Configure TLS version control

更新时间:
复制 MD 格式

ApsaraVideo VOD supports Transport Layer Security (TLS) version control to help secure data transmitted over the Internet. You can configure TLS versions for your accelerated domain name in the ApsaraVideo VOD console.

Prerequisites

An SSL certificate is configured for your accelerated domain name. TLS version control is available only after an SSL certificate is configured. For more information, see HTTPS secure acceleration.

Background information

ApsaraVideo VOD supports TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3. By default, TLSv1.0, TLSv1.1, and TLSv1.2 are enabled.

Procedure

  1. Log in to the ApsaraVideo VOD console.

  2. In the left-side navigation pane, choose Configuration Management > CDN Configuration > Domain Names.

  3. Find the domain name that you want to configure and click Configure in the Actions column.

  4. In the left-side navigation pane for the domain name, click HTTPS.

  5. In the TLS Version Control section, enable or disable the TLS versions as needed.

    The following table describes the TLS protocol versions.

    Protocol

    Description

    Browser support

    TLSv1.0

    Defined in RFC 2246 in 1999 as an update to SSL 3.0. This version is vulnerable to attacks such as BEAST and POODLE. It uses weak encryption and does not provide adequate protection for modern network connections. This version is not compliant with the Payment Card Industry Data Security Standard (PCI DSS).

    • IE6+

    • Chrome 1+

    • Firefox 2+

    TLSv1.1

    Defined in RFC 4346 in 2006. This version resolves several vulnerabilities in TLSv1.0.

    • IE 11+

    • Chrome 22+

    • Firefox 24+

    • Safari 7+

    TLSv1.2

    Defined in RFC 5246 in 2008. This is the most widely used version today.

    • IE 11+

    • Chrome 30+

    • Firefox 27+

    • Safari 7+

    TLSv1.3

    Defined in RFC 8446 in 2018. This is the latest TLS version. It supports a zero round-trip time (0-RTT) mode for faster connections and exclusively uses key exchange algorithms that provide perfect forward secrecy.

    • Chrome 70+

    • Firefox 63+

    In the TLS Version Control panel, TLSv1.0, TLSv1.1, and TLSv1.2 are enabled by default, and TLSv1.3 is disabled by default. Enabling or disabling a TLS version enables or disables the corresponding TLS handshake for the accelerated domain name.