diff --git a/terraform/environments/cooker/main.tf b/terraform/environments/cooker/main.tf
index 7deaa1dc64d..017b35b3f6f 100644
--- a/terraform/environments/cooker/main.tf
+++ b/terraform/environments/cooker/main.tf
@@ -447,7 +447,7 @@ resource "aws_lb_listener" "external" {
   load_balancer_arn = aws_lb.external.arn
   port              = "443"
   protocol          = "HTTPS"
-  ssl_policy        = "ELBSecurityPolicy-2016-08"
+  ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-2021-06"
   certificate_arn   = aws_acm_certificate.external.arn
 
   default_action {
@@ -587,7 +587,7 @@ resource "aws_lb_listener" "inner" {
   load_balancer_arn = aws_lb.inner.arn
   port              = "443"
   protocol          = "HTTPS"
-  ssl_policy        = "ELBSecurityPolicy-2016-08"
+  ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-2021-06"
   certificate_arn   = aws_acm_certificate.inner.arn
 
   default_action {
diff --git a/terraform/environments/example/loadbalancer.tf b/terraform/environments/example/loadbalancer.tf
index 04c385934f7..40f9c79a69c 100644
--- a/terraform/environments/example/loadbalancer.tf
+++ b/terraform/environments/example/loadbalancer.tf
@@ -97,7 +97,7 @@ resource "aws_lb_listener" "external" {
   port              = local.application_data.accounts[local.environment].server_port
   protocol          = local.application_data.accounts[local.environment].lb_listener_protocol
   #checkov:skip=CKV_AWS_2: "protocol for lb set in application_variables"
-  ssl_policy = local.application_data.accounts[local.environment].lb_listener_protocol == "HTTP" ? "" : "ELBSecurityPolicy-2016-08"
+  ssl_policy = local.application_data.accounts[local.environment].lb_listener_protocol == "HTTP" ? "" : "ELBSecurityPolicy-TLS13-1-2-2021-06"
   #checkov:skip=CKV_AWS_103: "ssl_policy for lb set in application_variables"
 
   default_action {
diff --git a/terraform/environments/sprinkler/main.tf b/terraform/environments/sprinkler/main.tf
index defa2415b76..b876696bc74 100644
--- a/terraform/environments/sprinkler/main.tf
+++ b/terraform/environments/sprinkler/main.tf
@@ -476,7 +476,7 @@ resource "aws_lb_listener" "external" {
   load_balancer_arn = aws_lb.external.arn
   port              = "443"
   protocol          = "HTTPS"
-  ssl_policy        = "ELBSecurityPolicy-TLS-1-2-2017-01"
+  ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-2021-06"
   certificate_arn   = aws_acm_certificate.external.arn
 
   default_action {
@@ -633,7 +633,7 @@ resource "aws_lb_listener" "inner" {
   load_balancer_arn = aws_lb.inner.arn
   port              = "443"
   protocol          = "HTTPS"
-  ssl_policy        = "ELBSecurityPolicy-TLS-1-2-2017-01"
+  ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-2021-06"
   certificate_arn   = aws_acm_certificate.inner.arn
 
   default_action {