性能保障型负载均衡实例在创建和配置HTTPS监听时,支持选择使用的TLS安全策略。 您可以在添加或者配置HTTPS监听时,修改SSL证书高级配置,选择TLS安全策略,详细操作参见添加HTTPS监听。
TLS安全策略包含HTTPS可选的TLS协议版本和配套的加密算法套件。 TLS安全策略安全策略 | 特点 | 支持TLS版本 | 支持加密算法套件 | tls_cipher_policy_1_0 | 兼容性最好,安全性较低 | TLSv1.0、TLSv1.1和TLSv1.2 | ECDHE-ECDSA-AES128-GCM-SHA256、ECDHE-ECDSA-AES256-GCM-SHA384、ECDHE-ECDSA-AES128-SHA256、ECDHE-ECDSA-AES256-SHA384、ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、AES128-GCM-SHA256、AES256-GCM-SHA384、AES128-SHA256、AES256-SHA256、ECDHE-ECDSA-AES128-SHA、ECDHE-ECDSA-AES256-SHA、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA、AES128-SHA、AES256-SHA、DES-CBC3-SHA | tls_cipher_policy_1_1 | 兼容性较好,安全性较好 | TLSv1.1和TLSv1.2 | ECDHE-ECDSA-AES128-GCM-SHA256、ECDHE-ECDSA-AES256-GCM-SHA384、ECDHE-ECDSA-AES128-SHA256、ECDHE-ECDSA-AES256-SHA384、ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、AES128-GCM-SHA256、AES256-GCM-SHA384、AES128-SHA256、AES256-SHA256、ECDHE-ECDSA-AES128-SHA、ECDHE-ECDSA-AES256-SHA、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA、AES128-SHA、AES256-SHA、DES-CBC3-SHA | tls_cipher_policy_1_2 | 兼容性较好,安全性很高 | TLSv1.2 | ECDHE-ECDSA-AES128-GCM-SHA256、ECDHE-ECDSA-AES256-GCM-SHA384、ECDHE-ECDSA-AES128-SHA256、ECDHE-ECDSA-AES256-SHA384、ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、AES128-GCM-SHA256、AES256-GCM-SHA384、AES128-SHA256,AES256-SHA256、ECDHE-ECDSA-AES128-SHA、ECDHE-ECDSA-AES256-SHA、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA、AES128-SHA、AES256-SHA、DES-CBC3-SHA | tls_cipher_policy_1_2_strict | 仅支持前向安全的加密套件,安全性极高 | TLSv1.2 | ECDHE-ECDSA-AES128-GCM-SHA256、ECDHE-ECDSA-AES256-GCM-SHA384、ECDHE-ECDSA-AES128-SHA256、ECDHE-ECDSA-AES256-SHA384、ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、ECDHE-ECDSA-AES128-SHA、ECDHE-ECDSA-AES256-SHA、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA | tls_cipher_policy_1_2_strict_with_1_3
说明 目前支持TLS1.3的地域如下:- 英国(伦敦)
- 华北1(青岛)
- 华北5(呼和浩特)
- 西南1(成都)
- 日本(东京)
- 印度(孟买)
- 澳大利亚(悉尼)
- 马来西亚(吉隆坡)
- 美国(硅谷)
- 美国(弗吉利亚)
- 德国(法兰克福)
- 阿联酋(迪拜)
| 仅支持前向安全的加密套件,安全性极高 | TLS1.2及TLS1.3 | TLS_AES_128_GCM_SHA256、TLS_AES_256_GCM_SHA384、TLS_CHACHA20_POLY1305_SHA256、TLS_AES_128_CCM_SHA256、TLS_AES_128_CCM_8_SHA256、ECDHE-ECDSA-AES128-GCM-SHA256、ECDHE-ECDSA-AES256-GCM-SHA384、ECDHE-ECDSA-AES128-SHA256、ECDHE-ECDSA-AES256-SHA384、ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、ECDHE-ECDSA-AES128-SHA、ECDHE-ECDSA-AES256-SHA、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA | TLS安全策略差异说明安全策略 | tls_cipher_policy_1_0 | tls_cipher_policy_1_1 | tls_cipher_policy_1_2 | tls_cipher_policy_1_2_strict | tls_cipher_policy_1_2_strict_with_1_3 | TLS | - | 1.2/1.1/1.0 | 1.2/1.1 | 1.2 | 1.2 | 1.2及1.3 | CIPHER | ECDHE-RSA-AES128-GCM-SHA256 | ✔ | ✔ | ✔ | ✔ | ✔ | ECDHE-RSA-AES256-GCM-SHA384 | ✔ | ✔ | ✔ | ✔ | ✔ | ECDHE-RSA-AES128-SHA256 | ✔ | ✔ | ✔ | ✔ | ✔ | ECDHE-RSA-AES256-SHA384 | ✔ | ✔ | ✔ | ✔ | ✔ | AES128-GCM-SHA256 | ✔ | ✔ | ✔ | - | - | AES256-GCM-SHA384 | ✔ | ✔ | ✔ | - | - | AES128-SHA256 | ✔ | ✔ | ✔ | - | - | AES256-SHA256 | ✔ | ✔ | ✔ | - | - | ECDHE-RSA-AES128-SHA | ✔ | ✔ | ✔ | ✔ | ✔ | ECDHE-RSA-AES256-SHA | ✔ | ✔ | ✔ | ✔ | ✔ | AES128-SHA | ✔ | ✔ | ✔ | - | - | AES256-SHA | ✔ | ✔ | ✔ | - | - | DES-CBC3-SHA | ✔ | ✔ | ✔ | - | - | TLS_AES_128_GCM_SHA256 | - | - | - | - | ✔ | TLS_AES_256_GCM_SHA384 | - | - | - | - | ✔ | TLS_CHACHA20_POLY1305_SHA256 | - | - | - | - | ✔ | TLS_AES_128_CCM_SHA256 | - | - | - | - | ✔ | TLS_AES_128_CCM_8_SHA256 | - | - | - | - | ✔ | ECDHE-ECDSA-AES128-GCM-SHA256 | - | - | - | - | ✔ | ECDHE-ECDSA-AES256-GCM-SHA384 | - | - | - | - | ✔ | ECDHE-ECDSA-AES128-SHA256 | - | - | - | - | ✔ | ECDHE-ECDSA-AES256-SHA384 | - | - | - | - | ✔ | ECDHE-ECDSA-AES128-SHA | - | - | - | - | ✔ | ECDHE-ECDSA-AES256-SHA | - | - | - | - | ✔ |
|