功能介绍
加密套件是用于在SSL/TLS握手期间协商安全设置的算法的组合。在Client Hello和Server Hello消息交换之后,客户端发送密码支持套件列表,服务器从列表中选择密码套件进行响应。
天翼云全站加速在域名配置完HTTPS证书后,可选择加密套件类型:全部加密套件、强加密套件、自定义加密套件。
选择全部加密套件后,默认支持如下加密套件:
| 加密算法 | 最低版本的SSL/TLS协议 |
|---|---|
| TLS_AES_256_GCM_SHA384 | TLSv1.3 |
| TLS_CHACHA20_POLY1305_SHA256 | TLSv1.3 |
| TLS_AES_128_GCM_SHA256 | TLSv1.3 |
| ECDHE-ECDSA-AES256-GCM-SHA384 | TLSv1.2 |
| ECDHE-RSA-AES256-GCM-SHA384 | TLSv1.2 |
| DHE-DSS-AES256-GCM-SHA384 | TLSv1.2 |
| DHE-RSA-AES256-GCM-SHA384 | TLSv1.2 |
| ECDHE-ECDSA-CHACHA20-POLY1305 | TLSv1.2 |
| ECDHE-RSA-CHACHA20-POLY1305 | TLSv1.2 |
| DHE-RSA-CHACHA20-POLY1305 | TLSv1.2 |
| ECDHE-ECDSA-AES256-CCM8 | TLSv1.2 |
| ECDHE-ECDSA-AES256-CCM | TLSv1.2 |
| DHE-RSA-AES256-CCM8 | TLSv1.2 |
| DHE-RSA-AES256-CCM | TLSv1.2 |
| ECDHE-ECDSA-ARIA256-GCM-SHA384 | TLSv1.2 |
| ECDHE-ARIA256-GCM-SHA384 | TLSv1.2 |
| DHE-DSS-ARIA256-GCM-SHA384 | TLSv1.2 |
| DHE-RSA-ARIA256-GCM-SHA384 | TLSv1.2 |
| ECDHE-ECDSA-AES128-GCM-SHA256 | TLSv1.2 |
| ECDHE-RSA-AES128-GCM-SHA256 | TLSv1.2 |
| DHE-DSS-AES128-GCM-SHA256 | TLSv1.2 |
| DHE-RSA-AES128-GCM-SHA256 | TLSv1.2 |
| ECDHE-ECDSA-AES128-CCM8 | TLSv1.2 |
| ECDHE-ECDSA-AES128-CCM | TLSv1.2 |
| DHE-RSA-AES128-CCM8 | TLSv1.2 |
| DHE-RSA-AES128-CCM | TLSv1.2 |
| ECDHE-ECDSA-ARIA128-GCM-SHA256 | TLSv1.2 |
| ECDHE-ARIA128-GCM-SHA256 | TLSv1.2 |
| DHE-DSS-ARIA128-GCM-SHA256 | TLSv1.2 |
| DHE-RSA-ARIA128-GCM-SHA256 | TLSv1.2 |
| ECDHE-ECDSA-AES256-SHA384 | TLSv1.2 |
| ECDHE-RSA-AES256-SHA384 | TLSv1.2 |
| DHE-RSA-AES256-SHA256 | TLSv1.2 |
| DHE-DSS-AES256-SHA256 | TLSv1.2 |
| ECDHE-ECDSA-CAMELLIA256-SHA384 | TLSv1.2 |
| ECDHE-RSA-CAMELLIA256-SHA384 | TLSv1.2 |
| DHE-RSA-CAMELLIA256-SHA256 | TLSv1.2 |
| DHE-DSS-CAMELLIA256-SHA256 | TLSv1.2 |
| ECDHE-ECDSA-AES128-SHA256 | TLSv1.2 |
| ECDHE-RSA-AES128-SHA256 | TLSv1.2 |
| DHE-RSA-AES128-SHA256 | TLSv1.2 |
| DHE-DSS-AES128-SHA256 | TLSv1.2 |
| ECDHE-ECDSA-CAMELLIA128-SHA256 | TLSv1.2 |
| ECDHE-RSA-CAMELLIA128-SHA256 | TLSv1.2 |
| DHE-RSA-CAMELLIA128-SHA256 | TLSv1.2 |
| DHE-DSS-CAMELLIA128-SHA256 | TLSv1.2 |
| RSA-PSK-AES256-GCM-SHA384 | TLSv1.2 |
| DHE-PSK-AES256-GCM-SHA384 | TLSv1.2 |
| RSA-PSK-CHACHA20-POLY1305 | TLSv1.2 |
| DHE-PSK-CHACHA20-POLY1305 | TLSv1.2 |
| ECDHE-PSK-CHACHA20-POLY1305 | TLSv1.2 |
| DHE-PSK-AES256-CCM8 | TLSv1.2 |
| DHE-PSK-AES256-CCM | TLSv1.2 |
| RSA-PSK-ARIA256-GCM-SHA384 | TLSv1.2 |
| DHE-PSK-ARIA256-GCM-SHA384 | TLSv1.2 |
| AES256-GCM-SHA384 | TLSv1.2 |
| AES256-CCM8 | TLSv1.2 |
| AES256-CCM | TLSv1.2 |
| ARIA256-GCM-SHA384 | TLSv1.2 |
| PSK-AES256-GCM-SHA384 | TLSv1.2 |
| PSK-CHACHA20-POLY1305 | TLSv1.2 |
| PSK-AES256-CCM8 | TLSv1.2 |
| PSK-AES256-CCM | TLSv1.2 |
| PSK-ARIA256-GCM-SHA384 | TLSv1.2 |
| RSA-PSK-AES128-GCM-SHA256 | TLSv1.2 |
| DHE-PSK-AES128-GCM-SHA256 | TLSv1.2 |
| DHE-PSK-AES128-CCM8 | TLSv1.2 |
| DHE-PSK-AES128-CCM | TLSv1.2 |
| RSA-PSK-ARIA128-GCM-SHA256 | TLSv1.2 |
| DHE-PSK-ARIA128-GCM-SHA256 | TLSv1.2 |
| AES128-GCM-SHA256 | TLSv1.2 |
| AES128-CCM8 | TLSv1.2 |
| AES128-CCM | TLSv1.2 |
| ARIA128-GCM-SHA256 | TLSv1.2 |
| PSK-AES128-GCM-SHA256 | TLSv1.2 |
| PSK-AES128-CCM8 | TLSv1.2 |
| PSK-AES128-CCM | TLSv1.2 |
| PSK-ARIA128-GCM-SHA256 | TLSv1.2 |
| AES256-SHA256 | TLSv1.2 |
| CAMELLIA256-SHA256 | TLSv1.2 |
| AES128-SHA256 | TLSv1.2 |
| CAMELLIA128-SHA256 | TLSv1.2 |
| ECDHE-ECDSA-AES256-SHA | TLSv1 |
| ECDHE-RSA-AES256-SHA | TLSv1 |
| ECDHE-ECDSA-AES128-SHA | TLSv1 |
| ECDHE-RSA-AES128-SHA | TLSv1 |
| ECDHE-PSK-AES256-CBC-SHA384 | TLSv1 |
| ECDHE-PSK-AES256-CBC-SHA | TLSv1 |
| RSA-PSK-AES256-CBC-SHA384 | TLSv1 |
| DHE-PSK-AES256-CBC-SHA384 | TLSv1 |
| ECDHE-PSK-CAMELLIA256-SHA384 | TLSv1 |
| RSA-PSK-CAMELLIA256-SHA384 | TLSv1 |
| DHE-PSK-CAMELLIA256-SHA384 | TLSv1 |
| PSK-AES256-CBC-SHA384 | TLSv1 |
| PSK-CAMELLIA256-SHA384 | TLSv1 |
| ECDHE-PSK-AES128-CBC-SHA256 | TLSv1 |
| ECDHE-PSK-AES128-CBC-SHA | TLSv1 |
| RSA-PSK-AES128-CBC-SHA256 | TLSv1 |
| DHE-PSK-AES128-CBC-SHA256 | TLSv1 |
| ECDHE-PSK-CAMELLIA128-SHA256 | TLSv1 |
| RSA-PSK-CAMELLIA128-SHA256 | TLSv1 |
| DHE-PSK-CAMELLIA128-SHA256 | TLSv1 |
| PSK-AES128-CBC-SHA256 | TLSv1 |
| PSK-CAMELLIA128-SHA256 | TLSv1 |
| DHE-RSA-AES256-SHA | SSLv3 |
| DHE-DSS-AES256-SHA | SSLv3 |
| DHE-RSA-CAMELLIA256-SHA | SSLv3 |
| DHE-DSS-CAMELLIA256-SHA | SSLv3 |
| DHE-RSA-AES128-SHA | SSLv3 |
| DHE-DSS-AES128-SHA | SSLv3 |
| DHE-RSA-CAMELLIA128-SHA | SSLv3 |
| DHE-DSS-CAMELLIA128-SHA | SSLv3 |
| SRP-DSS-AES-256-CBC-SHA | SSLv3 |
| SRP-RSA-AES-256-CBC-SHA | SSLv3 |
| SRP-AES-256-CBC-SHA | SSLv3 |
| RSA-PSK-AES256-CBC-SHA | SSLv3 |
| DHE-PSK-AES256-CBC-SHA | SSLv3 |
| AES256-SHA | SSLv3 |
| CAMELLIA256-SHA | SSLv3 |
| PSK-AES256-CBC-SHA | SSLv3 |
| SRP-DSS-AES-128-CBC-SHA | SSLv3 |
| SRP-RSA-AES-128-CBC-SHA | SSLv3 |
| SRP-AES-128-CBC-SHA | SSLv3 |
| RSA-PSK-AES128-CBC-SHA | SSLv3 |
| DHE-PSK-AES128-CBC-SHA | SSLv3 |
| AES128-SHA | SSLv3 |
| CAMELLIA128-SHA | SSLv3 |
| PSK-AES128-CBC-SHA | SSLv3 |
选择强加密套件后,默认支持如下加密套件:
| 加密算法 | 最低版本的SSL/TLS协议 |
|---|---|
| TLS_AES_256_GCM_SHA384 | TLSv1.3 |
| TLS_CHACHA20_POLY1305_SHA256 | TLSv1.3 |
| TLS_AES_128_GCM_SHA256 | TLSv1.3 |
| ECDHE-ECDSA-CHACHA20-POLY1305 | TLSv1.2 |
| ECDHE-RSA-CHACHA20-POLY1305 | TLSv1.2 |
| ECDHE-ECDSA-AES256-GCM-SHA384 | TLSv1.2 |
| ECDHE-RSA-AES256-GCM-SHA384 | TLSv1.2 |
| ECDHE-ECDSA-AES256-CCM8 | TLSv1.2 |
| ECDHE-ECDSA-AES256-CCM | TLSv1.2 |
| ECDHE-ECDSA-ARIA256-GCM-SHA384 | TLSv1.2 |
| ECDHE-ARIA256-GCM-SHA384 | TLSv1.2 |
| ECDHE-ECDSA-AES128-GCM-SHA256 | TLSv1.2 |
| ECDHE-RSA-AES128-GCM-SHA256 | TLSv1.2 |
| ECDHE-ECDSA-AES128-CCM8 | TLSv1.2 |
| ECDHE-ECDSA-AES128-CCM | TLSv1.2 |
| ECDHE-ECDSA-ARIA128-GCM-SHA256 | TLSv1.2 |
| ECDHE-ARIA128-GCM-SHA256 | TLSv1.2 |
选择自定义加密套件后,可从如下列表中自定义选择1个或多个加密套件:
| 加密算法 | 最低版本的SSL/TLS协议 |
|---|---|
| TLS_AES_256_GCM_SHA384 | TLSv1.3 |
| TLS_CHACHA20_POLY1305_SHA256 | TLSv1.3 |
| TLS_AES_128_GCM_SHA256 | TLSv1.3 |
| ECDHE-ECDSA-AES256-GCM-SHA384 | TLSv1.2 |
| ECDHE-RSA-AES256-GCM-SHA384 | TLSv1.2 |
| ECDHE-ECDSA-CHACHA20-POLY1305 | TLSv1.2 |
| ECDHE-RSA-CHACHA20-POLY1305 | TLSv1.2 |
| ECDHE-ECDSA-AES256-CCM8 | TLSv1.2 |
| ECDHE-ECDSA-AES256-CCM | TLSv1.2 |
| ECDHE-ECDSA-ARIA256-GCM-SHA384 | TLSv1.2 |
| ECDHE-ARIA256-GCM-SHA384 | TLSv1.2 |
| ECDHE-ECDSA-AES128-GCM-SHA256 | TLSv1.2 |
| ECDHE-RSA-AES128-GCM-SHA256 | TLSv1.2 |
| ECDHE-ECDSA-AES128-CCM8 | TLSv1.2 |
| ECDHE-ECDSA-AES128-CCM | TLSv1.2 |
| ECDHE-ECDSA-ARIA128-GCM-SHA256 | TLSv1.2 |
| ECDHE-ARIA128-GCM-SHA256 | TLSv1.2 |
| ECDHE-ECDSA-AES256-SHA384 | TLSv1.2 |
| ECDHE-RSA-AES256-SHA384 | TLSv1.2 |
| ECDHE-ECDSA-CAMELLIA256-SHA384 | TLSv1.2 |
| ECDHE-RSA-CAMELLIA256-SHA384 | TLSv1.2 |
| ECDHE-ECDSA-AES128-SHA256 | TLSv1.2 |
| ECDHE-RSA-AES128-SHA256 | TLSv1.2 |
| ECDHE-ECDSA-CAMELLIA128-SHA256 | TLSv1.2 |
| ECDHE-RSA-CAMELLIA128-SHA256 | TLSv1.2 |
| AES256-GCM-SHA384 | TLSv1.2 |
| AES256-CCM8 | TLSv1.2 |
| AES256-CCM | TLSv1.2 |
| ARIA256-GCM-SHA384 | TLSv1.2 |
| AES128-GCM-SHA256 | TLSv1.2 |
| AES128-CCM8 | TLSv1.2 |
| AES128-CCM | TLSv1.2 |
| ARIA128-GCM-SHA256 | TLSv1.2 |
| AES256-SHA256 | TLSv1.2 |
| CAMELLIA256-SHA256 | TLSv1.2 |
| AES128-SHA256 | TLSv1.2 |
| CAMELLIA128-SHA256 | TLSv1.2 |
配置说明
- 登录客户控制台。
- 单击左侧导航栏【域名管理】-【域名列表】。
- 在【域名列表】页面,找到目标域名,单击【操作】列的【编辑】。
- 单击右侧【HTTPS配置】。
- 按需选择加密套件。
注意选择加密套件前,请确保已选择证书,未选择证书将无法选择加密套件。
