检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Configuring TLS Security Policies for Encrypted Communication HTTPS encryption is commonly used for applications that require secure data transmission, such as banks and finance. ELB allows you to use common TLS security policies to secure data transmission.
For more information, see Configuring TLS Security Policies for Encrypted Communication. Idle Timeout (s) Specifies the length of time for a connection to keep alive, in seconds.
Adding an HTTPS Listener Scenarios You can add an HTTPS listener if you require encrypted transmission. Load balancers decrypt HTTPS requests before routing them to backend servers. Once the servers process the requests, they send them back to the load balancers for encryption.
Finally, the load balancers send the encrypted requests to the clients. When you add an HTTPS listener, ensure that the backend subnet of the load balancer has sufficient IP addresses.
For HTTPS listeners, encrypted WebSocket (wss://) is supported by default. Parent topic: Listeners
Authentication Requests for calling an API can be authenticated using either of the following methods: AK/SK authentication: Requests are encrypted using AK/SK pairs. AK/SK authentication is recommended because it is more secure than token authentication.
Security Using Dedicated Load Balancers to Transfer Client IP Address Configuring TLS Security Policies for Encrypted Communication Using SNI Certificates for Access Through Multiple Domain Names Certificate Access Control Protection for Mission-Critical Operations Parent Topic: User
data transmission that can prevent unauthorized access Encryption and decryption performed on load balancers Multiple versions of encryption protocols and cipher suites Web applications that require encrypted transmission Frontend Protocols and Ports Frontend protocols and ports
data transmission that can prevent unauthorized access Encryption and decryption performed on load balancers Multiple versions of encryption protocols and cipher suites Workloads that require encrypted transmission, such as e-commerce and financial services Application listeners
Based on its own configuration and capabilities, the server selects one of the supported compression algorithms to compress the response body and includes Content-Encoding in the response header to notify the client that the response has been encrypted and the encryption algorithm
Custom TLS security policies HTTPS encryption is commonly used for applications that require encrypted data transmission. ELB allows you to use common TLS security policies to secure data transmission.
Installation Reference Install OpenSSL to provide TLS support for QUIC encrypted communication. The OpenSSL version must be 3.5 or later. % git clone --quiet --depth=1 -b openssl-$OPENSSL_VERSION https://github.com/openssl/openssl % cd openssl % .
Server Certificate The existing server certificate Specifies the certificate that will be used by the backend server for SSL handshake negotiation to authenticate clients and ensure encrypted transmission.
Load balancing at Layer 7 provides some advanced features such as encrypted transmission and cookie-based sticky sessions. Supported Supported HTTPS support HTTPS can be used as both the frontend and backend protocol.
After receiving the Server Hello packet from the backend server, the load balancer sends an encrypted HTTP GET request to the backend server (in the format of {Private IP address}:{Health check port}/{Health check path}).
