功能介绍
加密套件是用于在SSL/TLS握手期间协商安全设置的算法的组合。在Client Hello和Server Hello消息交换之后,客户端发送密码支持套件列表,服务器从列表中选择密码套件进行响应。
天翼云CDN加速在域名配置完HTTPS证书后,可选择加密套件类型:全部加密套件、强加密套件、自定义加密套件。
选择全部加密套件后,默认支持的加密套件及对应套件支持的最低版本的SSL/TLS协议如下:
加密算法 | 最低版本的SSL/TLS协议 |
---|---|
TLS_AES_256_GCM_SHA384 | TLSv1.3 |
TLS_CHACHA20_POLY1305_SHA256 | TLSv1.3 |
TLS_AES_128_GCM_SHA256 | TLSv1.3 |
ECDHE-ECDSA-AES256-GCM-SHA384 | TLSv1.2 |
ECDHE-RSA-AES256-GCM-SHA384 | TLSv1.2 |
DHE-DSS-AES256-GCM-SHA384 | TLSv1.2 |
DHE-RSA-AES256-GCM-SHA384 | TLSv1.2 |
ECDHE-ECDSA-CHACHA20-POLY1305 | TLSv1.2 |
ECDHE-RSA-CHACHA20-POLY1305 | TLSv1.2 |
DHE-RSA-CHACHA20-POLY1305 | TLSv1.2 |
ECDHE-ECDSA-AES256-CCM8 | TLSv1.2 |
ECDHE-ECDSA-AES256-CCM | TLSv1.2 |
DHE-RSA-AES256-CCM8 | TLSv1.2 |
DHE-RSA-AES256-CCM | TLSv1.2 |
ECDHE-ECDSA-ARIA256-GCM-SHA384 | TLSv1.2 |
ECDHE-ARIA256-GCM-SHA384 | TLSv1.2 |
DHE-DSS-ARIA256-GCM-SHA384 | TLSv1.2 |
DHE-RSA-ARIA256-GCM-SHA384 | TLSv1.2 |
ECDHE-ECDSA-AES128-GCM-SHA256 | TLSv1.2 |
ECDHE-RSA-AES128-GCM-SHA256 | TLSv1.2 |
DHE-DSS-AES128-GCM-SHA256 | TLSv1.2 |
DHE-RSA-AES128-GCM-SHA256 | TLSv1.2 |
ECDHE-ECDSA-AES128-CCM8 | TLSv1.2 |
ECDHE-ECDSA-AES128-CCM | TLSv1.2 |
DHE-RSA-AES128-CCM8 | TLSv1.2 |
DHE-RSA-AES128-CCM | TLSv1.2 |
ECDHE-ECDSA-ARIA128-GCM-SHA256 | TLSv1.2 |
ECDHE-ARIA128-GCM-SHA256 | TLSv1.2 |
DHE-DSS-ARIA128-GCM-SHA256 | TLSv1.2 |
DHE-RSA-ARIA128-GCM-SHA256 | TLSv1.2 |
ECDHE-ECDSA-AES256-SHA384 | TLSv1.2 |
ECDHE-RSA-AES256-SHA384 | TLSv1.2 |
DHE-RSA-AES256-SHA256 | TLSv1.2 |
DHE-DSS-AES256-SHA256 | TLSv1.2 |
ECDHE-ECDSA-CAMELLIA256-SHA384 | TLSv1.2 |
ECDHE-RSA-CAMELLIA256-SHA384 | TLSv1.2 |
DHE-RSA-CAMELLIA256-SHA256 | TLSv1.2 |
DHE-DSS-CAMELLIA256-SHA256 | TLSv1.2 |
ECDHE-ECDSA-AES128-SHA256 | TLSv1.2 |
ECDHE-RSA-AES128-SHA256 | TLSv1.2 |
DHE-RSA-AES128-SHA256 | TLSv1.2 |
DHE-DSS-AES128-SHA256 | TLSv1.2 |
ECDHE-ECDSA-CAMELLIA128-SHA256 | TLSv1.2 |
ECDHE-RSA-CAMELLIA128-SHA256 | TLSv1.2 |
DHE-RSA-CAMELLIA128-SHA256 | TLSv1.2 |
DHE-DSS-CAMELLIA128-SHA256 | TLSv1.2 |
RSA-PSK-AES256-GCM-SHA384 | TLSv1.2 |
DHE-PSK-AES256-GCM-SHA384 | TLSv1.2 |
RSA-PSK-CHACHA20-POLY1305 | TLSv1.2 |
DHE-PSK-CHACHA20-POLY1305 | TLSv1.2 |
ECDHE-PSK-CHACHA20-POLY1305 | TLSv1.2 |
DHE-PSK-AES256-CCM8 | TLSv1.2 |
DHE-PSK-AES256-CCM | TLSv1.2 |
RSA-PSK-ARIA256-GCM-SHA384 | TLSv1.2 |
DHE-PSK-ARIA256-GCM-SHA384 | TLSv1.2 |
AES256-GCM-SHA384 | TLSv1.2 |
AES256-CCM8 | TLSv1.2 |
AES256-CCM | TLSv1.2 |
ARIA256-GCM-SHA384 | TLSv1.2 |
PSK-AES256-GCM-SHA384 | TLSv1.2 |
PSK-CHACHA20-POLY1305 | TLSv1.2 |
PSK-AES256-CCM8 | TLSv1.2 |
PSK-AES256-CCM | TLSv1.2 |
PSK-ARIA256-GCM-SHA384 | TLSv1.2 |
RSA-PSK-AES128-GCM-SHA256 | TLSv1.2 |
DHE-PSK-AES128-GCM-SHA256 | TLSv1.2 |
DHE-PSK-AES128-CCM8 | TLSv1.2 |
DHE-PSK-AES128-CCM | TLSv1.2 |
RSA-PSK-ARIA128-GCM-SHA256 | TLSv1.2 |
DHE-PSK-ARIA128-GCM-SHA256 | TLSv1.2 |
AES128-GCM-SHA256 | TLSv1.2 |
AES128-CCM8 | TLSv1.2 |
AES128-CCM | TLSv1.2 |
ARIA128-GCM-SHA256 | TLSv1.2 |
PSK-AES128-GCM-SHA256 | TLSv1.2 |
PSK-AES128-CCM8 | TLSv1.2 |
PSK-AES128-CCM | TLSv1.2 |
PSK-ARIA128-GCM-SHA256 | TLSv1.2 |
AES256-SHA256 | TLSv1.2 |
CAMELLIA256-SHA256 | TLSv1.2 |
AES128-SHA256 | TLSv1.2 |
CAMELLIA128-SHA256 | TLSv1.2 |
ECDHE-ECDSA-AES256-SHA | TLSv1 |
ECDHE-RSA-AES256-SHA | TLSv1 |
ECDHE-ECDSA-AES128-SHA | TLSv1 |
ECDHE-RSA-AES128-SHA | TLSv1 |
ECDHE-PSK-AES256-CBC-SHA384 | TLSv1 |
ECDHE-PSK-AES256-CBC-SHA | TLSv1 |
RSA-PSK-AES256-CBC-SHA384 | TLSv1 |
DHE-PSK-AES256-CBC-SHA384 | TLSv1 |
ECDHE-PSK-CAMELLIA256-SHA384 | TLSv1 |
RSA-PSK-CAMELLIA256-SHA384 | TLSv1 |
DHE-PSK-CAMELLIA256-SHA384 | TLSv1 |
PSK-AES256-CBC-SHA384 | TLSv1 |
PSK-CAMELLIA256-SHA384 | TLSv1 |
ECDHE-PSK-AES128-CBC-SHA256 | TLSv1 |
ECDHE-PSK-AES128-CBC-SHA | TLSv1 |
RSA-PSK-AES128-CBC-SHA256 | TLSv1 |
DHE-PSK-AES128-CBC-SHA256 | TLSv1 |
ECDHE-PSK-CAMELLIA128-SHA256 | TLSv1 |
RSA-PSK-CAMELLIA128-SHA256 | TLSv1 |
DHE-PSK-CAMELLIA128-SHA256 | TLSv1 |
PSK-AES128-CBC-SHA256 | TLSv1 |
PSK-CAMELLIA128-SHA256 | TLSv1 |
DHE-RSA-AES256-SHA | SSLv3 |
DHE-DSS-AES256-SHA | SSLv3 |
DHE-RSA-CAMELLIA256-SHA | SSLv3 |
DHE-DSS-CAMELLIA256-SHA | SSLv3 |
DHE-RSA-AES128-SHA | SSLv3 |
DHE-DSS-AES128-SHA | SSLv3 |
DHE-RSA-CAMELLIA128-SHA | SSLv3 |
DHE-DSS-CAMELLIA128-SHA | SSLv3 |
SRP-DSS-AES-256-CBC-SHA | SSLv3 |
SRP-RSA-AES-256-CBC-SHA | SSLv3 |
SRP-AES-256-CBC-SHA | SSLv3 |
RSA-PSK-AES256-CBC-SHA | SSLv3 |
DHE-PSK-AES256-CBC-SHA | SSLv3 |
AES256-SHA | SSLv3 |
CAMELLIA256-SHA | SSLv3 |
PSK-AES256-CBC-SHA | SSLv3 |
SRP-DSS-AES-128-CBC-SHA | SSLv3 |
SRP-RSA-AES-128-CBC-SHA | SSLv3 |
SRP-AES-128-CBC-SHA | SSLv3 |
RSA-PSK-AES128-CBC-SHA | SSLv3 |
DHE-PSK-AES128-CBC-SHA | SSLv3 |
AES128-SHA | SSLv3 |
CAMELLIA128-SHA | SSLv3 |
PSK-AES128-CBC-SHA | SSLv3 |
选择强加密套件后,默认支持的加密套件及对应套件支持的最低版本的SSL/TLS协议如下:
加密算法 | 最低版本的SSL/TLS协议 |
---|---|
TLS_AES_256_GCM_SHA384 | TLSv1.3 |
TLS_CHACHA20_POLY1305_SHA256 | TLSv1.3 |
TLS_AES_128_GCM_SHA256 | TLSv1.3 |
ECDHE-ECDSA-CHACHA20-POLY1305 | TLSv1.2 |
ECDHE-RSA-CHACHA20-POLY1305 | TLSv1.2 |
ECDHE-ECDSA-AES256-GCM-SHA384 | TLSv1.2 |
ECDHE-RSA-AES256-GCM-SHA384 | TLSv1.2 |
ECDHE-ECDSA-AES256-CCM8 | TLSv1.2 |
ECDHE-ECDSA-AES256-CCM | TLSv1.2 |
ECDHE-ECDSA-ARIA256-GCM-SHA384 | TLSv1.2 |
ECDHE-ARIA256-GCM-SHA384 | TLSv1.2 |
ECDHE-ECDSA-AES128-GCM-SHA256 | TLSv1.2 |
ECDHE-RSA-AES128-GCM-SHA256 | TLSv1.2 |
ECDHE-ECDSA-AES128-CCM8 | TLSv1.2 |
ECDHE-ECDSA-AES128-CCM | TLSv1.2 |
ECDHE-ECDSA-ARIA128-GCM-SHA256 | TLSv1.2 |
ECDHE-ARIA128-GCM-SHA256 | TLSv1.2 |
选择自定义加密套件后,可从如下列表中自定义选择1个或多个加密套件:
加密算法 | 最低版本的SSL/TLS协议 |
---|---|
TLS_AES_256_GCM_SHA384 | TLSv1.3 |
TLS_CHACHA20_POLY1305_SHA256 | TLSv1.3 |
TLS_AES_128_GCM_SHA256 | TLSv1.3 |
ECDHE-ECDSA-AES256-GCM-SHA384 | TLSv1.2 |
ECDHE-RSA-AES256-GCM-SHA384 | TLSv1.2 |
ECDHE-ECDSA-CHACHA20-POLY1305 | TLSv1.2 |
ECDHE-RSA-CHACHA20-POLY1305 | TLSv1.2 |
ECDHE-ECDSA-AES256-CCM8 | TLSv1.2 |
ECDHE-ECDSA-AES256-CCM | TLSv1.2 |
ECDHE-ECDSA-ARIA256-GCM-SHA384 | TLSv1.2 |
ECDHE-ARIA256-GCM-SHA384 | TLSv1.2 |
ECDHE-ECDSA-AES128-GCM-SHA256 | TLSv1.2 |
ECDHE-RSA-AES128-GCM-SHA256 | TLSv1.2 |
ECDHE-ECDSA-AES128-CCM8 | TLSv1.2 |
ECDHE-ECDSA-AES128-CCM | TLSv1.2 |
ECDHE-ECDSA-ARIA128-GCM-SHA256 | TLSv1.2 |
ECDHE-ARIA128-GCM-SHA256 | TLSv1.2 |
ECDHE-ECDSA-AES256-SHA384 | TLSv1.2 |
ECDHE-RSA-AES256-SHA384 | TLSv1.2 |
ECDHE-ECDSA-CAMELLIA256-SHA384 | TLSv1.2 |
ECDHE-RSA-CAMELLIA256-SHA384 | TLSv1.2 |
ECDHE-ECDSA-AES128-SHA256 | TLSv1.2 |
ECDHE-RSA-AES128-SHA256 | TLSv1.2 |
ECDHE-ECDSA-CAMELLIA128-SHA256 | TLSv1.2 |
ECDHE-RSA-CAMELLIA128-SHA256 | TLSv1.2 |
AES256-GCM-SHA384 | TLSv1.2 |
AES256-CCM8 | TLSv1.2 |
AES256-CCM | TLSv1.2 |
ARIA256-GCM-SHA384 | TLSv1.2 |
AES128-GCM-SHA256 | TLSv1.2 |
AES128-CCM8 | TLSv1.2 |
AES128-CCM | TLSv1.2 |
ARIA128-GCM-SHA256 | TLSv1.2 |
AES256-SHA256 | TLSv1.2 |
CAMELLIA256-SHA256 | TLSv1.2 |
AES128-SHA256 | TLSv1.2 |
CAMELLIA128-SHA256 | TLSv1.2 |
注意事项
配置加密套件前,请确保已成功配置HTTPS证书,操作方法详情请见:新增证书。
TLS版本默认开启 TLS v1.0、TLS v1.1、TLS v1.2、TLS v1.3。
配置说明
登录CDN控制台。
单击左侧导航栏【域名管理】-【域名列表】。
在【域名列表】页面,找到目标域名,单击【操作】列的【编辑】。
单击右侧【请求协议】。
在【请求协议】模块,勾选【HTTPS】。
单击右侧【HTTPS配置】。
在【证书】模块,选择域名对应的证书。如果已经在证书管理上传证书,可直接选择对应域名证书。如果还未上传证书,可单击【点击上传】,添加自有证书。添加完毕后,再选择对应证书。
在【加密套件】模块,根据需求选择加密套件。