- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Billing Overview
- Basic Service Fees
- Value-added Service Fees
- Related Tencent Cloud Services
- Extra Package Description (Prepaid)
- Subscriptions
- Renewals
- Overdue and Expiration Policies
- Refund Policy
- Usage Cap Policy
- EdgeOne Plan Upgrade Guide
- Comparison of EdgeOne Plans
- About "clean traffic" billing instructions
- Getting Started
- Domain Service
- Site Acceleration
- Origin Configuration
- Edge Functions
- Overview
- Getting Started
- Operation Guide
- Runtime APIs
- Sample Functions
- Returning an HTML Page
- Returning a JSON Object
- Fetch Remote Resources
- Authenticating a Request Header
- Modifying a Response Header
- Performing an A/B Test
- Setting Cookies
- Performing Redirect Based on the Request Location
- Using the Cache API
- Caching POST Requests
- Responding in Streaming Mode
- Merging Resources and Responding in Streaming Mode
- Protecting Data from Tampering
- Rewriting a m3u8 File and Configuring Authentication
- Adaptive Image Resize
- Image Adaptive WebP
- Custom Referer Anti-leeching
- Remote Authentication
- HMAC Digital Signature
- Naming a Downloaded File
- Obtaining Client IP Address
- Best Practices
- Security Protection
- Overview
- DDoS Protection
- DDoS Protection Overview
- Exclusive DDoS Protection Usage
- Configuration of Exclusive DDoS protection Rules
- Web Protection
- Bot Management
- Rules Template
- IP and IP Segment Grouping
- Origin Protection
- Alarm Notification
- Rule Engine
- L4 Proxy
- Data Analysis&Log Service
- Tool Guide
- Best Practices
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Site APIs
- Acceleration Domain Management APIs
- Site Acceleration Configuration APIs
- Alias Domain APIs
- Security Configuration APIs
- Layer 4 Application Proxy APIs
- CreateL4Proxy
- ModifyL4Proxy
- ModifyL4ProxyStatus
- DescribeL4Proxy
- DeleteL4Proxy
- CreateL4ProxyRules
- ModifyL4ProxyRules
- ModifyL4ProxyRulesStatus
- DescribeL4ProxyRules
- DeleteL4ProxyRules
- CreateApplicationProxy
- ModifyApplicationProxy
- ModifyApplicationProxyStatus
- DescribeApplicationProxies
- DeleteApplicationProxy
- CreateApplicationProxyRule
- ModifyApplicationProxyRule
- ModifyApplicationProxyRuleStatus
- DeleteApplicationProxyRule
- Content Management APIs
- Data Analysis APIs
- Log Service APIs
- Billing APIs
- Certificate APIs
- Load Balancing APIs
- Diagnostic Tool APIs
- Version Management APIs
- Data Types
- Error Codes
- FAQs
- Agreements
- TEO Policy
- Contact Us
- Glossary
- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Billing Overview
- Basic Service Fees
- Value-added Service Fees
- Related Tencent Cloud Services
- Extra Package Description (Prepaid)
- Subscriptions
- Renewals
- Overdue and Expiration Policies
- Refund Policy
- Usage Cap Policy
- EdgeOne Plan Upgrade Guide
- Comparison of EdgeOne Plans
- About "clean traffic" billing instructions
- Getting Started
- Domain Service
- Site Acceleration
- Origin Configuration
- Edge Functions
- Overview
- Getting Started
- Operation Guide
- Runtime APIs
- Sample Functions
- Returning an HTML Page
- Returning a JSON Object
- Fetch Remote Resources
- Authenticating a Request Header
- Modifying a Response Header
- Performing an A/B Test
- Setting Cookies
- Performing Redirect Based on the Request Location
- Using the Cache API
- Caching POST Requests
- Responding in Streaming Mode
- Merging Resources and Responding in Streaming Mode
- Protecting Data from Tampering
- Rewriting a m3u8 File and Configuring Authentication
- Adaptive Image Resize
- Image Adaptive WebP
- Custom Referer Anti-leeching
- Remote Authentication
- HMAC Digital Signature
- Naming a Downloaded File
- Obtaining Client IP Address
- Best Practices
- Security Protection
- Overview
- DDoS Protection
- DDoS Protection Overview
- Exclusive DDoS Protection Usage
- Configuration of Exclusive DDoS protection Rules
- Web Protection
- Bot Management
- Rules Template
- IP and IP Segment Grouping
- Origin Protection
- Alarm Notification
- Rule Engine
- L4 Proxy
- Data Analysis&Log Service
- Tool Guide
- Best Practices
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Site APIs
- Acceleration Domain Management APIs
- Site Acceleration Configuration APIs
- Alias Domain APIs
- Security Configuration APIs
- Layer 4 Application Proxy APIs
- CreateL4Proxy
- ModifyL4Proxy
- ModifyL4ProxyStatus
- DescribeL4Proxy
- DeleteL4Proxy
- CreateL4ProxyRules
- ModifyL4ProxyRules
- ModifyL4ProxyRulesStatus
- DescribeL4ProxyRules
- DeleteL4ProxyRules
- CreateApplicationProxy
- ModifyApplicationProxy
- ModifyApplicationProxyStatus
- DescribeApplicationProxies
- DeleteApplicationProxy
- CreateApplicationProxyRule
- ModifyApplicationProxyRule
- ModifyApplicationProxyRuleStatus
- DeleteApplicationProxyRule
- Content Management APIs
- Data Analysis APIs
- Log Service APIs
- Billing APIs
- Certificate APIs
- Load Balancing APIs
- Diagnostic Tool APIs
- Version Management APIs
- Data Types
- Error Codes
- FAQs
- Agreements
- TEO Policy
- Contact Us
- Glossary
This document describes the TLS protocols and cipher suites that are supported by EdgeOne during a Transport Layer Security (TLS) handshake.
TLS Protocol Versions
TLS is the successor protocol to Secure Sockets Layer (SSL) and is used to encrypt network communication between client and server applications. TLS has several versions, including TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3. TLS 1.3 is the latest version that offers the most secure and efficient encryption mechanism.
Cipher Suites
A cipher suite is a set of encryption algorithms used for secure connections via TLS. A cipher suite consists of an authentication algorithm, an encryption algorithm, and a message authentication code (MAC) algorithm. These algorithms protect data in transit from being stolen by third parties. During a TLS handshake, the client and server negotiate a cipher suite based on their lists of supported cipher suites. The cipher suite will encrypt communication between the client and server.
Use Cases
By default, EdgeOne enables all TLS versions and uses the cipher suite
eo-loose-v2023, which can meet the needs of most customers. If you require a higher level of security, you can adjust the settings accordingly.Business Scenario | TLS Version | Cipher Suite |
Compatibility with earlier browser versions is prioritized while security requirements can be relaxed accordingly. | TLS 1.0, TLS 1.1, and TLS 1.2 | eo-loose-v2023 |
A balanced approach is needed to ensure a moderate level of security and browser version compatibility. | TLS 1.2 and TLS 1.3 | eo-general-v2023 |
A high level of security is required while browser version compatibility may be sacrificed accordingly. All TLS versions and cipher suites that may have security vulnerabilities must be blocked. | TLS 1.2 and TLS 1.3 | eo-strict-v2023 |
TLS Protocols and Cipher Suites Supported by EdgeOne
EdgeOne supports the following versions of TLS:
TLS 1.0
TLS 1.1
TLS 1.2
TLS 1.3
OpenSSL Cipher Suite | TLS 1.3 | TLS 1.2 | TLS 1.1 | TLS 1.0 |
TLS_AES_256_GCM_SHA384 | ✓ | - | - | - |
TLS_CHACHA20_POLY1305_SHA256 | ✓ | - | - | - |
TLS_AES_128_GCM_SHA256 | ✓ | - | - | - |
TLS_AES_128_CCM_SHA256 | ✓ | - | - | - |
TLS_AES_128_CCM_8_SHA256 | ✓ | - | - | - |
ECDHE-ECDSA-AES256-GCM-SHA384 | - | ✓ | - | - |
ECDHE-ECDSA-AES128-GCM-SHA256 | - | ✓ | - | - |
ECDHE-RSA-AES256-GCM-SHA384 | - | ✓ | - | - |
ECDHE-RSA-AES128-GCM-SHA256 | - | ✓ | - | - |
ECDHE-ECDSA-CHACHA20-POLY1305 | - | ✓ | - | - |
ECDHE-RSA-CHACHA20-POLY1305 | - | ✓ | - | - |
ECDHE-ECDSA-AES256-SHA384 | - | ✓ | - | - |
ECDHE-ECDSA-AES128-SHA256 | - | ✓ | - | - |
ECDHE-RSA-AES256-SHA384 | - | ✓ | - | - |
ECDHE-RSA-AES128-SHA256 | - | ✓ | - | - |
ECDHE-RSA-AES256-SHA | - | - | ✓ | ✓ |
ECDHE-RSA-AES128-SHA | - | - | ✓ | ✓ |
AES256-GCM-SHA384 | - | ✓ | - | - |
AES128-GCM-SHA256 | - | ✓ | - | - |
AES256-SHA256 | - | ✓ | - | - |
AES128-SHA256 | - | ✓ | - | - |
AES256-SHA | - | - | ✓ | ✓ |
AES128-SHA | - | - | ✓ | ✓ |
EdgeOne offers users several cipher suite strength options based on the TLS protocol version.
eo-strict-v2023: Offers the highest level of security by disabling all insecure cipher suites.eo-general-v2023: Keeps a balance between browser version compatibility and security.eo-loose-v2023 (default): Offers the highest compatibility by relaxing security requirements accordingly.OpenSSL Cipher Suite | eo-strict-v2023 | eo-general-v2023 | eo-loose-v2023 |
TLS_AES_256_GCM_SHA384 | ✓ | ✓ | ✓ |
TLS_CHACHA20_POLY1305_SHA256 | ✓ | ✓ | ✓ |
TLS_AES_128_GCM_SHA256 | ✓ | ✓ | ✓ |
TLS_AES_128_CCM_SHA256 | - | ✓ | ✓ |
TLS_AES_128_CCM_8_SHA256 | - | ✓ | ✓ |
ECDHE-ECDSA-AES256-GCM-SHA384 | ✓ | ✓ | ✓ |
ECDHE-ECDSA-AES128-GCM-SHA256 | ✓ | ✓ | ✓ |
ECDHE-RSA-AES256-GCM-SHA384 | ✓ | ✓ | ✓ |
ECDHE-RSA-AES128-GCM-SHA256 | ✓ | ✓ | ✓ |
ECDHE-ECDSA-CHACHA20-POLY1305 | ✓ | ✓ | ✓ |
ECDHE-RSA-CHACHA20-POLY1305 | ✓ | ✓ | ✓ |
ECDHE-ECDSA-AES256-SHA384 | - | ✓ | ✓ |
ECDHE-ECDSA-AES128-SHA256 | - | ✓ | ✓ |
ECDHE-RSA-AES256-SHA384 | - | ✓ | ✓ |
ECDHE-RSA-AES128-SHA256 | - | ✓ | ✓ |
ECDHE-RSA-AES256-SHA | - | - | ✓ |
ECDHE-RSA-AES128-SHA | - | - | ✓ |
AES256-GCM-SHA384 | - | - | ✓ |
AES128-GCM-SHA256 | - | - | ✓ |
AES256-SHA256 | - | - | ✓ |
AES128-SHA256 | - | - | ✓ |
AES256-SHA | - | - | ✓ |
AES128-SHA | - | - | ✓ |
You can choose a TLS version and cipher suite strength. The final supported OpenSSL cipher suites are determined by the selected options in combination.
For instance, if you enable
TLS 1.3 and select eo-strict-v2023, the OpenSSL cipher suites supported are TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, and TLS_AES_128_GCM_SHA256.
Yes
No
Was this page helpful?