Release Notes
Security Announcement
Announcements
Feature | Description |
Edge HTTPS certificates enable users to securely communicate with EdgeOne edge nodes via HTTPS when accessing the current domain name. Currently, EdgeOne supports configuring Edge HTTPS certificates in the following ways. Tencent Cloud SSL Certificates: If you already have a domain name certificate, you can deploy the certificate uploaded to the Tencent Cloud SSL console to an EdgeOne edge node. You can deploy at most one RSA, ECC, or SM2 certificate to the EdgeOne node simultaneously. Applying for Free Certificates: If you have not yet purchased SSL certificates, you can use EdgeOne to automatically complete the application, deployment, and renewal of free certificates, so as to reduce the operational workload. The currently applied free certificates are RSA certificates from TrustAsia or Let’s Encrypt. Keyless Certificate: Keyless certificate allows users to upload only the certificate public key to Tencent Cloud SSL Certificate, and maintain the certificate private key through deploying a private server, suitable for customers with stricter security requirements for certificate management. | |
Edge mutual authentication means that during the communication process, both the client and the server need to prove their identities to each other. This is typically used in scenarios with high security requirements, such as corporate internal networks or financial transactions. EdgeOne supports enabling mutual authentication within edge nodes and requires the client to carry a trusted client certificate for verification during access, so as to further enhance the security of communication. | |
When using HTTPS handshake for origin-pull, you can customize the verification method for the origin server certificate, further enhancing the security of origin-pull HTTPS handshake and preventing traffic hijacking. | |
Forced HTTPS access can redirect client HTTP requests to HTTPS via 301/302 and ultimately access EdgeOne via HTTPS, so as to ensure that all clients initiate requests to the EdgeOne node via HTTPS and ensure the security of communication. | |
HTTP Strict Transport Security (HSTS) is a web security protocol promoted by the Internet Engineering Task Force (IETF). The protocol is used to instruct web browsers to access a site over the more secure HTTPS protocol. You can configure HSTS to improve the security and credibility of your website if you have any of the following needs: to prevent malicious attackers from stealing sensitive user information through man-in-the-middle attacks, to comply with data privacy protection regulations, or to enhance users' trust in your website. | |
When HTTPS access is enabled for your website, EdgeOne supports multiple SSL/TLS versions to ensure compatibility with different user terminals by default. Normally, you do not need to modify this configuration. However, if your website requires a high level of security and you need to prevent users from accessing your website through less secure SSL/TLS versions, you can customize this configuration by specifying the required SSL/TLS versions. | |
Online Certificate Status Protocol (OCSP) is provided by certificate authorities (CAs) to check the authenticity and validity of digital certificates. Whenever a user accesses a website over HTTPS, the browser initiates an OCSP query to verify whether the certificate of the website is still valid. When OCSP stapling is enabled, EdgeOne performs OCSP queries and caches the results on servers. When a client initiates a TLS handshake with EdgeOne, EdgeOne responds with the OCSP information and certificate required for verification so that the client does not need to send a query request to the CA. This significantly improves the efficiency of the TLS handshake, reduces the time for verification, and improves the HTTPS request speed. |
Was this page helpful?
You can also Contact sales or Submit a Ticket for help.
Help us improve! Rate your documentation experience in 5 mins.
Feedback