You can use the Transport Layer Security (TLS) version control feature of ApsaraVideo VOD to ensure the security and integrity of data transmitted over the Internet. This topic describes how to configure a TLS version in the ApsaraVideo VOD console.
Prerequisites
The TLS version control feature is available only after you configure an HTTPS certificate for your domain name. For more information, see HTTPS secure acceleration.
Background information
ApsaraVideo VOD supports TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3. By default, TLS 1.0, TLS 1.1, and TLS 1.2 are enabled. You can configure TLS versions as needed.
Procedure
Log on to the ApsaraVideo VOD console.
In the navigation pane on the left, choose Configuration Management > CDN Configuration > Domain Names.
Find the domain name that you want to configure and click Configure.
In the navigation pane on the left, click HTTPS.
In the TLS Version Control section, enable or disable TLS versions as needed.
The following table describes the TLS versions.
Protocol
Description
Supported mainstream browsers
TLSv1.0
Defined in RFC 2246 in 1999. It is based on SSL 3.0 and is vulnerable to attacks such as BEAST and POODLE. This version uses weak encryption and is no longer considered secure. It is not compliant with the Payment Card Industry Data Security Standard (PCI DSS).
IE6+
Chrome 1+
Firefox 2+
TLSv1.1
Defined in RFC 4346 in 2006. This version fixes several vulnerabilities found in TLS 1.0.
IE 11+
Chrome 22+
Firefox 24+
Safri 7+
TLSv1.2
Defined in RFC 5246 in 2008. This is the most widely used version.
IE 11+
Chrome 30+
Firefox 27+
Safri 7+
TLSv1.3
Defined in RFC 8446 in 2018, this is the latest TLS version. It supports Zero Round-Trip Time (0-RTT) mode, which makes connections faster. It improves security by supporting only key exchange algorithms with perfect forward secrecy.
Chrome 70+
Firefox 63+
