TLS Security Policy Group
Last updated: 2025-06-30 16:50:21
Overview
Transport Layer Security (TLS ) is an encryption protocol used to ensure the security of network communication. Its predecessor is Secure Sockets Layer (SSL). Through encryption, identity authentication, and data integrity protection, TLS ensures that data transmission between a client (such as a browser) and a server is not eavesdropped or tampered with. It is widely used in scenarios such as HTTPS, email, and VPN, and is an industry standard for secret communication over the Internet. The TLS protocol has undergone multiple iterations of versions, and each version has shown improvements in security and performance:
TLS 1.0 (1999): The first version. It is based on SSL 3.0, but has security vulnerabilities (such as being vulnerable to BEAST attacks). It has been gradually phased out.
TLS 1.1 (2006): Some vulnerabilities of TLS 1.0 are fixed, but this version still uses weak encryption algorithms (such as SHA-1). Currently, it is not recommended for use either.
TLS 1.2 (2008): The mainstream version. It supports stronger encryption algorithms (such as AES-GCM and SHA-256) and provides better security and efficiency.
TLS 1.3 (2018): The latest version. It simplifies the handshake process (reduces latency), removes insecure algorithms (such as RC4), and mandatorily uses Perfect Forward Secrecy (PFS). It has the highest security.
A cipher suite is a set of algorithms negotiated during the TLS handshake, and is used to define the encryption, identity authentication, and key exchange methods. When creating an HTTPS listener, you can select a TLS security policy group as needed. Different security policy groups have different levels of support for TLS versions and cipher suite packages. The details are as follows:
TLS Security Policy Group | Supported TLS Version | Supported Cipher Suite |
tls_policy_1.0-2 | TLSv1.0, TLSv1.1, and TLSv1.2 | ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA DES-CBC3-SHA |
tls_policy_1.1-2 | TLSv1.1 and TLSv1.2 | ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA DES-CBC3-SHA |
tls_policy_1.2 | TLSv1.2 | ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA DES-CBC3-SHA |
tls_policy_1.2_strict | TLSv1.2 | ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA |
tls_policy_1.2_strict-1.3 | TLSv1.2 and TLSv1.3 | TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_8_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA |
Documentation
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback