Edge Security
  • Overview
  • DDoS Protection
    • DDoS Protection Overview
    • Exclusive DDoS Protection Usage
    • Configuration of Exclusive DDoS protection Rules
      • Increase DDoS Protection Level
      • Exclusive DDoS Traffic Alarm
      • Configuration IP blocklist/allowlist
      • Configuration Region Blocking Rule
      • Configuration Port Filtering
      • Configuration Features Filtering
      • Configuration Protocol Blocking Rule
      • Configuration Connections Attack Protection
      • Related References
        • Action
        • Related Concepts Introduction
  • Web Protection
    • Overview
    • Managed rules
    • CC attack defense
    • Custom rule
    • Custom Rate Limiting Rules
    • Exception Rules
    • Managed Custom Rules
    • Web security monitoring alarm
    • Refer
      • Web Protection Request Processing Order
      • Action
      • Match Condition
  • Bot Management
    • Overview
    • Bot Intelligent analysis
    • Bot Basic Feature Management
    • Client Reputation
    • Active Detection
    • Custom Bot Rule
    • Bot Exception Rule
    • Related References
      • Action
  • Rules Template
  • IP and IP Segment Grouping
  • Origin Protection
  • Custom Response Page
  • Alarm Notification
  • SSL/TLS
    • Overview
    • Deploying/Updating SSL Certificate for A Domain Name
    • Configuring A Free Certificate for A Domain Name
    • HTTPS Configuration
      • Forced HTTPS Access
      • Enabling HSTS
      • SSL/TLS Security Configuration
        • Configuring SSL/TLS Security
        • TLS Versions and Cipher Suites
      • Enabling OCSP Stapling

Configuring SSL/TLS Security

Use Cases

When HTTPS access is enabled for your website, EdgeOne supports multiple SSL/TLS versions to ensure compatibility with different user terminals by default. Normally, you do not need to modify this configuration. However, if your website requires a high level of security and you need to prevent users from accessing your website through less secure SSL/TLS versions, you can customize this configuration by specifying the required SSL/TLS versions.
Note:
For differences between different TLS versions and cipher suites, see TLS Versions and Cipher Suites.

Scenario 1: Modifying SSL/TLS Security Configuration for All Domain Names

To configure required SSL/TLS versions for all domain names used to access a site, refer to the following information.

Prerequisites

You have configured SSL certificates for all domain names used to access the current site as instructed in Certificate Configuration.

Directions

1. Log in to the EdgeOne console and click Site List in the left sidebar. In the site list, click the target Site.
2. On the site details page, click Site Acceleration to enter the global site configuration page. In the right navigation bar, click HTTPS.
3. On the SSL/TLS Security Configuration card, click Global settings to modify the configuration.

Default configuration:
Supported TLS versions: TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3.
Cipher suite strength: eo-loose-v2023.

Scenario 2: Modifying SSL/TLS Security Configuration for Specified Domain Names

To configure required SSL/TLS versions for specified domain names, refer to the following information.

Prerequisites

You have configured SSL certificates for the specified domain names used to access the current site as instructed in Certificate Configuration.

Directions

1. Log in to the EdgeOne console and click Site List in the left sidebar. In the site list, click the target Site.
2. On the site details page, click Site Acceleration to enter the global site configuration page, then click the Rule Engine tab.
3. On the Rule Engine page, click Create rule and select Add blank rule.
4. On the page that appears, select HOST from Matching type and specify an operator and a value to match the requests of specified domain names.
5. From the Operation drop-down list, select SSL/TLS security configuration. Then, select TLS versions as needed.

6. Click Save and publish.