diff --git a/README.md b/README.md
index 86e556d..4f4a730 100644
--- a/README.md
+++ b/README.md
@@ -242,7 +242,7 @@ Available targets:
| [https\_ingress\_cidr\_blocks](#input\_https\_ingress\_cidr\_blocks) | List of CIDR blocks to allow in HTTPS security group | `list(string)` | [
"0.0.0.0/0"
]
| no |
| [https\_ingress\_prefix\_list\_ids](#input\_https\_ingress\_prefix\_list\_ids) | List of prefix list IDs for allowing access to HTTPS ingress security group | `list(string)` | `[]` | no |
| [https\_port](#input\_https\_port) | The port for the HTTPS listener | `number` | `443` | no |
-| [https\_ssl\_policy](#input\_https\_ssl\_policy) | The name of the SSL Policy for the listener | `string` | `"ELBSecurityPolicy-2015-05"` | no |
+| [https\_ssl\_policy](#input\_https\_ssl\_policy) | The name of the SSL Policy for the listener | `string` | `"ELBSecurityPolicy-TLS13-1-2-2021-06"` | no |
| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no |
| [idle\_timeout](#input\_idle\_timeout) | The time in seconds that the connection is allowed to be idle | `number` | `60` | no |
| [internal](#input\_internal) | A boolean flag to determine whether the ALB should be internal | `bool` | `false` | no |
diff --git a/variables.tf b/variables.tf
index 9fd7a62..b83e86c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -83,7 +83,7 @@ variable "https_ingress_prefix_list_ids" {
variable "https_ssl_policy" {
type = string
description = "The name of the SSL Policy for the listener"
- default = "ELBSecurityPolicy-2015-05"
+ default = "ELBSecurityPolicy-TLS13-1-2-2021-06"
}
variable "access_logs_prefix" {