You can use the Transport Layer Security (TLS) version control feature of ApsaraVideo VOD to ensure the security and integrity of data transmitted over the Internet. This topic describes how to configure a TLS version in the ApsaraVideo VOD console.

Prerequisites

Before you enable TLS version control, make sure that an SSL certificate is configured. For more information, see Enable HTTPS secure acceleration.

Background information

ApsaraVideo VOD supports TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3. By default, TLS 1.0, TLS 1.1, and TLS 1.2 are enabled. You can configure a TLS version based on your business requirements.

Procedure

  1. Log on to the ApsaraVideo VOD console.
  2. In the left-side navigation pane of the ApsaraVideo VOD console, choose Configuration Management > CDN Configuration > Domain Names to go to the Domain Names page.
  3. On the Domain Names page, select the domain name that you want to configure, and click Configure in the Actions column.
    Click Configure
  4. On the Domain Names page, click the domain name that you want to configure. On the page that appears, click HTTPS.
  5. In the TLS Version Control section, you can enable or disable a TLS version based on your business requirements.
    The following table describes TLS versions.
    TLS version Description Supported browser
    TLSv1.0 TLS 1.0 was defined in RFC 2246 in 1999 as an update to SSL 3.0. TLS 1.0 is vulnerable to various attacks, such as BEAST and POODLE attacks. TLS 1.0 is no longer recommended for network protection due to the low encryption performance. TLS 1.0 is not compliant with Payment Card Industry Data Security Standard (PCI DSS).
    • IE6+
    • Chrome 1+
    • Firefox 2+
    TLSv1.1 TLS 1.1 was defined in RFC 4346 in 2006 as an update to TLS 1.0. TLS 1.1 fixed some vulnerabilities in TLS 1.0.
    • IE 11+
    • Chrome 22+
    • Firefox 24+
    • Safri 7+
    TLSv1.2 TLS 1.2 was defined in RFC 5246 in 2008 and is a widely used TLS version.
    • IE 11+
    • Chrome 30+
    • Firefox 27+
    • Safri 7+
    TLSv1.3 TLS 1.3 was defined in RFC 8446 in 2018 as the latest TLS version. TLS 1.3 supports the zero round trip time resumption (0-RTT) mode and allows you to establish faster connections. TLS 1.3 supports only key exchange algorithms of perfect forward secrecy for better security.
    • Chrome 70+
    • Firefox 63+
    TLS version control