Configuring SSL/TLS Security
Use Cases
When HTTPS access is enabled for your website, EdgeOne supports multiple SSL/TLS versions to ensure compatibility with different user terminals by default. Normally, you do not need to modify this configuration. However, if your website requires a high level of security and you need to prevent users from accessing your website through less secure SSL/TLS versions, you can customize this configuration by specifying the required SSL/TLS versions.
Note:
For differences between different TLS versions and cipher suites, see TLS Versions and Cipher Suites.
Scenario 1: Modifying SSL/TLS Security Configuration for All Domain Names
To configure required SSL/TLS versions for all domain names used to access a site, refer to the following information.
Prerequisites
You have configured SSL certificates for all domain names used to access the current site as instructed in Certificate Configuration.
Directions
1. Log in to the EdgeOne console and click Site List in the left sidebar. In the site list, click the target Site.
2. On the site details page, click Site Acceleration to enter the global site configuration page. In the right navigation bar, click HTTPS.
3. On the SSL/TLS Security Configuration card, click Global settings to modify the configuration.
Default configuration:
Supported TLS versions:
TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3
.Cipher suite strength:
eo-loose-v2023
.Scenario 2: Modifying SSL/TLS Security Configuration for Specified Domain Names
To configure required SSL/TLS versions for specified domain names, refer to the following information.
Prerequisites
You have configured SSL certificates for the specified domain names used to access the current site as instructed in Certificate Configuration.
Directions
1. Log in to the EdgeOne console and click Site List in the left sidebar. In the site list, click the target Site.
2. On the site details page, click Site Acceleration to enter the global site configuration page, then click the Rule Engine tab.
3. On the Rule Engine page, click Create rule and select Add blank rule.
4. On the page that appears, select HOST from Matching type and specify an operator and a value to match the requests of specified domain names.
5. From the Operation drop-down list, select SSL/TLS security configuration. Then, select TLS versions as needed.
6. Click Save and publish.