From 5cabac5ccd05ce0f91b7a6183791df3ccf239c84 Mon Sep 17 00:00:00 2001
From: Daniel Fangl <daniel.fangl@gmail.com>
Date: Fri, 10 Nov 2023 15:54:25 +0100
Subject: [PATCH] Add new ELBv2 ssl protocols, add small helper script to fetch
 them (#7009)

---
 moto/elbv2/responses.py        | 304 ++++++++++++++++++++++++++++-----
 scripts/update_ssl_policies.py |  41 +++++
 tests/test_elbv2/test_elbv2.py |   2 +-
 3 files changed, 302 insertions(+), 45 deletions(-)
 create mode 100755 scripts/update_ssl_policies.py

diff --git a/moto/elbv2/responses.py b/moto/elbv2/responses.py
index 2cfc49c7b..0f9030d96 100644
--- a/moto/elbv2/responses.py
+++ b/moto/elbv2/responses.py
@@ -7,8 +7,6 @@ from .exceptions import ListenerOrBalancerMissingError
 
 SSL_POLICIES = [
     {
-        "name": "ELBSecurityPolicy-2016-08",
-        "ssl_protocols": ["TLSv1", "TLSv1.1", "TLSv1.2"],
         "ciphers": [
             {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 1},
             {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 2},
@@ -29,10 +27,151 @@ SSL_POLICIES = [
             {"name": "AES256-SHA256", "priority": 17},
             {"name": "AES256-SHA", "priority": 18},
         ],
+        "name": "ELBSecurityPolicy-2016-08",
+        "ssl_protocols": ["TLSv1", "TLSv1.1", "TLSv1.2"],
+    },
+    {
+        "ciphers": [
+            {"name": "TLS_AES_128_GCM_SHA256", "priority": 1},
+            {"name": "TLS_AES_256_GCM_SHA384", "priority": 2},
+            {"name": "TLS_CHACHA20_POLY1305_SHA256", "priority": 3},
+            {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 4},
+            {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 5},
+            {"name": "ECDHE-ECDSA-AES128-SHA256", "priority": 6},
+            {"name": "ECDHE-RSA-AES128-SHA256", "priority": 7},
+            {"name": "ECDHE-ECDSA-AES256-GCM-SHA384", "priority": 8},
+            {"name": "ECDHE-RSA-AES256-GCM-SHA384", "priority": 9},
+            {"name": "ECDHE-ECDSA-AES256-SHA384", "priority": 10},
+            {"name": "ECDHE-RSA-AES256-SHA384", "priority": 11},
+        ],
+        "name": "ELBSecurityPolicy-TLS13-1-2-2021-06",
+        "ssl_protocols": ["TLSv1.2", "TLSv1.3"],
+    },
+    {
+        "ciphers": [
+            {"name": "TLS_AES_128_GCM_SHA256", "priority": 1},
+            {"name": "TLS_AES_256_GCM_SHA384", "priority": 2},
+            {"name": "TLS_CHACHA20_POLY1305_SHA256", "priority": 3},
+            {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 4},
+            {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 5},
+            {"name": "ECDHE-ECDSA-AES256-GCM-SHA384", "priority": 6},
+            {"name": "ECDHE-RSA-AES256-GCM-SHA384", "priority": 7},
+        ],
+        "name": "ELBSecurityPolicy-TLS13-1-2-Res-2021-06",
+        "ssl_protocols": ["TLSv1.2", "TLSv1.3"],
+    },
+    {
+        "ciphers": [
+            {"name": "TLS_AES_128_GCM_SHA256", "priority": 1},
+            {"name": "TLS_AES_256_GCM_SHA384", "priority": 2},
+            {"name": "TLS_CHACHA20_POLY1305_SHA256", "priority": 3},
+            {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 4},
+            {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 5},
+            {"name": "ECDHE-ECDSA-AES128-SHA256", "priority": 6},
+            {"name": "ECDHE-RSA-AES128-SHA256", "priority": 7},
+            {"name": "ECDHE-ECDSA-AES256-GCM-SHA384", "priority": 8},
+            {"name": "ECDHE-RSA-AES256-GCM-SHA384", "priority": 9},
+            {"name": "ECDHE-ECDSA-AES256-SHA384", "priority": 10},
+            {"name": "ECDHE-RSA-AES256-SHA384", "priority": 11},
+            {"name": "AES128-GCM-SHA256", "priority": 12},
+            {"name": "AES128-SHA256", "priority": 13},
+            {"name": "AES256-GCM-SHA384", "priority": 14},
+            {"name": "AES256-SHA256", "priority": 15},
+        ],
+        "name": "ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06",
+        "ssl_protocols": ["TLSv1.2", "TLSv1.3"],
+    },
+    {
+        "ciphers": [
+            {"name": "TLS_AES_128_GCM_SHA256", "priority": 1},
+            {"name": "TLS_AES_256_GCM_SHA384", "priority": 2},
+            {"name": "TLS_CHACHA20_POLY1305_SHA256", "priority": 3},
+            {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 4},
+            {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 5},
+            {"name": "ECDHE-ECDSA-AES128-SHA256", "priority": 6},
+            {"name": "ECDHE-RSA-AES128-SHA256", "priority": 7},
+            {"name": "ECDHE-ECDSA-AES128-SHA", "priority": 8},
+            {"name": "ECDHE-RSA-AES128-SHA", "priority": 9},
+            {"name": "ECDHE-ECDSA-AES256-GCM-SHA384", "priority": 10},
+            {"name": "ECDHE-RSA-AES256-GCM-SHA384", "priority": 11},
+            {"name": "ECDHE-ECDSA-AES256-SHA384", "priority": 12},
+            {"name": "ECDHE-RSA-AES256-SHA384", "priority": 13},
+            {"name": "ECDHE-ECDSA-AES256-SHA", "priority": 14},
+            {"name": "ECDHE-RSA-AES256-SHA", "priority": 15},
+            {"name": "AES128-GCM-SHA256", "priority": 16},
+            {"name": "AES128-SHA256", "priority": 17},
+            {"name": "AES128-SHA", "priority": 18},
+            {"name": "AES256-GCM-SHA384", "priority": 19},
+            {"name": "AES256-SHA256", "priority": 20},
+            {"name": "AES256-SHA", "priority": 21},
+        ],
+        "name": "ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06",
+        "ssl_protocols": ["TLSv1.2", "TLSv1.3"],
+    },
+    {
+        "ciphers": [
+            {"name": "TLS_AES_128_GCM_SHA256", "priority": 1},
+            {"name": "TLS_AES_256_GCM_SHA384", "priority": 2},
+            {"name": "TLS_CHACHA20_POLY1305_SHA256", "priority": 3},
+            {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 4},
+            {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 5},
+            {"name": "ECDHE-ECDSA-AES128-SHA256", "priority": 6},
+            {"name": "ECDHE-RSA-AES128-SHA256", "priority": 7},
+            {"name": "ECDHE-ECDSA-AES128-SHA", "priority": 8},
+            {"name": "ECDHE-RSA-AES128-SHA", "priority": 9},
+            {"name": "ECDHE-ECDSA-AES256-GCM-SHA384", "priority": 10},
+            {"name": "ECDHE-RSA-AES256-GCM-SHA384", "priority": 11},
+            {"name": "ECDHE-ECDSA-AES256-SHA384", "priority": 12},
+            {"name": "ECDHE-RSA-AES256-SHA384", "priority": 13},
+            {"name": "ECDHE-RSA-AES256-SHA", "priority": 14},
+            {"name": "ECDHE-ECDSA-AES256-SHA", "priority": 15},
+            {"name": "AES128-GCM-SHA256", "priority": 16},
+            {"name": "AES128-SHA256", "priority": 17},
+            {"name": "AES128-SHA", "priority": 18},
+            {"name": "AES256-GCM-SHA384", "priority": 19},
+            {"name": "AES256-SHA256", "priority": 20},
+            {"name": "AES256-SHA", "priority": 21},
+        ],
+        "name": "ELBSecurityPolicy-TLS13-1-1-2021-06",
+        "ssl_protocols": ["TLSv1.1", "TLSv1.2", "TLSv1.3"],
+    },
+    {
+        "ciphers": [
+            {"name": "TLS_AES_128_GCM_SHA256", "priority": 1},
+            {"name": "TLS_AES_256_GCM_SHA384", "priority": 2},
+            {"name": "TLS_CHACHA20_POLY1305_SHA256", "priority": 3},
+            {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 4},
+            {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 5},
+            {"name": "ECDHE-ECDSA-AES128-SHA256", "priority": 6},
+            {"name": "ECDHE-RSA-AES128-SHA256", "priority": 7},
+            {"name": "ECDHE-ECDSA-AES128-SHA", "priority": 8},
+            {"name": "ECDHE-RSA-AES128-SHA", "priority": 9},
+            {"name": "ECDHE-ECDSA-AES256-GCM-SHA384", "priority": 10},
+            {"name": "ECDHE-RSA-AES256-GCM-SHA384", "priority": 11},
+            {"name": "ECDHE-ECDSA-AES256-SHA384", "priority": 12},
+            {"name": "ECDHE-RSA-AES256-SHA384", "priority": 13},
+            {"name": "ECDHE-RSA-AES256-SHA", "priority": 14},
+            {"name": "ECDHE-ECDSA-AES256-SHA", "priority": 15},
+            {"name": "AES128-GCM-SHA256", "priority": 16},
+            {"name": "AES128-SHA256", "priority": 17},
+            {"name": "AES128-SHA", "priority": 18},
+            {"name": "AES256-GCM-SHA384", "priority": 19},
+            {"name": "AES256-SHA256", "priority": 20},
+            {"name": "AES256-SHA", "priority": 21},
+        ],
+        "name": "ELBSecurityPolicy-TLS13-1-0-2021-06",
+        "ssl_protocols": ["TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"],
+    },
+    {
+        "ciphers": [
+            {"name": "TLS_AES_128_GCM_SHA256", "priority": 1},
+            {"name": "TLS_AES_256_GCM_SHA384", "priority": 2},
+            {"name": "TLS_CHACHA20_POLY1305_SHA256", "priority": 3},
+        ],
+        "name": "ELBSecurityPolicy-TLS13-1-3-2021-06",
+        "ssl_protocols": ["TLSv1.3"],
     },
     {
-        "name": "ELBSecurityPolicy-TLS-1-2-2017-01",
-        "ssl_protocols": ["TLSv1.2"],
         "ciphers": [
             {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 1},
             {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 2},
@@ -47,10 +186,34 @@ SSL_POLICIES = [
             {"name": "AES256-GCM-SHA384", "priority": 11},
             {"name": "AES256-SHA256", "priority": 12},
         ],
+        "name": "ELBSecurityPolicy-TLS-1-2-2017-01",
+        "ssl_protocols": ["TLSv1.2"],
     },
     {
+        "ciphers": [
+            {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 1},
+            {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 2},
+            {"name": "ECDHE-ECDSA-AES128-SHA256", "priority": 3},
+            {"name": "ECDHE-RSA-AES128-SHA256", "priority": 4},
+            {"name": "ECDHE-ECDSA-AES128-SHA", "priority": 5},
+            {"name": "ECDHE-RSA-AES128-SHA", "priority": 6},
+            {"name": "ECDHE-ECDSA-AES256-GCM-SHA384", "priority": 7},
+            {"name": "ECDHE-RSA-AES256-GCM-SHA384", "priority": 8},
+            {"name": "ECDHE-ECDSA-AES256-SHA384", "priority": 9},
+            {"name": "ECDHE-RSA-AES256-SHA384", "priority": 10},
+            {"name": "ECDHE-RSA-AES256-SHA", "priority": 11},
+            {"name": "ECDHE-ECDSA-AES256-SHA", "priority": 12},
+            {"name": "AES128-GCM-SHA256", "priority": 13},
+            {"name": "AES128-SHA256", "priority": 14},
+            {"name": "AES128-SHA", "priority": 15},
+            {"name": "AES256-GCM-SHA384", "priority": 16},
+            {"name": "AES256-SHA256", "priority": 17},
+            {"name": "AES256-SHA", "priority": 18},
+        ],
         "name": "ELBSecurityPolicy-TLS-1-1-2017-01",
         "ssl_protocols": ["TLSv1.1", "TLSv1.2"],
+    },
+    {
         "ciphers": [
             {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 1},
             {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 2},
@@ -71,34 +234,52 @@ SSL_POLICIES = [
             {"name": "AES256-SHA256", "priority": 17},
             {"name": "AES256-SHA", "priority": 18},
         ],
+        "name": "ELBSecurityPolicy-TLS-1-2-Ext-2018-06",
+        "ssl_protocols": ["TLSv1.2"],
     },
     {
+        "ciphers": [
+            {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 1},
+            {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 2},
+            {"name": "ECDHE-ECDSA-AES128-SHA256", "priority": 3},
+            {"name": "ECDHE-RSA-AES128-SHA256", "priority": 4},
+            {"name": "ECDHE-ECDSA-AES128-SHA", "priority": 5},
+            {"name": "ECDHE-RSA-AES128-SHA", "priority": 6},
+            {"name": "ECDHE-ECDSA-AES256-GCM-SHA384", "priority": 7},
+            {"name": "ECDHE-RSA-AES256-GCM-SHA384", "priority": 8},
+            {"name": "ECDHE-ECDSA-AES256-SHA384", "priority": 9},
+            {"name": "ECDHE-RSA-AES256-SHA384", "priority": 10},
+            {"name": "ECDHE-RSA-AES256-SHA", "priority": 11},
+            {"name": "ECDHE-ECDSA-AES256-SHA", "priority": 12},
+        ],
+        "name": "ELBSecurityPolicy-FS-2018-06",
+        "ssl_protocols": ["TLSv1", "TLSv1.1", "TLSv1.2"],
+    },
+    {
+        "ciphers": [
+            {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 1},
+            {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 2},
+            {"name": "ECDHE-ECDSA-AES128-SHA256", "priority": 3},
+            {"name": "ECDHE-RSA-AES128-SHA256", "priority": 4},
+            {"name": "ECDHE-ECDSA-AES128-SHA", "priority": 5},
+            {"name": "ECDHE-RSA-AES128-SHA", "priority": 6},
+            {"name": "ECDHE-ECDSA-AES256-GCM-SHA384", "priority": 7},
+            {"name": "ECDHE-RSA-AES256-GCM-SHA384", "priority": 8},
+            {"name": "ECDHE-ECDSA-AES256-SHA384", "priority": 9},
+            {"name": "ECDHE-RSA-AES256-SHA384", "priority": 10},
+            {"name": "ECDHE-RSA-AES256-SHA", "priority": 11},
+            {"name": "ECDHE-ECDSA-AES256-SHA", "priority": 12},
+            {"name": "AES128-GCM-SHA256", "priority": 13},
+            {"name": "AES128-SHA256", "priority": 14},
+            {"name": "AES128-SHA", "priority": 15},
+            {"name": "AES256-GCM-SHA384", "priority": 16},
+            {"name": "AES256-SHA256", "priority": 17},
+            {"name": "AES256-SHA", "priority": 18},
+        ],
         "name": "ELBSecurityPolicy-2015-05",
         "ssl_protocols": ["TLSv1", "TLSv1.1", "TLSv1.2"],
-        "ciphers": [
-            {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 1},
-            {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 2},
-            {"name": "ECDHE-ECDSA-AES128-SHA256", "priority": 3},
-            {"name": "ECDHE-RSA-AES128-SHA256", "priority": 4},
-            {"name": "ECDHE-ECDSA-AES128-SHA", "priority": 5},
-            {"name": "ECDHE-RSA-AES128-SHA", "priority": 6},
-            {"name": "ECDHE-ECDSA-AES256-GCM-SHA384", "priority": 7},
-            {"name": "ECDHE-RSA-AES256-GCM-SHA384", "priority": 8},
-            {"name": "ECDHE-ECDSA-AES256-SHA384", "priority": 9},
-            {"name": "ECDHE-RSA-AES256-SHA384", "priority": 10},
-            {"name": "ECDHE-RSA-AES256-SHA", "priority": 11},
-            {"name": "ECDHE-ECDSA-AES256-SHA", "priority": 12},
-            {"name": "AES128-GCM-SHA256", "priority": 13},
-            {"name": "AES128-SHA256", "priority": 14},
-            {"name": "AES128-SHA", "priority": 15},
-            {"name": "AES256-GCM-SHA384", "priority": 16},
-            {"name": "AES256-SHA256", "priority": 17},
-            {"name": "AES256-SHA", "priority": 18},
-        ],
     },
     {
-        "name": "ELBSecurityPolicy-TLS-1-0-2015-04",
-        "ssl_protocols": ["TLSv1", "TLSv1.1", "TLSv1.2"],
         "ciphers": [
             {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 1},
             {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 2},
@@ -120,33 +301,68 @@ SSL_POLICIES = [
             {"name": "AES256-SHA", "priority": 18},
             {"name": "DES-CBC3-SHA", "priority": 19},
         ],
+        "name": "ELBSecurityPolicy-TLS-1-0-2015-04",
+        "ssl_protocols": ["TLSv1", "TLSv1.1", "TLSv1.2"],
     },
     {
-        "name": "ELBSecurityPolicy-FS-1-2-Res-2020-10",
+        "ciphers": [
+            {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 1},
+            {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 2},
+            {"name": "ECDHE-ECDSA-AES128-SHA256", "priority": 3},
+            {"name": "ECDHE-RSA-AES128-SHA256", "priority": 4},
+            {"name": "ECDHE-ECDSA-AES256-GCM-SHA384", "priority": 5},
+            {"name": "ECDHE-RSA-AES256-GCM-SHA384", "priority": 6},
+            {"name": "ECDHE-ECDSA-AES256-SHA384", "priority": 7},
+            {"name": "ECDHE-RSA-AES256-SHA384", "priority": 8},
+        ],
+        "name": "ELBSecurityPolicy-FS-1-2-Res-2019-08",
         "ssl_protocols": ["TLSv1.2"],
+    },
+    {
+        "ciphers": [
+            {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 1},
+            {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 2},
+            {"name": "ECDHE-ECDSA-AES128-SHA256", "priority": 3},
+            {"name": "ECDHE-RSA-AES128-SHA256", "priority": 4},
+            {"name": "ECDHE-ECDSA-AES128-SHA", "priority": 5},
+            {"name": "ECDHE-RSA-AES128-SHA", "priority": 6},
+            {"name": "ECDHE-ECDSA-AES256-GCM-SHA384", "priority": 7},
+            {"name": "ECDHE-RSA-AES256-GCM-SHA384", "priority": 8},
+            {"name": "ECDHE-ECDSA-AES256-SHA384", "priority": 9},
+            {"name": "ECDHE-RSA-AES256-SHA384", "priority": 10},
+            {"name": "ECDHE-RSA-AES256-SHA", "priority": 11},
+            {"name": "ECDHE-ECDSA-AES256-SHA", "priority": 12},
+        ],
+        "name": "ELBSecurityPolicy-FS-1-1-2019-08",
+        "ssl_protocols": ["TLSv1.1", "TLSv1.2"],
+    },
+    {
+        "ciphers": [
+            {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 1},
+            {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 2},
+            {"name": "ECDHE-ECDSA-AES128-SHA256", "priority": 3},
+            {"name": "ECDHE-RSA-AES128-SHA256", "priority": 4},
+            {"name": "ECDHE-ECDSA-AES128-SHA", "priority": 5},
+            {"name": "ECDHE-RSA-AES128-SHA", "priority": 6},
+            {"name": "ECDHE-ECDSA-AES256-GCM-SHA384", "priority": 7},
+            {"name": "ECDHE-RSA-AES256-GCM-SHA384", "priority": 8},
+            {"name": "ECDHE-ECDSA-AES256-SHA384", "priority": 9},
+            {"name": "ECDHE-RSA-AES256-SHA384", "priority": 10},
+            {"name": "ECDHE-RSA-AES256-SHA", "priority": 11},
+            {"name": "ECDHE-ECDSA-AES256-SHA", "priority": 12},
+        ],
+        "name": "ELBSecurityPolicy-FS-1-2-2019-08",
+        "ssl_protocols": ["TLSv1.2"],
+    },
+    {
         "ciphers": [
             {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 1},
             {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 2},
             {"name": "ECDHE-ECDSA-AES256-GCM-SHA384", "priority": 3},
             {"name": "ECDHE-RSA-AES256-GCM-SHA384", "priority": 4},
         ],
-    },
-    {
-        "name": "ELBSecurityPolicy-TLS13-1-2-2021-06",
-        "ssl_protocols": ["TLSv1.2", "TLSv1.3"],
-        "ciphers": [
-            {"name": "TLS_AES_128_GCM_SHA256", "priority": 1},
-            {"name": "TLS_AES_256_GCM_SHA384", "priority": 2},
-            {"name": "TLS_CHACHA20_POLY1305_SHA256", "priority": 3},
-            {"name": "ECDHE-ECDSA-AES128-GCM-SHA256", "priority": 4},
-            {"name": "ECDHE-RSA-AES128-GCM-SHA256", "priority": 5},
-            {"name": "ECDHE-ECDSA-AES128-SHA256", "priority": 6},
-            {"name": "ECDHE-RSA-AES128-SHA256", "priority": 7},
-            {"name": "ECDHE-ECDSA-AES256-GCM-SHA384", "priority": 8},
-            {"name": "ECDHE-RSA-AES256-GCM-SHA384", "priority": 9},
-            {"name": "ECDHE-ECDSA-AES256-SHA384", "priority": 10},
-            {"name": "ECDHE-RSA-AES256-SHA384", "priority": 11},
-        ],
+        "name": "ELBSecurityPolicy-FS-1-2-Res-2020-10",
+        "ssl_protocols": ["TLSv1.2"],
     },
 ]
 
diff --git a/scripts/update_ssl_policies.py b/scripts/update_ssl_policies.py
new file mode 100755
index 000000000..fcf447325
--- /dev/null
+++ b/scripts/update_ssl_policies.py
@@ -0,0 +1,41 @@
+#!/bin/bash
+import json
+
+import boto3
+import re
+
+CAMEL_CASE_PATTERN = re.compile(r"(?<!^)(?=[A-Z])")
+
+KEY_BLACKLIST = ["SupportedLoadBalancerTypes"]
+
+def camel_case_to_snake_case(name: str):
+    return CAMEL_CASE_PATTERN.sub("_", name).lower()
+
+
+def get_ssl_elb_ssl_policies():
+    elbv2_client = boto3.client("elbv2")
+    return elbv2_client.describe_ssl_policies()["SslPolicies"]
+
+
+def transform_policies(ssl_policies: dict):
+    if isinstance(ssl_policies, list):
+        return [transform_policies(item) for item in ssl_policies]
+    if not isinstance(ssl_policies, dict):
+        return ssl_policies
+    result = {}
+    for key, value in sorted(ssl_policies.items()):
+        if key in KEY_BLACKLIST:
+            continue
+        new_key = camel_case_to_snake_case(key)
+        result[new_key] = transform_policies(value)
+    return result
+
+
+def main():
+    policies = get_ssl_elb_ssl_policies()
+    transformed_policies = transform_policies(policies)
+    print(json.dumps(transformed_policies, indent=4))
+
+
+if __name__ == "__main__":
+    main()
diff --git a/tests/test_elbv2/test_elbv2.py b/tests/test_elbv2/test_elbv2.py
index 84fcf9675..734a24add 100644
--- a/tests/test_elbv2/test_elbv2.py
+++ b/tests/test_elbv2/test_elbv2.py
@@ -1120,7 +1120,7 @@ def test_describe_ssl_policies():
     client = boto3.client("elbv2", region_name="eu-central-1")
 
     resp = client.describe_ssl_policies()
-    assert len(resp["SslPolicies"]) == 7
+    assert len(resp["SslPolicies"]) > 0
 
     resp = client.describe_ssl_policies(
         Names=["ELBSecurityPolicy-TLS-1-2-2017-01", "ELBSecurityPolicy-2016-08"]