Anti-DDoS Pro and Anti-DDoS Premium allow you to configure a custom Transport Layer Security (TLS) policy. After you add your website to Anti-DDoS Pro or Anti-DDoS Premium, you can select TLS protocol versions and cipher suites and configure SM settings for your website based on your business requirements. This topic describes how to configure a custom TLS security policy.
Background information
- Anti-DDoS Pro: By default, certificates that use internationally accepted algorithms support TLS 1.0, TLS 1.1, and TLS 1.2, and SM certificates support National Transport Layer Security (NTLS) 1.1.
- Anti-DDoS Premium: By default, certificates that use internationally accepted algorithms support TLS 1.1 and TLS 1.2.
Instance type | Standard function plan | Enhanced function plan |
---|---|---|
Anti-DDoS Pro |
|
|
Anti-DDoS Premium | You cannot configure custom TLS security policies.
If the default configurations cannot meet your business requirements and you want to configure custom TLS security policies, upgrade your instance to the Enhanced function plan. For more information, see Upgrade an instance. |
Certificates that use internationally accepted algorithms:
Note If you want to use TLS 1.3, you must select Enable TLS 1.3. For more information, see Procedure.
|
You can configure custom TLS security policies for different services. For example, you have purchased an Anti-DDoS Pro instance of the Enhanced function plan and you want to disable TLS 1.0 for one of your services because the service needs to comply with Payment Card Industry Data Security Standard (PCI DSS) 3.2, you can change the value of the TLS Versions parameter to TLS1.1 and later versions. This setting provides a good compatibility and a medium security level. If the terminals that access your another service use TLS 1.3, you can select Enable TLS 1.3.
Prerequisites
- A website is added to Anti-DDoS Pro or Anti-DDoS Premium, and HTTPS is selected for Protocol. For more information, see Add a website.
- An SSL certificate is uploaded for the website based on your business requirements. For more information, see Upload an SSL certificate.
Procedure
Result
After you configure a custom TLS security policy for your website, Anti-DDoS Pro or Anti-DDoS Premium forwards requests that are destined for your website based on the TLS security policy. If a client uses a TLS protocol version or cipher suite that is not specified in the TLS policy, the requests that are sent from the client are discarded.