Supported TLS versions are TLS 1.1, TLS 1.2, and TLS 1.3. TLS 1.0 is disabled. A later version of TLS provides higher security of communication over HPPTS than an earlier version. However, a later version is less compatible with browsers than an earlier version. You can set the TLS version of the certificate that you install on your web server or Alibaba Cloud service based on your business requirements.
- Certificate installed on a web server
Find the
ssl_protocols
parameter in the certificate configuration file of the web server and modify the setting based on your business requirements. For example, if your certificate supports only TLS 1.1 and TLS 1.2, you can set thessl_protocols
parameter toTLSv1.1 TLSv1.2
. If your certificate supports only TLS 1.3, you can appendTLSv1.3
tossl_protocols TLSv1.1 TLSv1.2
. - Certificate installed on an Alibaba Cloud serviceIf your certificate is installed on the following Alibaba Cloud services, set the TLS version of your certificate based on the instructions provided in the following references:
- Anti-DDoS Pro and Anti-DDoS Premium: Configure a custom TLS security policy
- Web Application Firewall (WAF): Configure custom TLS settings
- Server Load Balancer (SLB): Manage TLS security policies
- Alibaba Cloud CDN: Configure TLS version control
- Dynamic Route for CDN (DCDN): Configure TLS version control
Note If you have questions when you set the TLS version of your certificate, contact your account manager for the Alibaba Cloud service.