES-EDE-CBC-SHA
          AttributeValue: false
        - AttributeName: KRB5-DES-CBC3-SHA
          AttributeValue: false
        - AttributeName: KRB5-DES-CBC3-MD5
          AttributeValue: false
        - AttributeName: PSK-AES128-CBC-SHA
          AttributeValue: false
        - AttributeName: PSK-RC4-SHA
          AttributeValue: false
        - AttributeName: KRB5-RC4-SHA
          AttributeValue: false
        - AttributeName: KRB5-RC4-MD5
          AttributeValue: false
        - AttributeName: KRB5-DES-CBC-SHA
          AttributeValue: false
        - AttributeName: KRB5-DES-CBC-MD5
          AttributeValue: false
        - AttributeName: EXP-EDH-RSA-DES-CBC-SHA
          AttributeValue: false
        - AttributeName: EXP-EDH-DSS-DES-CBC-SHA
          AttributeValue: false
        - AttributeName: EXP-ADH-DES-CBC-SHA
          AttributeValue: false
        - AttributeName: EXP-DES-CBC-SHA
          AttributeValue: false
        - AttributeName: EXP-RC2-CBC-MD5
          AttributeValue: false
        - AttributeName: EXP-KRB5-RC2-CBC-SHA
          AttributeValue: false
        - AttributeName: EXP-KRB5-DES-CBC-SHA
          AttributeValue: false
        - AttributeName: EXP-KRB5-RC2-CBC-MD5
          AttributeValue: false
        - AttributeName: EXP-KRB5-DES-CBC-MD5
          AttributeValue: false
        - AttributeName: EXP-ADH-RC4-MD5
          AttributeValue: false
        - AttributeName: EXP-RC4-MD5
          AttributeValue: false
        - AttributeName: EXP-KRB5-RC4-SHA
          AttributeValue: false
        - AttributeName: EXP-KRB5-RC4-MD5
          AttributeValue: false
	PolicyDescriptions:
	- PolicyName: ELBSecurityPolicy-2014-10
	PolicyTypeName: SSLNegotiationPolicyType
	PolicyAttributeDescriptions:
	- AttributeName: Protocol-SSLv2
	AttributeValue: false # http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
	- AttributeName: Protocol-TLSv1
	AttributeValue: true # generally recognized as safe
	- AttributeName: Protocol-SSLv3
	AttributeValue: false # POODLE, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
	- AttributeName: Protocol-TLSv1.1
	AttributeValue: true # GRAS
	- AttributeName: Protocol-TLSv1.2
	AttributeValue: true # GRAS
	- AttributeName: Server-Defined-Cipher-Order
	AttributeValue: true
	- AttributeName: ECDHE-RSA-AES256-GCM-SHA384
	AttributeValue: true # this list matches the selections and order of Kenn White's: https://gist.github.com/kennwhite/25183c3f05266ee0ad7f#file-nginx_1-6-x-conf-L52 https://twitter.com/kennwhite/status/522486067480760322/photo/1
	- AttributeName: ECDHE-RSA-AES128-SHA256
	AttributeValue: true
	- AttributeName: ECDHE-RSA-AES128-SHA
	AttributeValue: true
	- AttributeName: DHE-RSA-AES128-SHA
	AttributeValue: true
	- AttributeName: RC4-SHA
	AttributeValue: true
	- AttributeName: ECDHE-ECDSA-AES128-GCM-SHA256
	AttributeValue: false
	- AttributeName: ECDHE-RSA-AES128-GCM-SHA256
	AttributeValue: false
	- AttributeName: ECDHE-ECDSA-AES128-SHA256
	AttributeValue: false
	- AttributeName: ECDHE-ECDSA-AES128-SHA
	AttributeValue: false
	- AttributeName: ECDHE-ECDSA-AES256-GCM-SHA384
	AttributeValue: false
	- AttributeName: ECDHE-ECDSA-AES256-SHA384
	AttributeValue: false
	- AttributeName: ECDHE-RSA-AES256-SHA384
	AttributeValue: false
	- AttributeName: ECDHE-RSA-AES256-SHA
	AttributeValue: false
	- AttributeName: ECDHE-ECDSA-AES256-SHA
	AttributeValue: false
	- AttributeName: AES128-GCM-SHA256
	AttributeValue: false
	- AttributeName: AES128-SHA256
	AttributeValue: false
	- AttributeName: AES128-SHA
	AttributeValue: false
	- AttributeName: AES256-GCM-SHA384
	AttributeValue: false
	- AttributeName: AES256-SHA256
	AttributeValue: false
	- AttributeName: AES256-SHA
	AttributeValue: false
	- AttributeName: DHE-DSS-AES128-SHA
	AttributeValue: false
	- AttributeName: CAMELLIA128-SHA
	AttributeValue: false
	- AttributeName: EDH-RSA-DES-CBC3-SHA
	AttributeValue: false
	- AttributeName: DES-CBC3-SHA
	AttributeValue: false
	- AttributeName: ECDHE-RSA-RC4-SHA
	AttributeValue: false
	- AttributeName: ECDHE-ECDSA-RC4-SHA
	AttributeValue: false
	- AttributeName: DHE-DSS-AES256-GCM-SHA384
	AttributeValue: false
	- AttributeName: DHE-RSA-AES256-GCM-SHA384
	AttributeValue: false
	- AttributeName: DHE-RSA-AES256-SHA256
	AttributeValue: false
	- AttributeName: DHE-DSS-AES256-SHA256
	AttributeValue: false
	- AttributeName: DHE-RSA-AES256-SHA
	AttributeValue: false
	- AttributeName: DHE-DSS-AES256-SHA
	AttributeValue: false
	- AttributeName: DHE-RSA-CAMELLIA256-SHA
	AttributeValue: false
	- AttributeName: DHE-DSS-CAMELLIA256-SHA
	AttributeValue: false
	- AttributeName: CAMELLIA256-SHA
	AttributeValue: false
	- AttributeName: EDH-DSS-DES-CBC3-SHA
	AttributeValue: false
	- AttributeName: DHE-DSS-AES128-GCM-SHA256
	AttributeValue: false
	- AttributeName: DHE-RSA-AES128-GCM-SHA256
	AttributeValue: false
	- AttributeName: DHE-RSA-AES128-SHA256
	AttributeValue: false
	- AttributeName: DHE-DSS-AES128-SHA256
	AttributeValue: false
	- AttributeName: DHE-RSA-CAMELLIA128-SHA
	AttributeValue: false
	- AttributeName: DHE-DSS-CAMELLIA128-SHA
	AttributeValue: false
	- AttributeName: ADH-AES128-GCM-SHA256
	AttributeValue: false
	- AttributeName: ADH-AES128-SHA
	AttributeValue: false
	- AttributeName: ADH-AES128-SHA256
	AttributeValue: false
	- AttributeName: ADH-AES256-GCM-SHA384
	AttributeValue: false
	- AttributeName: ADH-AES256-SHA
	AttributeValue: false
	- AttributeName: ADH-AES256-SHA256
	AttributeValue: false
	- AttributeName: ADH-CAMELLIA128-SHA
	AttributeValue: false
	- AttributeName: ADH-CAMELLIA256-SHA
	AttributeValue: false
	- AttributeName: ADH-DES-CBC3-SHA
	AttributeValue: false
	- AttributeName: ADH-DES-CBC-SHA
	AttributeValue: false
	- AttributeName: ADH-RC4-MD5
	AttributeValue: false
	- AttributeName: ADH-SEED-SHA
	AttributeValue: false
	- AttributeName: DES-CBC-SHA
	AttributeValue: false
	- AttributeName: DHE-DSS-SEED-SHA
	AttributeValue: false
	- AttributeName: DHE-RSA-SEED-SHA
	AttributeValue: false
	- AttributeName: EDH-DSS-DES-CBC-SHA
	AttributeValue: false
	- AttributeName: EDH-RSA-DES-CBC-SHA
	AttributeValue: false
	- AttributeName: IDEA-CBC-SHA
	AttributeValue: false
	- AttributeName: RC4-MD5
	AttributeValue: false
	- AttributeName: SEED-SHA
	AttributeValue: false
	- AttributeName: DES-CBC3-MD5
	AttributeValue: false
	- AttributeName: DES-CBC-MD5
	AttributeValue: false
	- AttributeName: RC2-CBC-MD5
	AttributeValue: false
	- AttributeName: PSK-AES256-CBC-SHA
	AttributeValue: false
	- AttributeName: PSK-3DES-EDE-CBC-SHA
	AttributeValue: false
	- AttributeName: KRB5-DES-CBC3-SHA
	AttributeValue: false
	- AttributeName: KRB5-DES-CBC3-MD5
	AttributeValue: false
	- AttributeName: PSK-AES128-CBC-SHA
	AttributeValue: false
	- AttributeName: PSK-RC4-SHA
	AttributeValue: false
	- AttributeName: KRB5-RC4-SHA
	AttributeValue: false
	- AttributeName: KRB5-RC4-MD5
	AttributeValue: false
	- AttributeName: KRB5-DES-CBC-SHA
	AttributeValue: false
	- AttributeName: KRB5-DES-CBC-MD5
	AttributeValue: false
	- AttributeName: EXP-EDH-RSA-DES-CBC-SHA
	AttributeValue: false
	- AttributeName: EXP-EDH-DSS-DES-CBC-SHA
	AttributeValue: false
	- AttributeName: EXP-ADH-DES-CBC-SHA
	AttributeValue: false
	- AttributeName: EXP-DES-CBC-SHA
	AttributeValue: false
	- AttributeName: EXP-RC2-CBC-MD5
	AttributeValue: false
	- AttributeName: EXP-KRB5-RC2-CBC-SHA
	AttributeValue: false
	- AttributeName: EXP-KRB5-DES-CBC-SHA
	AttributeValue: false
	- AttributeName: EXP-KRB5-RC2-CBC-MD5
	AttributeValue: false
	- AttributeName: EXP-KRB5-DES-CBC-MD5
	AttributeValue: false
	- AttributeName: EXP-ADH-RC4-MD5
	AttributeValue: false
	- AttributeName: EXP-RC4-MD5
	AttributeValue: false
	- AttributeName: EXP-KRB5-RC4-SHA
	AttributeValue: false
	- AttributeName: EXP-KRB5-RC4-MD5
	AttributeValue: false