全部產品
Search
文件中心

:TLS安全性原則說明

更新時間:Jun 30, 2024

為Global Acceleration執行個體配置HTTPS監聽時,支援選擇TLS安全性原則。系統預設選擇tls_cipher_policy_1_0安全性原則,若您有更高的安全要求,可以根據需要選擇更高等級的TLS安全性原則。

TLS安全性原則

TLS安全性原則包含HTTPS可選的TLS協議版本和配套的密碼編譯演算法套件。TLS協議版本越高,HTTPS通訊的安全性越高,但是相較於低版本TLS協議,高版本TLS協議對瀏覽器的相容性較差。TLS安全性原則對應的TLS協議版本和配套的密碼編譯演算法套件如下:

安全性原則

支援TLS版本

支援密碼編譯演算法套件

tls_cipher_policy_1_0

TLSv1.0、TLSv1.1和TLSv1.2

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-RSA-AES256-SHA384

  • AES128-GCM-SHA256

  • AES256-GCM-SHA384

  • AES128-SHA256

  • AES256-SHA256

  • ECDHE-RSA-AES128-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-SHA

  • AES256-SHA

  • DES-CBC3-SHA

tls_cipher_policy_1_1

TLSv1.1和TLSv1.2

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-RSA-AES256-SHA384

  • AES128-GCM-SHA256

  • AES256-GCM-SHA384

  • AES128-SHA256

  • AES256-SHA256

  • ECDHE-RSA-AES128-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-SHA

  • AES256-SHA

  • DES-CBC3-SHA

tls_cipher_policy_1_2

TLSv1.2

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-RSA-AES256-SHA384

  • AES128-GCM-SHA256

  • AES256-GCM-SHA384

  • AES128-SHA256

  • AES256-SHA256

  • ECDHE-RSA-AES128-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-SHA

  • AES256-SHA

  • DES-CBC3-SHA

tls_cipher_policy_1_2_strict

TLSv1.2

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES128-SHA

  • ECDHE-RSA-AES256-SHA

tls_cipher_policy_1_2_strict_with_1_3

TLSv1.2及TLSv1.3

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256

  • TLS_AES_128_CCM_SHA256

  • TLS_AES_128_CCM_8_SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-RSA-AES256-SHA

TLS安全性原則支援的密碼編譯演算法套件

安全性原則

tls_cipher_policy_1_0

tls_cipher_policy_1_1

tls_cipher_policy_1_2

tls_cipher_policy_1_2_strict

tls_cipher_policy_1_2_strict_with_1_3

TLS

1.2、1.1及1.0

1.1及1.2

1.2

1.2

1.2及1.3

CIPHER

ECDHE-RSA-AES128-GCM-SHA256

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-RSA-AES128-SHA256

ECDHE-RSA-AES256-SHA384

AES128-GCM-SHA256

-

-

AES256-GCM-SHA384

-

-

AES128-SHA256

-

-

AES256-SHA256

-

-

ECDHE-RSA-AES128-SHA

ECDHE-RSA-AES256-SHA

AES128-SHA

-

-

AES256-SHA

-

-

DES-CBC3-SHA

-

-

TLS_AES_128_GCM_SHA256

-

-

-

-

TLS_AES_256_GCM_SHA384

-

-

-

-

TLS_CHACHA20_POLY1305_SHA256

-

-

-

-

TLS_AES_128_CCM_SHA256

-

-

-

-

TLS_AES_128_CCM_8_SHA256

-

-

-

-

ECDHE-ECDSA-AES128-GCM-SHA256

-

-

-

-

ECDHE-ECDSA-AES256-GCM-SHA384

-

-

-

-

ECDHE-ECDSA-AES128-SHA256

-

-

-

-

ECDHE-ECDSA-AES256-SHA384

-

-

-

-

ECDHE-ECDSA-AES128-SHA

-

-

-

-

ECDHE-ECDSA-AES256-SHA

-

-

-

-

說明

上表中的✔表示支援,-表示不支援。

選擇TLS安全性原則

在您添加或者配置HTTPS監聽時,系統預設選擇tls_cipher_policy_1_0安全性原則。您可以通過修改進階配置選擇TLS安全性原則。具體操作,請參見添加HTTP或HTTPS協議監聽選擇TLS安全性原則