How should the SysOps administrator resolve these issues in the MOST operationally efficient manner?
Create a new SSL certificate in ACM and install the new certificate on the ALB to support legacy web browsers.
Create a second ALB and install a custom SSL certificate with a different domain name on the second ALB to support legacy web browsers.
Remove the ALB from the configuration and install a custom SSL certificate on each web server.
Update the SSL negotiation configuration of the ALB with a security policy that contains ciphers for legacy web browsers.
Explanations:
Creating a new SSL certificate does not address compatibility issues with legacy browsers. The issue is likely with the SSL/TLS negotiation, not the certificate itself.
Adding a second ALB is inefficient and unnecessary. The problem can be resolved by adjusting the configuration of the existing ALB.
Removing the ALB and configuring SSL certificates directly on EC2 instances increases complexity and reduces scalability, which is not efficient.
Updating the SSL negotiation configuration on the ALB to use a security policy with legacy-compatible ciphers resolves the issue with legacy browsers while keeping the setup efficient.
I deduce that the answer is:
Update the SSL negotiation configuration of the ALB with a security policy that contains ciphers for legacy web browsers.
From my point of view, the answer is:
Update the SSL negotiation configuration of the ALB with a security policy that contains ciphers for legacy web browsers.