请选择
Edge Security
  • Overview
  • DDoS Protection
    • DDoS Protection Overview
    • Exclusive DDoS Protection Usage
    • Configuration of Exclusive DDoS protection Rules
      • Increase DDoS Protection Level
      • Exclusive DDoS Traffic Alarm
      • Configuration IP blocklist/allowlist
      • Configuration Region Blocking Rule
      • Configuration Port Filtering
      • Configuration Features Filtering
      • Configuration Protocol Blocking Rule
      • Configuration Connections Attack Protection
      • Related References
        • Action
        • Related Concepts Introduction
  • Web Protection
    • Overview
    • Managed rules
    • CC attack defense
    • Custom rule
    • Custom Rate Limiting Rules
    • Exception Rules
    • Managed Custom Rules
    • Web security monitoring alarm
    • Refer
      • Web Protection Request Processing Order
      • Action
      • Match Condition
  • Bot Management
    • Overview
    • Bot Intelligent analysis
    • Bot Basic Feature Management
    • Client Reputation
    • Active Detection
    • Custom Bot Rule
    • Bot Exception Rule
    • Related References
      • Action
  • Rules Template
  • IP and IP Segment Grouping
  • Origin Protection
  • Custom Response Page
  • Alarm Notification
  • SSL/TLS
    • Overview
    • Deploying/Updating SSL Certificate for A Domain Name
    • Configuring A Free Certificate for A Domain Name
    • HTTPS Configuration
      • Forced HTTPS Access
      • Enabling HSTS
      • SSL/TLS Security Configuration
        • Configuring SSL/TLS Security
        • TLS Versions and Cipher Suites
      • Enabling OCSP Stapling

TLS Versions and Cipher Suites

This document describes the TLS protocols and cipher suites that are supported by EdgeOne during a Transport Layer Security (TLS) handshake.

TLS Protocol Versions

TLS is the successor protocol to Secure Sockets Layer (SSL) and is used to encrypt network communication between client and server applications. TLS has several versions, including TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3. TLS 1.3 is the latest version that offers the most secure and efficient encryption mechanism.

Cipher Suites

A cipher suite is a set of encryption algorithms used for secure connections via TLS. A cipher suite consists of an authentication algorithm, an encryption algorithm, and a message authentication code (MAC) algorithm. These algorithms protect data in transit from being stolen by third parties. During a TLS handshake, the client and server negotiate a cipher suite based on their lists of supported cipher suites. The cipher suite will encrypt communication between the client and server.

Use Cases

By default, EdgeOne enables all TLS versions and uses the cipher suite eo-loose-v2023, which can meet the needs of most customers. If you require a higher level of security, you can adjust the settings accordingly.
Business Scenario
TLS Version
Cipher Suite
Compatibility with earlier browser versions is prioritized while security requirements can be relaxed accordingly.
TLS 1.0, TLS 1.1, and TLS 1.2
eo-loose-v2023
A balanced approach is needed to ensure a moderate level of security and browser version compatibility.
TLS 1.2 and TLS 1.3
eo-general-v2023
A high level of security is required while browser version compatibility may be sacrificed accordingly. All TLS versions and cipher suites that may have security vulnerabilities must be blocked.
TLS 1.2 and TLS 1.3
eo-strict-v2023

TLS Protocols and Cipher Suites Supported by EdgeOne

EdgeOne supports the following versions of TLS:
TLS 1.0
TLS 1.1
TLS 1.2
TLS 1.3
OpenSSL Cipher Suite
TLS 1.3
TLS 1.2
TLS 1.1
TLS 1.0
TLS_AES_256_GCM_SHA384
-
-
-
TLS_CHACHA20_POLY1305_SHA256
-
-
-
TLS_AES_128_GCM_SHA256
-
-
-
TLS_AES_128_CCM_SHA256
-
-
-
TLS_AES_128_CCM_8_SHA256
-
-
-
ECDHE-ECDSA-AES256-GCM-SHA384
-
-
-
ECDHE-ECDSA-AES128-GCM-SHA256
-
-
-
ECDHE-RSA-AES256-GCM-SHA384
-
-
-
ECDHE-RSA-AES128-GCM-SHA256
-
-
-
ECDHE-ECDSA-CHACHA20-POLY1305
-
-
-
ECDHE-RSA-CHACHA20-POLY1305
-
-
-
ECDHE-ECDSA-AES256-SHA384
-
-
-
ECDHE-ECDSA-AES128-SHA256
-
-
-
ECDHE-RSA-AES256-SHA384
-
-
-
ECDHE-RSA-AES128-SHA256
-
-
-
ECDHE-RSA-AES256-SHA
-
-
ECDHE-RSA-AES128-SHA
-
-
AES256-GCM-SHA384
-
-
-
AES128-GCM-SHA256
-
-
-
AES256-SHA256
-
-
-
AES128-SHA256
-
-
-
AES256-SHA
-
-
AES128-SHA
-
-
EdgeOne offers users several cipher suite strength options based on the TLS protocol version.
eo-strict-v2023: Offers the highest level of security by disabling all insecure cipher suites.
eo-general-v2023: Keeps a balance between browser version compatibility and security.
eo-loose-v2023 (default): Offers the highest compatibility by relaxing security requirements accordingly.
OpenSSL Cipher Suite
eo-strict-v2023
eo-general-v2023
eo-loose-v2023
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
TLS_AES_128_CCM_SHA256
-
TLS_AES_128_CCM_8_SHA256
-
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305
ECDHE-ECDSA-AES256-SHA384
-
ECDHE-ECDSA-AES128-SHA256
-
ECDHE-RSA-AES256-SHA384
-
ECDHE-RSA-AES128-SHA256
-
ECDHE-RSA-AES256-SHA
-
-
ECDHE-RSA-AES128-SHA
-
-
AES256-GCM-SHA384
-
-
AES128-GCM-SHA256
-
-
AES256-SHA256
-
-
AES128-SHA256
-
-
AES256-SHA
-
-
AES128-SHA
-
-
You can choose a TLS version and cipher suite strength. The final supported OpenSSL cipher suites are determined by the selected options in combination.
For instance, if you enable TLS 1.3 and select eo-strict-v2023, the OpenSSL cipher suites supported are TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, and TLS_AES_128_GCM_SHA256.

Relevant Documentation