效能保障型負載平衡執行個體在建立和配置HTTPS監聽時,支援選擇使用的TLS安全性原則。
TLS安全性原則包含HTTPS可選的TLS協議版本和配套的密碼編譯演算法套件。
TLS安全性原則
安全性原則 | 特點 | 支援TLS版本 | 支援密碼編譯演算法套件 |
---|---|---|---|
tls_cipher_policy_1_0 | 相容性最好,安全性較低 | TLSv1.0、TLSv1.1和TLSv1.2 | ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、AES128-GCM-SHA256、AES256-GCM-SHA384、AES128-SHA256、AES256-SHA256、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA、AES128-SHA、AES256-SHA和DES-CBC3-SHA |
tls_cipher_policy_1_1 | 相容性較好,安全性較好 | TLSv1.1和TLSv1.2 | ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、AES128-GCM-SHA256、AES256-GCM-SHA384、AES128-SHA256、AES256-SHA256、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA、AES128-SHA、AES256-SHA和DES-CBC3-SHA |
tls_cipher_policy_1_2 | 相容性較好,安全性很高 | TLSv1.2 | ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、AES128-GCM-SHA256、AES256-GCM-SHA384、AES128-SHA256、AES256-SHA256、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA、AES128-SHA、AES256-SHA和DES-CBC3-SHA |
tls_cipher_policy_1_2_strict | 僅支援前向安全的加密套件,安全性極高 | TLSv1.2 | ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、ECDHE-RSA-AES128-SHA和ECDHE-RSA-AES256-SHA |
tls_cipher_policy_1_2_strict_with_1_3
说明 目前支援TLS1.3的地區如下:
|
僅支援前向安全的加密套件,安全性極高 | TLS1.2及TLS1.3 | TLS_AES_128_GCM_SHA256、TLS_AES_256_GCM_SHA384、TLS_CHACHA20_POLY1305_SHA256、TLS_AES_128_CCM_SHA256、TLS_AES_128_CCM_8_SHA256、ECDHE-ECDSA-AES128-GCM-SHA256、ECDHE-ECDSA-AES256-GCM-SHA384、ECDHE-ECDSA-AES128-SHA256、ECDHE-ECDSA-AES256-SHA384、ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、ECDHE-ECDSA-AES128-SHA、ECDHE-ECDSA-AES256-SHA、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA |
TLS安全性原則差異說明
安全性原則 | tls_cipher_policy_1_0 | tls_cipher_policy_1_1 | tls_cipher_policy_1_2 | tls_cipher_policy_1_2_strict | tls_cipher_policy_1_2_strict_with_1_3 | |
---|---|---|---|---|---|---|
TLS | - | 1.2/1.1/1.0 | 1.2/1.1 | 1.2 | 1.2 | 1.2及1.3 |
CIPHER | ECDHE-RSA-AES128-GCM-SHA256 | ? | ? | ? | ? | ? |
ECDHE-RSA-AES256-GCM-SHA384 | ? | ? | ? | ? | ? | |
ECDHE-RSA-AES128-SHA256 | ? | ? | ? | ? | ? | |
ECDHE-RSA-AES256-SHA384 | ? | ? | ? | ? | ? | |
AES128-GCM-SHA256 | ? | ? | ? | - | - | |
AES256-GCM-SHA384 | ? | ? | ? | - | - | |
AES128-SHA256 | ? | ? | ? | - | - | |
AES256-SHA256 | ? | ? | ? | - | - | |
ECDHE-RSA-AES128-SHA | ? | ? | ? | ? | ? | |
ECDHE-RSA-AES256-SHA | ? | ? | ? | ? | ? | |
AES128-SHA | ? | ? | ? | - | - | |
AES256-SHA | ? | ? | ? | - | - | |
DES-CBC3-SHA | ? | ? | ? | - | - | |
TLS_AES_128_GCM_SHA256 | - | - | - | - | ? | |
TLS_AES_256_GCM_SHA384 | - | - | - | - | ? | |
TLS_CHACHA20_POLY1305_SHA256 | - | - | - | - | ? | |
TLS_AES_128_CCM_SHA256 | - | - | - | - | ? | |
TLS_AES_128_CCM_8_SHA256 | - | - | - | - | ? | |
ECDHE-ECDSA-AES128-GCM-SHA256 | - | - | - | - | ? | |
ECDHE-ECDSA-AES256-GCM-SHA384 | - | - | - | - | ? | |
ECDHE-ECDSA-AES128-SHA256 | - | - | - | - | ? | |
ECDHE-ECDSA-AES256-SHA384 | - | - | - | - | ? | |
ECDHE-ECDSA-AES128-SHA | - | - | - | - | ? | |
ECDHE-ECDSA-AES256-SHA | - | - | - | - | ? |