To ensure the security and data integrity of your Internet communications, Baidu AI Cloud CDN provides the control feature of the TLS version. You can flexibly configure the TLS protocol version based on different domain name requirements.
TLS refers to Transport Layer Security protocol that provides confidentiality and data integrity between two communication applications. The most typical application is the HTTPS. HTTPS, namely HTTP over TLS, is a secure HTTP that runs below HTTP layer and above TCP layer, and it provides HTTP layer with data encryption and decryption services for the HTTP layer.
Currently, there are mainly 4 versions of TLS:
TLS v1.0： RFC 2246, released in 1999, based on SSLv3.0, is vulnerable to all kinds of attacks (such as BEAS and POODLE); in addition, it supports weak encryption, and has lost its due protection against the security of today's network connections. Do not meet the PCI DSS compliance criteria Mainstream browsers supported: IE6+、Chrome 1+、Firefox 2+.
TLS v1.1： RFC4346, released in 2006, has repaired several vulnerabilities of TLSv1.0. Mainstream browsers supported: IE11+、Chrome22+、Firefox24+、Safri7+.
TLS v1.2： RFC5246, released in 2008, is widely used at present. Mainstream browsers supported: IE11+、Chrome30+、Firefox27+、Safri7+.
TLS v1.3： RFC8446, released in 2018, is the latest TLS version, supports 0-RTT mode (faster), and only supports full forward security key exchange algorithm (more secure). Mainstream browsers supported: Chrome 70+ and Firefox 63+.
Before enabling TLS feature, you need to make sure that HTTPS is successfully enabled.
- Log into the CDN Management Console and enter the “Content Delivery Network (CDN) " page.
- Click Domain Name Management on the left navigation bar.
- Enter the domain name management page, and click the Management of the target domain name operation column.
- Enter “CDN Domain Name Details” page, and select HTTPS Configuration tag on the top navigation bar of the page.
- Enter the HTTPS configuration page, and Enable or Disable the corresponding TLS version in the TLS Version Control module based on your needs.
Note: After enabling or disabling TLS protocol, your acceleration domain name will also enable or disable TLS handshaking.