If your website is protected by Web Application Firewall (WAF) in CNAME record mode and uses HTTPS, you can customize the supported TLS versions and cipher suites. WAF blocks requests that use a TLS version or cipher suite outside your specified configuration. This topic describes how to configure custom TLS versions and cipher suites.
Prerequisites
The domain name has been added to WAF in CNAME record mode. For more information, see Add a domain name.
The website uses the HTTPS protocol, and an HTTPS certificate has been uploaded. For more information, see Add a domain name.
Procedure
-
Log on to the Web Application Firewall (WAF) console. In the top menu bar, select the resource group and region for your WAF instance: Chinese Mainland or Outside Chinese Mainland.
-
In the left navigation pane, choose .
On the Domain Names tab, find the domain that you want to configure. Verify that the Access Mode is CNAME Record and the certificate status in the Origin Server column is Update Certificate. Then, click Configure TLS in the Actions column.
ImportantOnly domains that use HTTPS require TLS configuration. If a domain uses HTTP or uses HTTPS without an uploaded certificate, the Configure TLS option does not appear in the Actions column.
On the Configure TLS Security Policy page, configure the TLS versions and cipher suites, and then click Save.
Parameter
Description
Domain Name
The domain name that you are configuring. This field is automatically populated and cannot be changed.
TLS Version
Select the minimum TLS version that your website supports. Options:
TLS 1.0 and Later (Best Compatibility and Low Security): Supports TLS 1.0 and later versions.
TLS 1.1 and Later (High Compatibility and High Security): Supports TLS 1.1 and later versions. Blocks connections that use TLS 1.0.
TLS 1.2 and Later (High Compatibility and Best Security): Supports TLS 1.2 and later versions. Blocks connections that use TLS 1.0 or TLS 1.1.
Support TLS 1.3
Adds support for TLS 1.3.
Cipher Suite
Select the type of cipher suite you want to use. Options:
All Cipher Suites (High Compatibility and Low Security): Supports the following strong and weak cipher suites.
Custom Cipher Suite (Select It Based on Protocol Version. Proceed with Caution.): Allows you to select specific cipher suites for the selected protocol version. Select with caution to avoid disrupting your business services.