You can use the Transport Layer Security (TLS) Version Control feature of Alibaba Cloud CDN to ensure the security and integrity of data transmitted over the Internet. You can specify a TLS version based on the requirements of your domain name. This topic describes how to configure TLS for a domain name.

Prerequisites

An SSL certificate is configured for the domain name. For more information, see Configure an SSL certificate.

Background information

TLS is designed to ensure the security and integrity of data transmitted between two applications. A typical use case of TLS is HTTPS (HTTP over TLS). HTTPS uses TLS to encrypt HTTP requests and responses. As a result, HTTPS is more secure than HTTP. HTTPS uses the transport layer protocol TCP to establish network connections and uses the application layer protocol HTTP to transfer data. HTTPS can encrypt and decrypt HTTP messages.

Procedure

  1. Log on to the Alibaba Cloud CDN console.
  2. In the left-side navigation pane, click Domain Names.
  3. On the Domain Names page, find the domain name that you want to manage and click Manage in the Actions column of the domain name.
  4. In the management pane of the domain name, click HTTPS.
  5. In the TLS Version Control section, you can enable or disable specific TLS versions based on your business requirements.
    The following table describes TLS versions.
    TLS version Description Supported browser
    TLSv1.0 TLS 1.0 was defined in RFC 2246 in 1999 as an update to SSL 3.0. TLS 1.0 is vulnerable to various attacks, such as BEAST and POODLE attacks. TLS 1.0 can no longer protect network connections due to the low encryption performance. TLS 1.0 does not comply with Payment Card Industry Data Security Standard (PCI DSS).
    • IE6+
    • Chrome 1+
    • Firefox 2+
    TLSv1.1 TLS 1.1 was defined in RFC 4346 in 2006 as an update to TLS 1.0. TLS 1.1 fixed some vulnerabilities of TLS 1.0.
    • IE 11+
    • Chrome 22+
    • Firefox 24+
    • Safri 7+
    TLSv1.2 TLS 1.2 was defined in RFC 5246 in 2008 and is a widely used TLS version.
    • IE 11+
    • Chrome 30+
    • Firefox 27+
    • Safri 7+
    TLSv1.3 TLS 1.3 was defined in RFC 8446 in 2018 as the latest TLS version. TLS 1.3 supports the zero round trip time resumption (0-RTT) mode and allows you to establish faster connections. TLS 1.3 supports only key exchange algorithms of perfect forward secrecy to improve security.
    • Chrome 70+
    • Firefox 63+
    TLS version control
    Note TLS 1.0, TLS 1.1, and TLS 1.2 are enabled by default.