Alibaba Cloud CDN supports TLS version control. You can enable TLS versions for your domain names as needed. Early versions of TLS will soon support outdated browsers but provide relatively low security. The latest versions of TLS provide enhanced security but may not be compatible with outdated browsers. This topic describes the concepts, use scenarios, and configuration method of TLS version control.
|TLSv1.0||TLS 1.0 was defined in RFC 2246 in 1999 as an update to SSL 3.0. TLS 1.0 is vulnerable to various attacks, such as BEAST and POODLE attacks. TLS 1.0 is no longer recommended for network protection due to the weak encryption performance. TLS 1.0 is not compliant with Payment Card Industry Data Security Standard (PCI DSS).||
|TLSv1.1||TLS 1.1 was defined in RFC 4346 in 2006 as an update to TLS 1.0. TLS 1.1 fixed some vulnerabilities in TLS 1.0.||
|TLSv1.2||TLS 1.2 was defined in RFC 5246 in 2008 and is a widely used TLS version.||
|TLSv1.3||TLS 1.3 was defined in RFC 8446 in 2018 as the latest TLS version. TLS 1.3 supports the zero round trip time resumption (0-RTT) mode and allows you to establish faster connections. TLS 1.3 supports only key exchange algorithms of perfect forward secrecy to enhance security.||
An SSL certificate is configured for the domain name. For more information, see Configure an SSL certificate.
- Log on to the Alibaba Cloud CDN console.
- In the left-side navigation pane, click Domain Names.
- On the Domain Names page, find the domain name that you want to manage and click Manage in the Actions column of the domain name.
- In the management pane of the domain name, click HTTPS.
- In the TLS Version Control section, you can enable or disable specific TLS versions based on your business requirements.
For more information about TLS versions.
|Require compatibility with browsers and security is not a priority||TLSv1.0, TLSv1.1, and TLSv1.2|
|Security is a priority and incompatibility with some browsers is acceptable||TLSv1.2|
|Early Adopters||TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3|