Exclude cipher suites at the API gateway using a Network Load Balancer security policy
While working on to get exclude cipher suites with CBC encoding. I came across https://aws.amazon.com/blogs/security/exclude-cipher-suites-at-the-api-gateway-using-a-network-load-balancer-security-policy/