tencent cloud

Global Application Acceleration Platform

Release Notes
Product Introduction
Overview
Instance Type Comparison
Product Features
Application Scenarios
Product Specification Limit
Purchase Guide
Billing Overview
Payment Overdue
Quick Start
Getting Started with Global Accelerator
Getting Started with Global Accelerator 2.0
Operation Guide
GAAP
Global Accelerator 2.0
Quota Description
GAAP
Global Accelerator 2.0
API Documentation
History
Introduction
API Category
Rule APIs
Connection Group APIs
Making API Requests
Origin Server APIs
Listener APIs
Connection APIs
Certificate APIs
Other APIs
Data Types
Error Codes
Agreement
GAAP Service Level Agreement
Data Processing And Security Agreement
Privacy Policy
FAQs
Contact Us
Glossary
DocumentationGlobal Application Acceleration PlatformOperation GuideGlobal Accelerator 2.0TLS Security Policy Group

TLS Security Policy Group

PDF
Focus Mode
Font Size
Last updated: 2025-06-30 16:50:21

Overview

Transport Layer Security (TLS ) is an encryption protocol used to ensure the security of network communication. Its predecessor is Secure Sockets Layer (SSL). Through encryption, identity authentication, and data integrity protection, TLS ensures that data transmission between a client (such as a browser) and a server is not eavesdropped or tampered with. It is widely used in scenarios such as HTTPS, email, and VPN, and is an industry standard for secret communication over the Internet. The TLS protocol has undergone multiple iterations of versions, and each version has shown improvements in security and performance:
TLS 1.0 (1999): The first version. It is based on SSL 3.0, but has security vulnerabilities (such as being vulnerable to BEAST attacks). It has been gradually phased out.
TLS 1.1 (2006): Some vulnerabilities of TLS 1.0 are fixed, but this version still uses weak encryption algorithms (such as SHA-1). Currently, it is not recommended for use either.
TLS 1.2 (2008): The mainstream version. It supports stronger encryption algorithms (such as AES-GCM and SHA-256) and provides better security and efficiency.
TLS 1.3 (2018): The latest version. It simplifies the handshake process (reduces latency), removes insecure algorithms (such as RC4), and mandatorily uses Perfect Forward Secrecy (PFS). It has the highest security.
A cipher suite is a set of algorithms negotiated during the TLS handshake, and is used to define the encryption, identity authentication, and key exchange methods. When creating an HTTPS listener, you can select a TLS security policy group as needed. Different security policy groups have different levels of support for TLS versions and cipher suite packages. The details are as follows:
TLS Security Policy Group
Supported TLS Version
Supported Cipher Suite
tls_policy_1.0-2
TLSv1.0, TLSv1.1, and TLSv1.2
ECDHE-RSA-AES128-GCM-SHA256

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-RSA-AES128-SHA256

ECDHE-RSA-AES256-SHA384

AES128-GCM-SHA256

AES256-GCM-SHA384

AES128-SHA256

AES256-SHA256

ECDHE-RSA-AES128-SHA

ECDHE-RSA-AES256-SHA

AES128-SHA

AES256-SHA

DES-CBC3-SHA
tls_policy_1.1-2
TLSv1.1 and TLSv1.2
ECDHE-RSA-AES128-GCM-SHA256

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-RSA-AES128-SHA256

ECDHE-RSA-AES256-SHA384

AES128-GCM-SHA256

AES256-GCM-SHA384

AES128-SHA256

AES256-SHA256

ECDHE-RSA-AES128-SHA

ECDHE-RSA-AES256-SHA

AES128-SHA

AES256-SHA

DES-CBC3-SHA
tls_policy_1.2
TLSv1.2
ECDHE-RSA-AES128-GCM-SHA256

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-RSA-AES128-SHA256

ECDHE-RSA-AES256-SHA384

AES128-GCM-SHA256

AES256-GCM-SHA384

AES128-SHA256

AES256-SHA256

ECDHE-RSA-AES128-SHA

ECDHE-RSA-AES256-SHA

AES128-SHA

AES256-SHA

DES-CBC3-SHA
tls_policy_1.2_strict
TLSv1.2
ECDHE-RSA-AES128-GCM-SHA256

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-RSA-AES128-SHA256

ECDHE-RSA-AES256-SHA384

ECDHE-RSA-AES128-SHA

ECDHE-RSA-AES256-SHA
tls_policy_1.2_strict-1.3
TLSv1.2 and TLSv1.3
TLS_AES_128_GCM_SHA256

TLS_AES_256_GCM_SHA384

TLS_CHACHA20_POLY1305_SHA256

TLS_AES_128_CCM_SHA256

TLS_AES_128_CCM_8_SHA256

ECDHE-ECDSA-AES128-GCM-SHA256

ECDHE-ECDSA-AES256-GCM-SHA384

ECDHE-ECDSA-AES128-SHA256

ECDHE-ECDSA-AES256-SHA384

ECDHE-RSA-AES128-GCM-SHA256

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-RSA-AES128-SHA256

ECDHE-RSA-AES256-SHA384

ECDHE-ECDSA-AES128-SHA

ECDHE-ECDSA-AES256-SHA

ECDHE-RSA-AES128-SHA

ECDHE-RSA-AES256-SHA

Documentation



Previous Topic: Access ControlNext Topic: GAAP

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback