性能保障型负载均衡实例在创建和配置HTTPS监听时,支持选择TLS安全策略。
选择TLS安全策略
您可以在添加或者配置HTTPS监听时,在SSL证书页签,单击高级配置后面的修改,在展开项中选择TLS安全策略。具体操作,请参见添加HTTPS监听。
TLS安全策略
TLS安全策略包含HTTPS可选的TLS协议版本和配套的加密算法套件。TLS协议版本越高,HTTPS通信的安全性越高,但是相较于低版本TLS协议,高版本TLS协议对浏览器的兼容性较差。
|
安全策略 |
支持TLS版本 |
支持加密算法套件 |
|
tls_cipher_policy_1_0 |
TLSv1.0、TLSv1.1和TLSv1.2 |
ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、AES128-GCM-SHA256、AES256-GCM-SHA384、AES128-SHA256、AES256-SHA256、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA、AES128-SHA、AES256-SHA、DES-CBC3-SHA |
|
tls_cipher_policy_1_1 |
TLSv1.1和TLSv1.2 |
ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、AES128-GCM-SHA256、AES256-GCM-SHA384、AES128-SHA256、AES256-SHA256、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA、AES128-SHA、AES256-SHA、DES-CBC3-SHA |
|
tls_cipher_policy_1_2 |
TLSv1.2 |
ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、AES128-GCM-SHA256、AES256-GCM-SHA384、AES128-SHA256、AES256-SHA256、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA、AES128-SHA、AES256-SHA、DES-CBC3-SHA |
|
tls_cipher_policy_1_2_strict |
TLSv1.2 |
ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA |
|
tls_cipher_policy_1_2_strict_with_1_3 |
TLSv1.2及TLSv1.3 |
TLS_AES_256_GCM_SHA384、TLS_CHACHA20_POLY1305_SHA256、TLS_AES_128_CCM_SHA256、TLS_AES_128_CCM_8_SHA256、ECDHE-ECDSA-AES128-GCM-SHA256、ECDHE-ECDSA-AES256-GCM-SHA384、ECDHE-ECDSA-AES128-SHA256、ECDHE-ECDSA-AES256-SHA384、ECDHE-RSA-AES128-GCM-SHA256、ECDHE-RSA-AES256-GCM-SHA384、ECDHE-RSA-AES128-SHA256、ECDHE-RSA-AES256-SHA384、ECDHE-ECDSA-AES128-SHA、ECDHE-ECDSA-AES256-SHA、ECDHE-RSA-AES128-SHA、ECDHE-RSA-AES256-SHA |
TLS安全策略支持的加密算法套件
|
安全策略 |
tls_cipher_policy_1_0 |
tls_cipher_policy_1_1 |
tls_cipher_policy_1_2 |
tls_cipher_policy_1_2_strict |
tls_cipher_policy_1_2_strict_with_1_3 |
|
|
TLS |
1.2、1.1及1.0 |
1.1及1.2 |
1.2 |
1.2 |
1.2及1.3 |
|
|
CIPHER |
ECDHE-RSA-AES128-GCM-SHA256 |
✔ |
✔ |
✔ |
✔ |
✔ |
|
ECDHE-RSA-AES256-GCM-SHA384 |
✔ |
✔ |
✔ |
✔ |
✔ |
|
|
ECDHE-RSA-AES128-SHA256 |
✔ |
✔ |
✔ |
✔ |
✔ |
|
|
ECDHE-RSA-AES256-SHA384 |
✔ |
✔ |
✔ |
✔ |
✔ |
|
|
AES128-GCM-SHA256 |
✔ |
✔ |
✔ |
– |
– |
|
|
AES256-GCM-SHA384 |
✔ |
✔ |
✔ |
– |
– |
|
|
AES128-SHA256 |
✔ |
✔ |
✔ |
– |
– |
|
|
AES256-SHA256 |
✔ |
✔ |
✔ |
– |
– |
|
|
ECDHE-RSA-AES128-SHA |
✔ |
✔ |
✔ |
✔ |
✔ |
|
|
ECDHE-RSA-AES256-SHA |
✔ |
✔ |
✔ |
✔ |
✔ |
|
|
AES128-SHA |
✔ |
✔ |
✔ |
– |
– |
|
|
AES256-SHA |
✔ |
✔ |
✔ |
– |
– |
|
|
DES-CBC3-SHA |
✔ |
✔ |
✔ |
– |
– |
|
|
TLS_AES_128_GCM_SHA256 |
– |
– |
– |
– |
✔ |
|
|
TLS_AES_256_GCM_SHA384 |
– |
– |
– |
– |
✔ |
|
|
TLS_CHACHA20_POLY1305_SHA256 |
– |
– |
– |
– |
✔ |
|
|
TLS_AES_128_CCM_SHA256 |
– |
– |
– |
– |
✔ |
|
|
TLS_AES_128_CCM_8_SHA256 |
– |
– |
– |
– |
✔ |
|
|
ECDHE-ECDSA-AES128-GCM-SHA256 |
– |
– |
– |
– |
✔ |
|
|
ECDHE-ECDSA-AES256-GCM-SHA384 |
– |
– |
– |
– |
✔ |
|
|
ECDHE-ECDSA-AES128-SHA256 |
– |
– |
– |
– |
✔ |
|
|
ECDHE-ECDSA-AES256-SHA384 |
– |
– |
– |
– |
✔ |
|
|
ECDHE-ECDSA-AES128-SHA |
– |
– |
– |
– |
✔ |
|
|
ECDHE-ECDSA-AES256-SHA |
– |
– |
– |
– |
✔ |
|
说明
上表中的✔表示支持,-表示不支持。
内容没看懂? 不太想学习?想快速解决? 有偿解决: 联系专家
阿里云企业补贴进行中: 马上申请
腾讯云限时活动1折起,即将结束: 马上收藏
同尘科技为腾讯云授权服务中心。
购买腾讯云产品享受折上折,更有现金返利:同意关联,立享优惠
转转请注明出处:https://www.yunxiaoer.com/169782.html