diff --git a/README.md b/README.md
index aabcd12..272830a 100644
--- a/README.md
+++ b/README.md
@@ -303,6 +303,7 @@ Available targets:
 | <a name="input_labels_as_tags"></a> [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.<br>Default is to include all labels.<br>Tags with empty values will not be included in the `tags` output.<br>Set to `[]` to suppress all generated tags.<br>**Notes:**<br>  The value of the `name` tag, if included, will be the `id`, not the `name`.<br>  Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be<br>  changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | <pre>[<br>  "default"<br>]</pre> | no |
 | <a name="input_loadbalancer_certificate_arn"></a> [loadbalancer\_certificate\_arn](#input\_loadbalancer\_certificate\_arn) | Load Balancer SSL certificate ARN. The certificate must be present in AWS Certificate Manager | `string` | `""` | no |
 | <a name="input_loadbalancer_logs_bucket_force_destroy"></a> [loadbalancer\_logs\_bucket\_force\_destroy](#input\_loadbalancer\_logs\_bucket\_force\_destroy) | Force destroy the S3 bucket for load balancer logs even if it's not empty | `bool` | `false` | no |
+| <a name="input_loadbalancer_ssl_policy"></a> [loadbalancer\_ssl\_policy](#input\_loadbalancer\_ssl\_policy) | Specify a security policy to apply to the listener. This option is only applicable to environments with an application load balancer | `string` | `""` | no |
 | <a name="input_loadbalancer_subnets"></a> [loadbalancer\_subnets](#input\_loadbalancer\_subnets) | List of subnets to place Elastic Load Balancer | `list(string)` | n/a | yes |
 | <a name="input_loadbalancer_type"></a> [loadbalancer\_type](#input\_loadbalancer\_type) | Load Balancer type, e.g. 'application' or 'classic' | `string` | `"application"` | no |
 | <a name="input_master_instance_type"></a> [master\_instance\_type](#input\_master\_instance\_type) | EC2 instance type for Jenkins master, e.g. 't2.medium' | `string` | `"t2.medium"` | no |
diff --git a/docs/terraform.md b/docs/terraform.md
index 28b16b7..34dc6a6 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -75,6 +75,7 @@
 | <a name="input_labels_as_tags"></a> [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.<br>Default is to include all labels.<br>Tags with empty values will not be included in the `tags` output.<br>Set to `[]` to suppress all generated tags.<br>**Notes:**<br>  The value of the `name` tag, if included, will be the `id`, not the `name`.<br>  Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be<br>  changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | <pre>[<br>  "default"<br>]</pre> | no |
 | <a name="input_loadbalancer_certificate_arn"></a> [loadbalancer\_certificate\_arn](#input\_loadbalancer\_certificate\_arn) | Load Balancer SSL certificate ARN. The certificate must be present in AWS Certificate Manager | `string` | `""` | no |
 | <a name="input_loadbalancer_logs_bucket_force_destroy"></a> [loadbalancer\_logs\_bucket\_force\_destroy](#input\_loadbalancer\_logs\_bucket\_force\_destroy) | Force destroy the S3 bucket for load balancer logs even if it's not empty | `bool` | `false` | no |
+| <a name="input_loadbalancer_ssl_policy"></a> [loadbalancer\_ssl\_policy](#input\_loadbalancer\_ssl\_policy) | Specify a security policy to apply to the listener. This option is only applicable to environments with an application load balancer | `string` | `""` | no |
 | <a name="input_loadbalancer_subnets"></a> [loadbalancer\_subnets](#input\_loadbalancer\_subnets) | List of subnets to place Elastic Load Balancer | `list(string)` | n/a | yes |
 | <a name="input_loadbalancer_type"></a> [loadbalancer\_type](#input\_loadbalancer\_type) | Load Balancer type, e.g. 'application' or 'classic' | `string` | `"application"` | no |
 | <a name="input_master_instance_type"></a> [master\_instance\_type](#input\_master\_instance\_type) | EC2 instance type for Jenkins master, e.g. 't2.medium' | `string` | `"t2.medium"` | no |
diff --git a/main.tf b/main.tf
index 6ebb319..ae4f61a 100644
--- a/main.tf
+++ b/main.tf
@@ -46,6 +46,7 @@ module "elastic_beanstalk_environment" {
   keypair                 = var.ssh_key_pair
   solution_stack_name     = var.solution_stack_name
   force_destroy           = var.loadbalancer_logs_bucket_force_destroy
+  loadbalancer_ssl_policy = var.loadbalancer_ssl_policy
 
   # Provide EFS DNS name to EB in the `EFS_HOST` ENV var. EC2 instance will mount to the EFS filesystem and use it to store Jenkins state
   # Add slaves Security Group `JENKINS_SLAVE_SECURITY_GROUPS` (comma-separated if more than one). Will be used by Jenkins to init the EC2 plugin to launch slaves inside the Security Group
diff --git a/variables.tf b/variables.tf
index 66a14fa..591866e 100644
--- a/variables.tf
+++ b/variables.tf
@@ -51,6 +51,12 @@ variable "loadbalancer_certificate_arn" {
   default     = ""
 }
 
+variable "loadbalancer_ssl_policy" {
+  type        = "string"
+  default     = ""
+  description = "Specify a security policy to apply to the listener. This option is only applicable to environments with an application load balancer"
+}
+
 variable "loadbalancer_subnets" {
   type        = list(string)
   description = "List of subnets to place Elastic Load Balancer"