Network Load Balancer (NLB) now supports version 1.3 of the Transport Layer Security (TLS) protocol, enabling you to optimize the performance of your backend application servers while helping to keep your workloads secure. TLS 1.3 on NLB works by offloading encryption and decryption of TLS traffic from your application servers to the load balancer, and provides encryption all the way to your targets. TLS 1.3 is optimized for performance and security by using one round trip (1-RTT) TLS handshakes and only supporting ciphers that provide perfect forward secrecy. As with other versions of TLS, NLB preserves the source IP of the clients to the back-end applications while terminating TLS on the load balancer.
Source:: Amazon AWS