Main Settings
With Edge Application, you can choose your application’s delivery protocol and ports. You can also ensure the security of the HTTPS connection between the application and its users with TLS ciphers.
Delivery Protocols
Section titled Delivery Protocols- HTTP: delivers your application using only the HTTP protocol.
- HTTP & HTTPS: delivers your application using both the HTTP and HTTPS protocols.
HTTP/3 support
Section titled HTTP/3 supportIf you choose to deliver your application through HTTP & HTTPS, you can enable HTTP/3 support. Based on the QUIC protocol standard, HTTP/3 provides faster load times and lower latency when compared to previous versions.
When you enable HTTP/3 support, your edge applications can utilize this protocol version in compatible browsers only through HTTP port 80 and HTTPS port 443.
Upon a user’s first request to an edge application with HTTP/3, the handshake and first response will be conducted using TCP and HTTP/1.1 or HTTP/2. The response from this exchange will assign a value to the Alt-Svc header that indicates that the latest version of the protocol is available to the browser. If the browser supports HTTP/3, the QUIC protocol and HTTP/3 will be used, unless the cached response misses or expires.
Ports
Section titled PortsAzion offers a simultaneous multiport solution, which means you can customize through which HTTP and HTTPS ports your application will be delivered to. You must choose at least one port for each protocol, but you can select from all available ports for delivery.
Available ports
Section titled Available ports| HTTP Port | HTTPS Port |
|---|---|
| 80 (default) | 443 (default) |
| 8080 | 8443 |
| 8008 | 9440 |
| 9441 | |
| 9442 | |
| 9443 |
Minimum TLS version
Section titled Minimum TLS versionThe Transport Layer Security (TLS) protocol allows you to encrypt web traffic. The following TLS versions can be used with edge applications:
- TLS 1.0 (deprecated)
- TLS 1.1 (deprecated)
- TLS 1.2
- TLS 1.3
You can choose the minimum version of TLS that’ll be supported by your edge application. By choosing recent versions of the protocol, older devices or browsers might not be able to access the edge application.
Azion blocks TLS Renegotiation and TLS Resumption by default. If you want to customize this setup, contact the Sales team.
TLS Ciphers
Section titled TLS CiphersCiphers are cryptography algorithms utilized to encrypt plaintext into ciphertext, which requires a key to be decrypted. Azion gives you the possibility to change the cipher suite your edge application will use in order to protect your application against TLS attacks.
The cipher suite will determine which cryptographic algorithms will be used in the TLS connections of your edge application. Both client and server will negotiate the cipher suite to securely encrypt and decrypt the data exchanged during the session.
The table below shows the ciphers available in each cipher suite.
| Cipher | TLSv1.2_2018 | TLSv1.2_2019 | TLSv1.2_2021 | TLSv1.3_2022 |
|---|---|---|---|---|
| TLS_AES_128_GCM_SHA256 | ✔︎ | ✔︎ | ✔︎ | ✕ |
| TLS_AES_256_GCM_SHA384 | ✔︎ | ✔︎ | ✔︎ | ✕ |
| TLS_CHACHA20_POLY1305_SHA256 | ✔︎ | ✔︎ | ✔︎ | ✕ |
| ECDHE-ECDSA-AES128-GCM-SHA256 | ✔︎ | ✔︎ | ✔︎ | ✔︎ |
| ECDHE-ECDSA-AES256-GCM-SHA384 | ✔︎ | ✔︎ | ✔︎ | ✔︎ |
| ECDHE-ECDSA-CHACHA20-POLY1305 | ✔︎ | ✔︎ | ✔︎ | ✔︎ |
| ECDHE-RSA-AES128-GCM-SHA256 | ✔︎ | ✔︎ | ✔︎ | ✔︎ |
| ECDHE-RSA-AES256-GCM-SHA384 | ✔︎ | ✔︎ | ✔︎ | ✔︎ |
| ECDHE-RSA-CHACHA20-POLY1305 | ✔︎ | ✔︎ | ✔︎ | ✔︎ |
| ECDHE-ECDSA-AES256-SHA384 | ✔︎ | ✔︎ | ✕ | ✕ |
| ECDHE-ECDSA-AES128-SHA256 | ✔︎ | ✔︎ | ✕ | ✕ |
| ECDHE-RSA-AES128-SHA256 | ✔︎ | ✔︎ | ✕ | ✕ |
| ECDHE-RSA-AES256-SHA384 | ✔︎ | ✔︎ | ✕ | ✕ |
| AES128-SHA256 | ✔︎ | ✕ | ✕ | ✕ |
| AES256-GCM-SHA384 | ✔︎ | ✕ | ✕ | ✕ |
| AES128-GCM-SHA256 | ✔︎ | ✕ | ✕ | ✕ |
Contributors
