Edge Security Acceleration (ESA) offers HTTPS secure acceleration. By deploying Secure Sockets Layer (SSL) certificates on ESA, you can enable SSL/TLS features to ensure that requests are securely encrypted during transmission between the client and ESA points of presence (POPs).
Feature introduction
ESA supports HTTPS secure acceleration. You can deploy SSL certificates on ESA and then enable the SSL/TLS feature to implement encrypted transmission between clients and ESA POPs. ESA allows you to apply for free certificates or upload custom certificates. | |
When a client initiates an HTTPS request to ESA POPs, the POP responds to the request and triggers the Transport Layer Security (TLS) handshake in which the client and the POP negotiate a cipher suite and a version that are compatible with the client and the POP. This way, the security of bi-directional data transmission is ensured. You can change the TLS cipher suite and version for your website based on your business requirements. | |
You can use the Always Use HTTPS feature to force redirect client requests to ESA POPs from HTTP to HTTPS. | |
When you configure TLS cipher suites and versions in the ESA console, the All Cipher Suites (Default) and Enhanced Cipher Suite groups support different algorithms. You can select a cipher suite group based on the description of this topic. | |
The Online Certificate Status Protocol (OCSP) stapling feature provided by ESA caches certificate verification results and sends the results to clients without querying the certificate status from certificate authorities (CAs). This reduces the certificate verification time and accelerates access speed. | |
You can enable the HTTP Strict Transport Security (HSTS) feature to force clients such as browsers to use HTTPS to establish connections to ESA POPs. This helps improve connection security. | |
Opportunistic encryption allows browsers to access HTTP URLs over an encrypted TLS connection. This enhances the security posture of non-HTTPS websites. | |
Domain control validation (DCV) is a process used by a CA to verify the entity requesting a digital certificate controls the domain for which the certificate is requested. This topic describes the control validation process for domain names of websites added to ESA. |