- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Description of 14-day Trial Plan Experience Benefits
- Billing Overview
- Basic Service Fees
- Value-added Service Fees
- Related Tencent Cloud Services
- Extra Package Description (Prepaid)
- Subscriptions
- Renewals
- Overdue and Expiration Policies
- Refund Policy
- Usage Cap Policy
- EdgeOne Plan Upgrade Guide
- Comparison of EdgeOne Plans
- Billing Usage
- About "clean traffic" billing instructions
- Getting Started
- Domain Service
- Site Acceleration
- Origin Configuration
- Edge Functions
- Overview
- Getting Started
- Operation Guide
- Runtime APIs
- Sample Functions
- Example Overview
- 301 Redirect
- Obtaining Client URL Information
- Customization Based on Client Geo Location
- Obtaining Client Geo Location Information
- Batch Redirect
- Returning an HTML Page
- Returning a JSON Object
- Fetch Remote Resources
- Authenticating a Request Header
- Modifying a Response Header
- Performing an A/B Test
- Setting Cookies
- Performing Redirect Based on the Request Location
- Using the Cache API
- Caching POST Requests
- Responding in Streaming Mode
- Merging Resources and Responding in Streaming Mode
- Protecting Data from Tampering
- Rewriting a m3u8 File and Configuring Authentication
- Adaptive Image Resize
- Image Adaptive WebP
- Customize Referer restriction rules
- Remote Authentication
- HMAC Digital Signature
- Naming a Downloaded File
- Obtaining Client IP Address
- Practical Tutorial
- Security Protection
- Overview
- DDoS Protection
- DDoS Protection Overview
- Exclusive DDoS Protection Usage
- Configuration of Exclusive DDoS protection Rules
- Web Protection
- Rules Template
- IP Groups
- Origin Protection
- Custom Response Page
- Alarm Notification
- Rule Engine
- L4 Proxy
- Data Analysis&Log Service
- Tool Guide
- Practical Tutorial
- Configuring EdgeOne Security Event Alarms via TCOP
- EdgeOne Resource Abuse Prevention
- EdgeOne Implementation of Session Persistence Based on Client IP Addresses
- EdgeOne Implementation of Origin-Pull Based on Client's Geo Location
- EdgeOne Hotlink Protection Practical Tutorial
- EdgeOne initiates Automatic Warm-up
- EdgeOne Automatic Cache Purge
- Cross-regional Secure Acceleration (Oversea Sites)
- Scheduling Traffic to EdgeOne by Performing Canary Switching
- Quickly Enabling HTTPS Access with EdgeOne Free Certificate
- Through traffic orchestration to multiple service providers
- EdgeOne facilitate APKs.s dynamic packaging of Android
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Site APIs
- Acceleration Domain Management APIs
- Site Acceleration Configuration APIs
- Edge Function APIs
- Alias Domain APIs
- Security Configuration APIs
- Layer 4 Application Proxy APIs
- CreateL4Proxy
- ModifyL4Proxy
- ModifyL4ProxyStatus
- DescribeL4Proxy
- DeleteL4Proxy
- CreateL4ProxyRules
- ModifyL4ProxyRules
- ModifyL4ProxyRulesStatus
- DescribeL4ProxyRules
- DeleteL4ProxyRules
- CreateApplicationProxy
- ModifyApplicationProxy
- ModifyApplicationProxyStatus
- DescribeApplicationProxies
- DeleteApplicationProxy
- CreateApplicationProxyRule
- ModifyApplicationProxyRule
- ModifyApplicationProxyRuleStatus
- DeleteApplicationProxyRule
- Content Management APIs
- Data Analysis APIs
- Log Service APIs
- Billing APIs
- Certificate APIs
- Load Balancing APIs
- Diagnostic Tool APIs
- Custom Response Page APIs
- Version Management APIs
- Data Types
- Error Codes
- FAQs
- Agreements
- TEO Policy
- Contact Us
- Glossary
- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Description of 14-day Trial Plan Experience Benefits
- Billing Overview
- Basic Service Fees
- Value-added Service Fees
- Related Tencent Cloud Services
- Extra Package Description (Prepaid)
- Subscriptions
- Renewals
- Overdue and Expiration Policies
- Refund Policy
- Usage Cap Policy
- EdgeOne Plan Upgrade Guide
- Comparison of EdgeOne Plans
- Billing Usage
- About "clean traffic" billing instructions
- Getting Started
- Domain Service
- Site Acceleration
- Origin Configuration
- Edge Functions
- Overview
- Getting Started
- Operation Guide
- Runtime APIs
- Sample Functions
- Example Overview
- 301 Redirect
- Obtaining Client URL Information
- Customization Based on Client Geo Location
- Obtaining Client Geo Location Information
- Batch Redirect
- Returning an HTML Page
- Returning a JSON Object
- Fetch Remote Resources
- Authenticating a Request Header
- Modifying a Response Header
- Performing an A/B Test
- Setting Cookies
- Performing Redirect Based on the Request Location
- Using the Cache API
- Caching POST Requests
- Responding in Streaming Mode
- Merging Resources and Responding in Streaming Mode
- Protecting Data from Tampering
- Rewriting a m3u8 File and Configuring Authentication
- Adaptive Image Resize
- Image Adaptive WebP
- Customize Referer restriction rules
- Remote Authentication
- HMAC Digital Signature
- Naming a Downloaded File
- Obtaining Client IP Address
- Practical Tutorial
- Security Protection
- Overview
- DDoS Protection
- DDoS Protection Overview
- Exclusive DDoS Protection Usage
- Configuration of Exclusive DDoS protection Rules
- Web Protection
- Rules Template
- IP Groups
- Origin Protection
- Custom Response Page
- Alarm Notification
- Rule Engine
- L4 Proxy
- Data Analysis&Log Service
- Tool Guide
- Practical Tutorial
- Configuring EdgeOne Security Event Alarms via TCOP
- EdgeOne Resource Abuse Prevention
- EdgeOne Implementation of Session Persistence Based on Client IP Addresses
- EdgeOne Implementation of Origin-Pull Based on Client's Geo Location
- EdgeOne Hotlink Protection Practical Tutorial
- EdgeOne initiates Automatic Warm-up
- EdgeOne Automatic Cache Purge
- Cross-regional Secure Acceleration (Oversea Sites)
- Scheduling Traffic to EdgeOne by Performing Canary Switching
- Quickly Enabling HTTPS Access with EdgeOne Free Certificate
- Through traffic orchestration to multiple service providers
- EdgeOne facilitate APKs.s dynamic packaging of Android
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Site APIs
- Acceleration Domain Management APIs
- Site Acceleration Configuration APIs
- Edge Function APIs
- Alias Domain APIs
- Security Configuration APIs
- Layer 4 Application Proxy APIs
- CreateL4Proxy
- ModifyL4Proxy
- ModifyL4ProxyStatus
- DescribeL4Proxy
- DeleteL4Proxy
- CreateL4ProxyRules
- ModifyL4ProxyRules
- ModifyL4ProxyRulesStatus
- DescribeL4ProxyRules
- DeleteL4ProxyRules
- CreateApplicationProxy
- ModifyApplicationProxy
- ModifyApplicationProxyStatus
- DescribeApplicationProxies
- DeleteApplicationProxy
- CreateApplicationProxyRule
- ModifyApplicationProxyRule
- ModifyApplicationProxyRuleStatus
- DeleteApplicationProxyRule
- Content Management APIs
- Data Analysis APIs
- Log Service APIs
- Billing APIs
- Certificate APIs
- Load Balancing APIs
- Diagnostic Tool APIs
- Custom Response Page APIs
- Version Management APIs
- Data Types
- Error Codes
- FAQs
- Agreements
- TEO Policy
- Contact Us
- Glossary
This document describes the TLS protocols and cipher suites that are supported by EdgeOne during a Transport Layer Security (TLS) handshake.
TLS Protocol Versions
TLS is the successor protocol to Secure Sockets Layer (SSL) and is used to encrypt network communication between client and server applications. TLS has several versions, including TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3. TLS 1.3 is the latest version that offers the most secure and efficient encryption mechanism.
Cipher Suites
A cipher suite is a set of encryption algorithms used for secure connections via TLS. A cipher suite consists of an authentication algorithm, an encryption algorithm, and a message authentication code (MAC) algorithm. These algorithms protect data in transit from being stolen by third parties. During a TLS handshake, the client and server negotiate a cipher suite based on their lists of supported cipher suites. The cipher suite will encrypt communication between the client and server.
Use Cases
By default, EdgeOne enables all TLS versions and uses the cipher suite
eo-loose-v2023, which can meet the needs of most customers. If you require a higher level of security, you can adjust the settings accordingly.Business Scenario | TLS Version | Cipher Suite |
Compatibility with earlier browser versions is prioritized while security requirements can be relaxed accordingly. | TLS 1.0, TLS 1.1, and TLS 1.2 | eo-loose-v2023 |
A balanced approach is needed to ensure a moderate level of security and browser version compatibility. | TLS 1.2 and TLS 1.3 | eo-general-v2023 |
A high level of security is required while browser version compatibility may be sacrificed accordingly. All TLS versions and cipher suites that may have security vulnerabilities must be blocked. | TLS 1.2 and TLS 1.3 | eo-strict-v2023 |
TLS Protocols and Cipher Suites Supported by EdgeOne
EdgeOne supports the following versions of TLS:
TLS 1.0
TLS 1.1
TLS 1.2
TLS 1.3
OpenSSL Cipher Suite | TLS 1.3 | TLS 1.2 | TLS 1.1 | TLS 1.0 |
TLS_AES_256_GCM_SHA384 | ✓ | - | - | - |
TLS_CHACHA20_POLY1305_SHA256 | ✓ | - | - | - |
TLS_AES_128_GCM_SHA256 | ✓ | - | - | - |
TLS_AES_128_CCM_SHA256 | ✓ | - | - | - |
TLS_AES_128_CCM_8_SHA256 | ✓ | - | - | - |
ECDHE-ECDSA-AES256-GCM-SHA384 | - | ✓ | - | - |
ECDHE-ECDSA-AES128-GCM-SHA256 | - | ✓ | - | - |
ECDHE-RSA-AES256-GCM-SHA384 | - | ✓ | - | - |
ECDHE-RSA-AES128-GCM-SHA256 | - | ✓ | - | - |
ECDHE-ECDSA-CHACHA20-POLY1305 | - | ✓ | - | - |
ECDHE-RSA-CHACHA20-POLY1305 | - | ✓ | - | - |
ECDHE-ECDSA-AES256-SHA384 | - | ✓ | - | - |
ECDHE-ECDSA-AES128-SHA256 | - | ✓ | - | - |
ECDHE-RSA-AES256-SHA384 | - | ✓ | - | - |
ECDHE-RSA-AES128-SHA256 | - | ✓ | - | - |
ECDHE-RSA-AES256-SHA | - | - | ✓ | ✓ |
ECDHE-RSA-AES128-SHA | - | - | ✓ | ✓ |
AES256-GCM-SHA384 | - | ✓ | - | - |
AES128-GCM-SHA256 | - | ✓ | - | - |
AES256-SHA256 | - | ✓ | - | - |
AES128-SHA256 | - | ✓ | - | - |
AES256-SHA | - | - | ✓ | ✓ |
AES128-SHA | - | - | ✓ | ✓ |
EdgeOne offers users several cipher suite strength options based on the TLS protocol version.
eo-strict-v2023: Offers the highest level of security by disabling all insecure cipher suites.eo-general-v2023: Keeps a balance between browser version compatibility and security.eo-loose-v2023 (default): Offers the highest compatibility by relaxing security requirements accordingly.OpenSSL Cipher Suite | eo-strict-v2023 | eo-general-v2023 | eo-loose-v2023 |
TLS_AES_256_GCM_SHA384 | ✓ | ✓ | ✓ |
TLS_CHACHA20_POLY1305_SHA256 | ✓ | ✓ | ✓ |
TLS_AES_128_GCM_SHA256 | ✓ | ✓ | ✓ |
TLS_AES_128_CCM_SHA256 | - | ✓ | ✓ |
TLS_AES_128_CCM_8_SHA256 | - | ✓ | ✓ |
ECDHE-ECDSA-AES256-GCM-SHA384 | ✓ | ✓ | ✓ |
ECDHE-ECDSA-AES128-GCM-SHA256 | ✓ | ✓ | ✓ |
ECDHE-RSA-AES256-GCM-SHA384 | ✓ | ✓ | ✓ |
ECDHE-RSA-AES128-GCM-SHA256 | ✓ | ✓ | ✓ |
ECDHE-ECDSA-CHACHA20-POLY1305 | ✓ | ✓ | ✓ |
ECDHE-RSA-CHACHA20-POLY1305 | ✓ | ✓ | ✓ |
ECDHE-ECDSA-AES256-SHA384 | - | ✓ | ✓ |
ECDHE-ECDSA-AES128-SHA256 | - | ✓ | ✓ |
ECDHE-RSA-AES256-SHA384 | - | ✓ | ✓ |
ECDHE-RSA-AES128-SHA256 | - | ✓ | ✓ |
ECDHE-RSA-AES256-SHA | - | - | ✓ |
ECDHE-RSA-AES128-SHA | - | - | ✓ |
AES256-GCM-SHA384 | - | - | ✓ |
AES128-GCM-SHA256 | - | - | ✓ |
AES256-SHA256 | - | - | ✓ |
AES128-SHA256 | - | - | ✓ |
AES256-SHA | - | - | ✓ |
AES128-SHA | - | - | ✓ |
You can choose a TLS version and cipher suite strength. The final supported OpenSSL cipher suites are determined by the selected options in combination.
For instance, if you enable
TLS 1.3 and select eo-strict-v2023, the OpenSSL cipher suites supported are TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, and TLS_AES_128_GCM_SHA256.
Yes
No
Was this page helpful?