Akamai has features on both our Secure and Non-Secure CDN networks, which give you control over the TLS protocol versions that we use when connecting to your origin servers.
Customers can select the TLS versions that Akamai will use when connecting to origin servers. Selecting the TLS versions for origin connections is self-serviceable in Property Manager in the “Origin Server Behavior” section. You may select a specific TLS version to instruct Akamai to use only that version, or list specific versions to use. Use of SNI connections to origin servers is also configurable.
To configure the specific ciphers that Akamai will use when going forward to origin you have two options:
Option 1 (recommended)
Configure your origin server to present only certain ciphers. Akamai will respect the ciphers presented by servers. The ultimate choice of which cipher is used in connections is determined by the origin server, which you control. Akamai deliberately offers a large list of ciphers to support customers with specific needs. We recommend that, if at all possible, you configure your origin server to prefer TLS 1.2 and the ECDHE AES GCM ciphers.
Contact your account representative about professional services assistance in setting up a defined list of ciphers which can connect to your origin. You can select a cipher profile from SSL/TLS Cipher Profiles for Akamai Secure CDN, or you can choose individual ciphers.
Unless configured with a custom cipher list, Akamai Edge Servers will use these ciphers (in the order listed) when going forward to origin:
If you have any question or need support with your origin TLS connections, please reach out to your account team or Akamai Technical Support.