功能介绍
加密套件是用于在SSL / TLS握手期间协商安全设置的算法的组合。在Client Hello和Server Hello消息交换之后,客户端发送密码支持套件列表,服务器从列表中选择密码套件进行响应。
天翼云CDN支持的SSL/TLS加密套件及对应套件支持的最低版本的SSL/TLS协议如下:
| 加密算法 | 最低版本的SSL/TLS协议 |
|---|---|
| TLS_AES_256_GCM_SHA384 | TLSv1.3 |
| TLS_CHACHA20_POLY1305_SHA256 | TLSv1.3 |
| TLS_AES_128_GCM_SHA256 | TLSv1.3 |
| ECDHE-ECDSA-AES256-GCM-SHA384 | TLSv1.2 |
| ECDHE-RSA-AES256-GCM-SHA384 | TLSv1.2 |
| DHE-DSS-AES256-GCM-SHA384 | TLSv1.2 |
| DHE-RSA-AES256-GCM-SHA384 | TLSv1.2 |
| ECDHE-ECDSA-CHACHA20-POLY1305 | TLSv1.2 |
| ECDHE-RSA-CHACHA20-POLY1305 | TLSv1.2 |
| DHE-RSA-CHACHA20-POLY1305 | TLSv1.2 |
| ECDHE-ECDSA-AES256-CCM8 | TLSv1.2 |
| ECDHE-ECDSA-AES256-CCM | TLSv1.2 |
| DHE-RSA-AES256-CCM8 | TLSv1.2 |
| DHE-RSA-AES256-CCM | TLSv1.2 |
| ECDHE-ECDSA-ARIA256-GCM-SHA384 | TLSv1.2 |
| ECDHE-ARIA256-GCM-SHA384 | TLSv1.2 |
| DHE-DSS-ARIA256-GCM-SHA384 | TLSv1.2 |
| DHE-RSA-ARIA256-GCM-SHA384 | TLSv1.2 |
| ECDHE-ECDSA-AES128-GCM-SHA256 | TLSv1.2 |
| ECDHE-RSA-AES128-GCM-SHA256 | TLSv1.2 |
| DHE-DSS-AES128-GCM-SHA256 | TLSv1.2 |
| DHE-RSA-AES128-GCM-SHA256 | TLSv1.2 |
| ECDHE-ECDSA-AES128-CCM8 | TLSv1.2 |
| ECDHE-ECDSA-AES128-CCM | TLSv1.2 |
| DHE-RSA-AES128-CCM8 | TLSv1.2 |
| DHE-RSA-AES128-CCM | TLSv1.2 |
| ECDHE-ECDSA-ARIA128-GCM-SHA256 | TLSv1.2 |
| ECDHE-ARIA128-GCM-SHA256 | TLSv1.2 |
| DHE-DSS-ARIA128-GCM-SHA256 | TLSv1.2 |
| DHE-RSA-ARIA128-GCM-SHA256 | TLSv1.2 |
| ECDHE-ECDSA-AES256-SHA384 | TLSv1.2 |
| ECDHE-RSA-AES256-SHA384 | TLSv1.2 |
| DHE-RSA-AES256-SHA256 | TLSv1.2 |
| DHE-DSS-AES256-SHA256 | TLSv1.2 |
| ECDHE-ECDSA-CAMELLIA256-SHA384 | TLSv1.2 |
| ECDHE-RSA-CAMELLIA256-SHA384 | TLSv1.2 |
| DHE-RSA-CAMELLIA256-SHA256 | TLSv1.2 |
| DHE-DSS-CAMELLIA256-SHA256 | TLSv1.2 |
| ECDHE-ECDSA-AES128-SHA256 | TLSv1.2 |
| ECDHE-RSA-AES128-SHA256 | TLSv1.2 |
| DHE-RSA-AES128-SHA256 | TLSv1.2 |
| DHE-DSS-AES128-SHA256 | TLSv1.2 |
| ECDHE-ECDSA-CAMELLIA128-SHA256 | TLSv1.2 |
| ECDHE-RSA-CAMELLIA128-SHA256 | TLSv1.2 |
| DHE-RSA-CAMELLIA128-SHA256 | TLSv1.2 |
| DHE-DSS-CAMELLIA128-SHA256 | TLSv1.2 |
| RSA-PSK-AES256-GCM-SHA384 | TLSv1.2 |
| DHE-PSK-AES256-GCM-SHA384 | TLSv1.2 |
| RSA-PSK-CHACHA20-POLY1305 | TLSv1.2 |
| DHE-PSK-CHACHA20-POLY1305 | TLSv1.2 |
| ECDHE-PSK-CHACHA20-POLY1305 | TLSv1.2 |
| DHE-PSK-AES256-CCM8 | TLSv1.2 |
| DHE-PSK-AES256-CCM | TLSv1.2 |
| RSA-PSK-ARIA256-GCM-SHA384 | TLSv1.2 |
| DHE-PSK-ARIA256-GCM-SHA384 | TLSv1.2 |
| AES256-GCM-SHA384 | TLSv1.2 |
| AES256-CCM8 | TLSv1.2 |
| AES256-CCM | TLSv1.2 |
| ARIA256-GCM-SHA384 | TLSv1.2 |
| PSK-AES256-GCM-SHA384 | TLSv1.2 |
| PSK-CHACHA20-POLY1305 | TLSv1.2 |
| PSK-AES256-CCM8 | TLSv1.2 |
| PSK-AES256-CCM | TLSv1.2 |
| PSK-ARIA256-GCM-SHA384 | TLSv1.2 |
| RSA-PSK-AES128-GCM-SHA256 | TLSv1.2 |
| DHE-PSK-AES128-GCM-SHA256 | TLSv1.2 |
| DHE-PSK-AES128-CCM8 | TLSv1.2 |
| DHE-PSK-AES128-CCM | TLSv1.2 |
| RSA-PSK-ARIA128-GCM-SHA256 | TLSv1.2 |
| DHE-PSK-ARIA128-GCM-SHA256 | TLSv1.2 |
| AES128-GCM-SHA256 | TLSv1.2 |
| AES128-CCM8 | TLSv1.2 |
| AES128-CCM | TLSv1.2 |
| ARIA128-GCM-SHA256 | TLSv1.2 |
| PSK-AES128-GCM-SHA256 | TLSv1.2 |
| PSK-AES128-CCM8 | TLSv1.2 |
| PSK-AES128-CCM | TLSv1.2 |
| PSK-ARIA128-GCM-SHA256 | TLSv1.2 |
| AES256-SHA256 | TLSv1.2 |
| CAMELLIA256-SHA256 | TLSv1.2 |
| AES128-SHA256 | TLSv1.2 |
| CAMELLIA128-SHA256 | TLSv1.2 |
| ECDHE-ECDSA-AES256-SHA | TLSv1 |
| ECDHE-RSA-AES256-SHA | TLSv1 |
| ECDHE-ECDSA-AES128-SHA | TLSv1 |
| ECDHE-RSA-AES128-SHA | TLSv1 |
| ECDHE-PSK-AES256-CBC-SHA384 | TLSv1 |
| ECDHE-PSK-AES256-CBC-SHA | TLSv1 |
| RSA-PSK-AES256-CBC-SHA384 | TLSv1 |
| DHE-PSK-AES256-CBC-SHA384 | TLSv1 |
| ECDHE-PSK-CAMELLIA256-SHA384 | TLSv1 |
| RSA-PSK-CAMELLIA256-SHA384 | TLSv1 |
| DHE-PSK-CAMELLIA256-SHA384 | TLSv1 |
| PSK-AES256-CBC-SHA384 | TLSv1 |
| PSK-CAMELLIA256-SHA384 | TLSv1 |
| ECDHE-PSK-AES128-CBC-SHA256 | TLSv1 |
| ECDHE-PSK-AES128-CBC-SHA | TLSv1 |
| RSA-PSK-AES128-CBC-SHA256 | TLSv1 |
| DHE-PSK-AES128-CBC-SHA256 | TLSv1 |
| ECDHE-PSK-CAMELLIA128-SHA256 | TLSv1 |
| RSA-PSK-CAMELLIA128-SHA256 | TLSv1 |
| DHE-PSK-CAMELLIA128-SHA256 | TLSv1 |
| PSK-AES128-CBC-SHA256 | TLSv1 |
| PSK-CAMELLIA128-SHA256 | TLSv1 |
| DHE-RSA-AES256-SHA | SSLv3 |
| DHE-DSS-AES256-SHA | SSLv3 |
| DHE-RSA-CAMELLIA256-SHA | SSLv3 |
| DHE-DSS-CAMELLIA256-SHA | SSLv3 |
| DHE-RSA-AES128-SHA | SSLv3 |
| DHE-DSS-AES128-SHA | SSLv3 |
| DHE-RSA-CAMELLIA128-SHA | SSLv3 |
| DHE-DSS-CAMELLIA128-SHA | SSLv3 |
| SRP-DSS-AES-256-CBC-SHA | SSLv3 |
| SRP-RSA-AES-256-CBC-SHA | SSLv3 |
| SRP-AES-256-CBC-SHA | SSLv3 |
| RSA-PSK-AES256-CBC-SHA | SSLv3 |
| DHE-PSK-AES256-CBC-SHA | SSLv3 |
| AES256-SHA | SSLv3 |
| CAMELLIA256-SHA | SSLv3 |
| PSK-AES256-CBC-SHA | SSLv3 |
| SRP-DSS-AES-128-CBC-SHA | SSLv3 |
| SRP-RSA-AES-128-CBC-SHA | SSLv3 |
| SRP-AES-128-CBC-SHA | SSLv3 |
| RSA-PSK-AES128-CBC-SHA | SSLv3 |
| DHE-PSK-AES128-CBC-SHA | SSLv3 |
| AES128-SHA | SSLv3 |
| CAMELLIA128-SHA | SSLv3 |
| PSK-AES128-CBC-SHA | SSLv3 |
配置说明
该功能默认支持所有加密套件,暂不支持客户自助配置,如您需要调整域名支持的加密套件,请提供需支持的加密套件,并提交工单给天翼云客服进行配置。
