TLS安全策略

更新时间: 2023-09-27 16:03:56

性能保障型负载均衡实例在创建和配置HTTPS监听时,支持选择TLS安全策略。

选择TLS安全策略

您可以在添加或者配置HTTPS监听时,在SSL证书页签,单击高级配置后面的修改,在展开项中选择TLS安全策略。具体操作,请参见添加HTTPS监听配置监听

TLS安全策略

TLS安全策略包含HTTPS可选的TLS协议版本和配套的加密算法套件。TLS协议版本越高,HTTPS通信的安全性越高,但是相较于低版本TLS协议,高版本TLS协议对浏览器的兼容性较差。

安全策略

支持TLS版本

支持加密算法套件

tls_cipher_policy_1_0

TLSv1.0、TLSv1.1和TLSv1.2

ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、AES128-GCM-SHA256、AES256-GCM-SHA384、AES128-SHA256、AES256-SHA256、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA、AES128-SHA、AES256-SHA、DES-CBC3-SHA

tls_cipher_policy_1_1

TLSv1.1和TLSv1.2

ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、AES128-GCM-SHA256、AES256-GCM-SHA384、AES128-SHA256、AES256-SHA256、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA、AES128-SHA、AES256-SHA、DES-CBC3-SHA

tls_cipher_policy_1_2

TLSv1.2

ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、AES128-GCM-SHA256、AES256-GCM-SHA384、AES128-SHA256、AES256-SHA256、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA、AES128-SHA、AES256-SHA、DES-CBC3-SHA

tls_cipher_policy_1_2_strict

TLSv1.2

ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA

tls_cipher_policy_1_2_strict_with_1_3

TLSv1.2及TLSv1.3

TLS_AES_256_GCM_SHA384、TLS_CHACHA20_POLY1305_SHA256、TLS_AES_128_CCM_SHA256、TLS_AES_128_CCM_8_SHA256、ECDHE-ECDSA-AES128-GCM-SHA256、ECDHE-ECDSA-AES256-GCM-SHA384、ECDHE-ECDSA-AES128-SHA256、ECDHE-ECDSA-AES256-SHA384、ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、ECDHE-ECDSA-AES128-SHA、ECDHE-ECDSA-AES256-SHA、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA

TLS安全策略支持的加密算法套件

安全策略

tls_cipher_policy_1_0

tls_cipher_policy_1_1

tls_cipher_policy_1_2

tls_cipher_policy_1_2_strict

tls_cipher_policy_1_2_strict_with_1_3

TLS

1.2、1.1及1.0

1.1及1.2

1.2

1.2

1.2及1.3

CIPHER

ECDHE-RSA-AES128-GCM-SHA256

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-RSA-AES128-SHA256

ECDHE-RSA-AES256-SHA384

AES128-GCM-SHA256

-

-

AES256-GCM-SHA384

-

-

AES128-SHA256

-

-

AES256-SHA256

-

-

ECDHE-RSA-AES128-SHA

ECDHE-RSA-AES256-SHA

AES128-SHA

-

-

AES256-SHA

-

-

DES-CBC3-SHA

-

-

TLS_AES_128_GCM_SHA256

-

-

-

-

TLS_AES_256_GCM_SHA384

-

-

-

-

TLS_CHACHA20_POLY1305_SHA256

-

-

-

-

TLS_AES_128_CCM_SHA256

-

-

-

-

TLS_AES_128_CCM_8_SHA256

-

-

-

-

ECDHE-ECDSA-AES128-GCM-SHA256

-

-

-

-

ECDHE-ECDSA-AES256-GCM-SHA384

-

-

-

-

ECDHE-ECDSA-AES128-SHA256

-

-

-

-

ECDHE-ECDSA-AES256-SHA384

-

-

-

-

ECDHE-ECDSA-AES128-SHA

-

-

-

-

ECDHE-ECDSA-AES256-SHA

-

-

-

-

说明

上表中的✔表示支持,-表示不支持。

阿里云首页 负载均衡 相关技术圈