A comparison of TLS offerings
The table here offers a comparison of the TLS offerings available.
Note: Consider the following points:
- Specific details may vary in corner cases and for older products not listed. Check with your account team to confirm details. Security properties listed below should be taken as rough suggestions and may not apply for all particular scenarios.
- All that is listed below is also supported with plain text HTTP requests to the same hostname. No security properties are obtained unless HTTP traffic is redirected to HTTPS. Once HTTPS-only is committed to, HSTS can be used to indicate to clients that HTTP is no longer supported (but there is no going back!).
|Support/feature||Enhanced TLS||Standard TLS||Shared Certificate||HTTP, Only|
|Supports HTTPS to encrypt data in transit and validate the identity of the delivery server using TLS certificates. Prevents network-based attackers (such as malware on open Wi-Fi) from viewing and modifying HTTPS requests and responses.|
|Engineered to meet the high-security demands of banking, e-commerce, healthcare, and similar industries for protecting data in-transit, while also providing high-performance, scale, and a global footprint.|
|Engineered to provide high-performance, and massively scalable delivery of media assets as well as many types of websites.|
|Enables web browsers to indicate that a page is “secure” (such as by a lock icon in the browser address bar) when all page resources are delivered over HTTPS.|
|TLS server certificate private keys managed securely to protect against loss.||N/A|
|Support for some very old or custom clients that do not send TLS SNI (Server Name Indication).||(with VIP cert)||N/A|
|HTTPS traffic supports Compliance Management for FedRAMP, HIPAA, ISO 27002, PCI and SOC2. Note that additional configuration constraints may apply.|
|Uses a common/default Akamai certificate that supports clients which do not send SNI.|
|Includes a DV SAN SNI certificate by default, with other SNI certificate types available as add-ons.|
|Included with products: Ion, DSA, DSD, AMD, Download Delivery, Object Delivery, and ACE.|
|Supports IPv6+IPv4 dual-stack and uses it as the default for new configurations.|
|Supports protocol downgrade from HTTPS to HTTP (with restrictions and limitations).||Strongly discouraged and additional limitations apply.||N/A|
|Supports China CDN (Additional terms apply).|
|Supports delivery within Russia.||Only with “Russia CDN Secure” opt-in.|
|Supports Edge IP Binding.|
|Supports Client Access Control.|
|Supports ESN Staging.|
|Supports “Instant Config” / MDC.|