Default TLS encryption algorithms
Updated at:
Copy as MD
Alibaba Cloud CDN enables the following TLS cipher suites by default for connections between clients and CDN edge nodes.
These cipher suites apply to client-to-edge connections. They control how browsers and other HTTP clients negotiate encryption with CDN edge nodes.
Supported cipher suites
TLS 1.3 and TLS 1.2 use separate cipher suite namespaces and cannot be mixed. TLS 1.3 suites follow the TLS_* naming format; TLS 1.2 and earlier suites use the ALGORITHM-ALGORITHM-... hyphenated format.
TLS 1.3 suites
| Cipher suite |
|---|
TLS_AES_256_GCM_SHA384 |
TLS_CHACHA20_POLY1305_SHA256 |
TLS_AES_128_GCM_SHA256 |
TLS 1.2 and earlier suites
| Cipher suite |
|---|
ECDHE-ECDSA-CHACHA20-POLY1305 |
ECDHE-RSA-CHACHA20-POLY1305 |
ECDHE-ECDSA-AES128-GCM-SHA256 |
ECDHE-RSA-AES128-GCM-SHA256 |
ECDHE-ECDSA-AES128-CCM8 |
ECDHE-ECDSA-AES128-CCM |
ECDHE-ECDSA-AES128-SHA256 |
ECDHE-RSA-AES128-SHA256 |
ECDHE-ECDSA-AES128-SHA |
ECDHE-RSA-AES128-SHA |
ECDHE-ECDSA-AES256-GCM-SHA384 |
ECDHE-RSA-AES256-GCM-SHA384 |
ECDHE-ECDSA-AES256-CCM8 |
ECDHE-ECDSA-AES256-CCM |
ECDHE-ECDSA-AES256-SHA384 |
ECDHE-RSA-AES256-SHA384 |
ECDHE-ECDSA-AES256-SHA |
ECDHE-RSA-AES256-SHA |
ECDHE-ECDSA-ARIA256-GCM-SHA384 |
ECDHE-ARIA256-GCM-SHA384 |
ECDHE-ECDSA-ARIA128-GCM-SHA256 |
ECDHE-ARIA128-GCM-SHA256 |
ECDHE-ECDSA-CAMELLIA256-SHA384 |
ECDHE-RSA-CAMELLIA256-SHA384 |
ECDHE-ECDSA-CAMELLIA128-SHA256 |
ECDHE-RSA-CAMELLIA128-SHA256 |
ECDH-RSA-AES256-GCM-SHA384 |
ECDH-ECDSA-AES256-GCM-SHA384 |
RSA-PSK-AES256-GCM-SHA384 |
DHE-PSK-AES256-GCM-SHA384 |
RSA-PSK-CHACHA20-POLY1305 |
DHE-PSK-CHACHA20-POLY1305 |
ECDHE-PSK-CHACHA20-POLY1305 |
DHE-PSK-AES256-CCM8 |
DHE-PSK-AES256-CCM |
RSA-PSK-ARIA256-GCM-SHA384 |
DHE-PSK-ARIA256-GCM-SHA384 |
AES256-GCM-SHA384 |
AES256-CCM8 |
AES256-CCM |
ARIA256-GCM-SHA384 |
PSK-AES256-GCM-SHA384 |
PSK-CHACHA20-POLY1305 |
PSK-AES256-CCM8 |
PSK-AES256-CCM |
PSK-ARIA256-GCM-SHA384 |
ECDH-RSA-AES128-GCM-SHA256 |
ECDH-ECDSA-AES128-GCM-SHA256 |
RSA-PSK-AES128-GCM-SHA256 |
DHE-PSK-AES128-GCM-SHA256 |
DHE-PSK-AES128-CCM8 |
DHE-PSK-AES128-CCM |
RSA-PSK-ARIA128-GCM-SHA256 |
DHE-PSK-ARIA128-GCM-SHA256 |
AES128-GCM-SHA256 |
AES128-CCM8 |
AES128-CCM |
ARIA128-GCM-SHA256 |
PSK-AES128-GCM-SHA256 |
PSK-AES128-CCM8 |
PSK-AES128-CCM |
PSK-ARIA128-GCM-SHA256 |
ECDH-RSA-AES256-SHA384 |
ECDH-ECDSA-AES256-SHA384 |
AES256-SHA256 |
CAMELLIA256-SHA256 |
ECDH-RSA-AES128-SHA256 |
ECDH-ECDSA-AES128-SHA256 |
AES128-SHA256 |
CAMELLIA128-SHA256 |
ECDHE-PSK-AES256-CBC-SHA384 |
ECDHE-PSK-AES256-CBC-SHA |
SRP-DSS-AES-256-CBC-SHA |
SRP-RSA-AES-256-CBC-SHA |
SRP-AES-256-CBC-SHA |
ECDH-RSA-AES256-SHA |
ECDH-ECDSA-AES256-SHA |
RSA-PSK-AES256-CBC-SHA384 |
DHE-PSK-AES256-CBC-SHA384 |
RSA-PSK-AES256-CBC-SHA |
DHE-PSK-AES256-CBC-SHA |
ECDHE-PSK-CAMELLIA256-SHA384 |
RSA-PSK-CAMELLIA256-SHA384 |
DHE-PSK-CAMELLIA256-SHA384 |
AES256-SHA |
CAMELLIA256-SHA |
PSK-AES256-CBC-SHA384 |
PSK-AES256-CBC-SHA |
PSK-CAMELLIA256-SHA384 |
ECDHE-PSK-AES128-CBC-SHA256 |
ECDHE-PSK-AES128-CBC-SHA |
SRP-DSS-AES-128-CBC-SHA |
SRP-RSA-AES-128-CBC-SHA |
SRP-AES-128-CBC-SHA |
ECDH-RSA-AES128-SHA |
ECDH-ECDSA-AES128-SHA |
RSA-PSK-AES128-CBC-SHA256 |
DHE-PSK-AES128-CBC-SHA256 |
RSA-PSK-AES128-CBC-SHA |
DHE-PSK-AES128-CBC-SHA |
ECDHE-PSK-CAMELLIA128-SHA256 |
RSA-PSK-CAMELLIA128-SHA256 |
DHE-PSK-CAMELLIA128-SHA256 |
AES128-SHA |
SEED-SHA |
CAMELLIA128-SHA |
IDEA-CBC-SHA |
PSK-AES128-CBC-SHA256 |
PSK-AES128-CBC-SHA |
PSK-CAMELLIA128-SHA256 |
Customize cipher suites
The TLS Cipher Suite parameter controls which cipher suites are active for your domain.
All Cipher Suite Groups or Enhanced Cipher Suite: cipher suites are fixed and cannot be modified.
Custom Cipher Suite: select specific cipher suites based on your business requirements.
To configure special encryption algorithms, submit a ticket.
Is this page helpful?