Configure the TLS version to ensure secure communication
Transport Layer Security (TLS) encrypts communication between client applications and OSS. TLS is a standard cryptographic protocol that ensures privacy and data integrity for clients and servers communicating over the internet. You can configure the TLS version and cipher suite in OSS. After you complete the configuration, clients can use only the specified TLS version and cipher suite to communicate with OSS. This ensures that the communication link meets your security requirements.
Prerequisites
RAM users must have the following permissions: oss:PutTLSVersion and oss:GetTLSVersion. For more information, see Grant a custom policy to a RAM user.
TLS versions
TLS supports four versions: 1.0, 1.1, 1.2, and 1.3. The following table describes the use cases and supported browsers for each version.
|
Protocol |
Description |
Use cases |
Supported browsers |
|
TLS 1.0 |
This version uses encryption algorithms such as RSA, DES, and 3DES. TLS 1.0 has known security vulnerabilities and is susceptible to attacks such as BEAST and POODLE. It no longer provides adequate protection for modern network connections and does not meet PCI DSS compliance standards. |
Due to its security vulnerabilities, TLS 1.0 is no longer widely recommended. In most cases, we recommend that you upgrade to a more secure TLS version. |
|
|
TLS 1.1 |
This version improves security by addressing some known vulnerabilities and adding support for stronger encryption algorithms, such as AES, RSA, and SHA-256. |
Suitable for environments that require a relatively high level of security but do not require the latest TLS features. |
|
|
TLS 1.2 |
This version further enhances security and adds new features, such as Server Name Indication (SNI) and the extended handshake protocol. Supported encryption algorithms include AES-GCM, AES-CBC, and ECDHE. |
Suitable for most common secure communication scenarios, including web applications, e-commerce websites, email, and virtual private networks (VPNs). |
|
|
TLS 1.3 |
This version introduces significant improvements in security, performance, and privacy. It removes insecure cryptographic algorithms, adds more robust key exchange and encryption algorithms, reduces handshake latency, and provides better forward secrecy and authentication mechanisms. |
Suitable for scenarios that have strict security requirements and require better performance and privacy, such as financial institutions, large internet companies, and government agencies. |
|
Usage notes
-
Avoid configuring a bucket to allow only TLS 1.0 or TLS 1.1. At a minimum, your configuration should include the mainstream version, TLS 1.2.
-
If TLS Version Management is not enabled, TLS 1.0, 1.1, and 1.2 are supported by default, but TLS 1.3 is not. After you enable TLS Version Management, you can select from TLS 1.0, 1.1, 1.2, and 1.3. The first time you configure the TLS version in the OSS console, TLS 1.2 is selected by default as the mainstream version. If TLS 1.2 is not selected, some mainstream clients may fail to access OSS.
-
Downgrading the TLS version (for example, from TLS 1.2 to TLS 1.1 or TLS 1.0) or disabling TLS Version Management may introduce security and compliance risks. Proceed with caution.
-
Before you disable a TLS version, verify that no clients rely exclusively on that version for connections.
Procedure
API reference
These operations use REST APIs. For highly customized applications, you can make REST API requests directly, which requires you to write the signature calculation code manually. For more information, see PutBucketHttpsConfig and GetBucketHttpsConfig.
FAQ
Check current TLS version
If the client does not specify a TLS version, run the following command to determine the version negotiated between the client and server.
openssl s_client -connect <bucket>.<endpoint>:443 -servername <bucket>.<endpoint>
The following table describes the parameters in the command.
|
Parameter |
Description |
|
bucket |
The name of your OSS bucket. |
|
endpoint |
The public endpoint, internal endpoint, or custom domain name. |
You can find the TLS version in the command output.
The value of the Protocol field in the response is the current TLS version. The following is a sample response:
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCxxx
Session-ID: DF6AF8834A5BE3E9EDCxxx
Session-ID-ctx:
Master-Key: 0C25A19D6E9E3BDEC86B417125AEC1FFA85xxx
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
Verify TLS configuration
To verify that your bucket is correctly configured to allow only TLS 1.2, check for the following behaviors:
-
A client can access the server when the client explicitly uses TLS 1.2.
openssl s_client -connect <bucket>.<endpoint>:443 -servername <bucket>.<endpoint> -tls1_2The following table describes the parameters in the command.
Parameter
Description
bucket
The name of your OSS bucket.
endpoint
The public endpoint, internal endpoint, or custom domain name.
Sample response:
SSL handshake has read 5779 bytes and written 470 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-Gxxx Session-ID: 6F487389CA287BAFD2xxx Session-ID-ctx: Master-Key: 620777CB36570132F9xxx Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket lifetime hint: 300 (seconds) -
A client can access the server when the client does not specify a TLS version (but the client supports TLS 1.2).
openssl s_client -connect <bucket>.<endpoint>:443 -servername <bucket>.<endpoint>Sample response:
SSL handshake has read 5779 bytes and written 470 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-Gxxx Session-ID: 6F487389CA287BAFD2xxx Session-ID-ctx: Master-Key: 620777CB36570132F9xxx Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket lifetime hint: 300 (seconds) -
The server rejects connections from clients that specify a TLS version other than TLS 1.2 (for example, TLS 1.1).
openssl s_client -connect <bucket>.<endpoint>:443 -servername <bucket>.<endpoint> -tls1_1Sample response:
[root@i-xxx xxx ~]# openssl s_client -connect xxx.oss-cn-hangzhou.aliyuncs.com:443 -servername xxx.oss-cn-hangzhou.aliyuncs.com -tls1_1 CONNECTED(00000003) 140293333579664:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:s3_pkt.c:1493:SSL alert number 70 140293333579664:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:659: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.1 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1692262610 Timeout : 7200 (sec) Verify return code: 0 (ok) ---