TLS protocol and Ciphers for origin connections

Configure your origin server to present only certain ciphers. Fasterize will respect the ciphers presented by servers. The ultimate choice of which cipher is used in connections is determined by the origin server, which you control. Fasterize deliberately offers a large list of ciphers to support customers with specific needs.

We recommend that, if at all possible, you configure your origin server to prefer TLS 1.2 and the ECDHE AES GCM ciphers.

Here is the current configuration of our servers.

Supported TLS Versions : TLS 1.2, TLS 1.1, TLS 1.0

Ciphers supported (preference order)

ECDHE-ECDSA-AES128-GCM-SHA256 
ECDHE-ECDSA-AES256-GCM-SHA384 
ECDHE-RSA-AES128-GCM-SHA256 
ECDHE-RSA-AES256-GCM-SHA384 
AES256-SHA256 
AES128-SHA256 
AES256-SHA 
AES128-SHA 
DES- CBC3-SHA 
ECDHE-ECDSA-AES128-SHA 
ECDHE-ECDSA-AES256-SHA 
ECDHE-RSA-AES128-SHA 
ECDHE-RSA-AES256-SHA 
ECDHE-RSA-DES-CBC3-SHA 
ECDHE-RSA-RC4-SHA 
DHE-RSA -AES128-SHA 
DHE-RSA-AES256-SHA 
RC4-SHA 
RC4-MD5 
ECDHE-ECDSA-DES-CBC3-SHA 
ECDHE-ECDSA-RC4-SHA

TLS SNI enabled

Verification of the SSL certificate of the origin:  this option is currently only configurable via the API. Failure to verify the certificate has serious security implications, including a vulnerability to man-in-the-middle attacks.