Dynamic Route for CDN (DCDN) provides Transport Layer Security (TLS) version control to ensure data security and integrity for Internet services and communications. You can specify TLS versions based on the requirements of your domain name. This topic describes how to configure TLS for a domain name.
Transport Layer Security (TLS) is designed to ensure the security and integrity of data transmitted between two applications. HTTPS is a typical application of TLS. HTTPS, also known as HTTP over TLS, is a secure version of HTTP. HTTPS runs below the top application layer (HTTP) and above the transport layer (TCP), providing data encryption and decryption services.
- Log on to the DCDN console.
- In the left-side navigation pane, click Domain Names.
- On the Domain Names page, find the domain name that you want to manage, and click Configure in the Actions column.
- In the left-side navigation pane on the details page of the specified domain, click HTTPS Settings.
- In the TLS Version Control section, enable or disable TLS versions based on your business needs.
Note By default, TLS 1.0, TLS 1.1, and TLS 1.2 are enabled.
TLS version Description Supported browser TLSv1.0 TLS 1.0 was defined in RFC 2246 in 1999 as an update to SSL 3.0. TLS 1.0 is vulnerable to various attacks, such as BEAST and POODLE attacks. TLS 1.0 can no longer protect network connections due to the low encryption performance. TLS 1.0 does not comply with Payment Card Industry Data Security Standard (PCI DSS).
- Chrome 1+
- Firefox 2+
TLSv1.1 TLS 1.1 was defined in RFC 4346 in 2006 as an update to TLS 1.0. TLS 1.1 fixed some vulnerabilities of TLS 1.0.
- IE 11+
- Chrome 22+
- Firefox 24+
- Safri 7+
TLSv1.2 TLS 1.2 was defined in RFC 5246 in 2008 and is the widely used TLS version.
- IE 11+
- Chrome 30+
- Firefox 27+
- Safri 7+
TLSv1.3 TLS 1.3 was defined in RFC 8446 in 2018. TLS 1.3 is the latest TLS version. TLS 1.3 supports the zero round trip time resumption (0-RTT) mode and allows you to establish faster connections. TLS 1.3 supports only key exchange algorithms of perfect forward secrecy to improve security.
- Chrome 70+
- Firefox 63+