tencent cloud

Tencent Cloud EdgeOne

DocumentationTencent Cloud EdgeOneDomain Service&Origin ConfigurationHTTPS CertificateHTTPS ConfigurationSSL/TLS Security ConfigurationTLS Versions and Cipher Suites

TLS Versions and Cipher Suites

PDF
Focus Mode
Font Size
Last updated: 2026-04-23 16:47:21
This article introduces EdgeOne's support for protocol versions and cipher suites allowed during TLS handshakes.

What are TLS protocol versions?

The TLS (Transport Layer Security) protocol is a security protocol used for encrypting network communications. As the successor to the SSL (Secure Sockets Layer) protocol, it enables encrypted communication between client/server applications. The TLS protocol has multiple versions, including TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3. TLS 1.3 is the latest version, offering more secure and efficient encryption mechanisms.

What is a cipher suite?

A cipher suite is a set of cryptographic algorithms used for secure connections in the Transport Layer Security (TLS) protocol. A TLS cipher suite comprises three components: authentication, encryption, and Message Authentication Code (MAC), which collectively ensure security and reliability by protecting transmitted data from third-party interception. During the TLS handshake process, the client and server negotiate a mutually supported cipher suite (based on their respective lists of supported cipher suites) to enable encrypted communication between them.

Use Cases

EdgeOne enables all TLS versions by default, with the cipher suite set to eo-loose-v2023, which meets the requirements of most customers. If you have higher security requirements, you can customize the settings:
Business Scenario
TLS version
cipher suite
Focus on compatibility with older browser versions, where security requirements can be appropriately relaxed.
1.0,1.1,1.2
eo-loose-v2023
Browser compatibility and security need to be balanced, with both achieving a moderate level.
1.2,1.3
eo-general-v2023
High security requirements allow for reduced browser compatibility. All TLS versions and cipher suites that may pose security vulnerabilities need to be disabled.
1.2,1.3
eo-strict-v2023

Supported TLS Protocol Versions and Cipher Suites in EdgeOne

EdgeOne supported TLS versions are as follows:
TLS 1.0
TLS 1.1
TLS 1.2
TLS 1.3
OpenSSL cipher suites
TLS 1.3
TLS 1.2
TLS 1.1
TLS 1.0
TLS_AES_256_GCM_SHA384
-
-
-
TLS_CHACHA20_POLY1305_SHA256
-
-
-
TLS_AES_128_GCM_SHA256
-
-
-
TLS_AES_128_CCM_SHA256
-
-
-
TLS_AES_128_CCM_8_SHA256
-
-
-
ECDHE-ECDSA-AES256-GCM-SHA384
-
-
-
ECDHE-ECDSA-AES128-GCM-SHA256
-
-
-
ECDHE-RSA-AES256-GCM-SHA384
-
-
-
ECDHE-RSA-AES128-GCM-SHA256
-
-
-
ECDHE-ECDSA-CHACHA20-POLY1305
-
-
-
ECDHE-RSA-CHACHA20-POLY1305
-
-
-
ECDHE-ECDSA-AES256-SHA384
-
-
-
ECDHE-ECDSA-AES128-SHA256
-
-
-
ECDHE-RSA-AES256-SHA384
-
-
-
ECDHE-RSA-AES128-SHA256
-
-
-
ECDHE-RSA-AES256-SHA
-
-
ECDHE-RSA-AES128-SHA
-
-
AES256-GCM-SHA384
-
-
-
AES128-GCM-SHA256
-
-
-
AES256-SHA256
-
-
-
AES128-SHA256
-
-
-
AES256-SHA
-
-
AES128-SHA
-
-
EdgeOne supports providing cipher suites of varying strengths based on TLS protocol versions:
eo-strict-v2023: High security requirements, disabling all insecure cipher suites.
eo-general-v2023: Browser compatibility and security need to be balanced, with both achieving a moderate level.
eo-loose-v2023 (default): Focus on compatibility with older browser versions, where security requirements can be appropriately relaxed.
OpenSSL cipher suites
eo-strict-v2023
eo-general-v2023
eo-loose-v2023
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
TLS_AES_128_CCM_SHA256
-
TLS_AES_128_CCM_8_SHA256
-
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305
ECDHE-ECDSA-AES256-SHA384
-
ECDHE-ECDSA-AES128-SHA256
-
ECDHE-RSA-AES256-SHA384
-
ECDHE-RSA-AES128-SHA256
-
ECDHE-RSA-AES256-SHA
-
-
ECDHE-RSA-AES128-SHA
-
-
AES256-GCM-SHA384
-
-
AES128-GCM-SHA256
-
-
AES256-SHA256
-
-
AES128-SHA256
-
-
AES256-SHA
-
-
AES128-SHA
-
-
You can configure TLS versions and cipher suites based on the security and compatibility requirements of your business. The ultimately supported OpenSSL cipher suites are determined by the intersection of the TLS version and cipher suite options. For example:
TLS version TLS 1.3 is enabled, and the cipher suite option eo-strict-v2023 is selected. The ultimately supported OpenSSL cipher suites will be the intersection of TLS 1.3 and eo-strict-v2023: TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256.
Note:
If the edge HTTPS configuration includes a Chinese cryptographic certificate, EdgeOne will additionally support the ECC-SM2-WITH-SM4-SM3 and ECDHE-SM2-WITH-SM4-SM3 cipher suite algorithms.

Learn More


Previous Topic: Configuring SSL/TLS SecurityNext Topic: Enabling OCSP Stapling

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback