TLS protocol and Ciphers for origin connections

Modified on Fri, 7 Dec, 2018 at 1:34 PM

Configure your origin server to present only certain ciphers. Fasterize will respect the ciphers presented by servers. The ultimate choice of which cipher is used in connections is determined by the origin server, which you control. Fasterize deliberately offers a large list of ciphers to support customers with specific needs.


We recommend that, if at all possible, you configure your origin server to prefer TLS 1.2 and the ECDHE AES GCM ciphers.


Here is the current configuration of our servers.


Supported TLS Versions : TLS 1.2, TLS 1.1, TLS 1.0


Ciphers supported (preference order)


ECDHE-ECDSA-AES128-GCM-SHA256 
ECDHE-ECDSA-AES256-GCM-SHA384 
ECDHE-RSA-AES128-GCM-SHA256 
ECDHE-RSA-AES256-GCM-SHA384 
AES256-SHA256 
AES128-SHA256 
AES256-SHA 
AES128-SHA 
DES- CBC3-SHA 
ECDHE-ECDSA-AES128-SHA 
ECDHE-ECDSA-AES256-SHA 
ECDHE-RSA-AES128-SHA 
ECDHE-RSA-AES256-SHA 
ECDHE-RSA-DES-CBC3-SHA 
ECDHE-RSA-RC4-SHA 
DHE-RSA -AES128-SHA 
DHE-RSA-AES256-SHA 
RC4-SHA 
RC4-MD5 
ECDHE-ECDSA-DES-CBC3-SHA 
ECDHE-ECDSA-RC4-SHA


TLS SNI enabled


Verification of the SSL certificate of the origin:  this option is currently only configurable via the API. Failure to verify the certificate has serious security implications, including a vulnerability to man-in-the-middle attacks. 


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article