The legacy Protocol Downgrade behavior

Property Manager already offers a behavior titled "Protocol Downgrade" that applies to a different use case, and it may be applied in your environment.

This is the legacy version of this behavior, and it's used to downgrade from Enhanced TLS certificate (HTTPS L3) security to HTTP. It requires permission for use, and you need to work with your ‚ÄčAkamai‚Äč account representative to add advanced configuration settings to implement it. If you've never used this behavior, it won't be available for use in your Download Delivery property.

I have Enhanced TLS security and need Protocol Downgrade

The Protocol Downgrade (HTTPS Downgrade to Origin) behavior only supports downgrading from Standard TLS (L1) or our Shared Certificate functionality. If you have an Enhanced TLS (L3) certificate securing your Download Delivery property, you have multiple options:

  • Use this legacy Protocol Downgrade behavior. If you need L3 security, you need to create and apply an L3 certificate to the Download Delivery property, and then work with your Account Representative to get access to the legacy Protocol Downgrade behavior and configure it for your L3 certificate.


If your certificate needs to be PCI compliant, you need to use this method. All other certificate levels offered by ‚ÄčAkamai‚Äč (Standard TLS - L1) are not PCI-compliant.

  • Migrate to Standard TLS and then add Protocol Downgrade (HTTPS Downgrade to Origin). You can migrate from your L3 certificate to L1 and still incorporate non-PCI-compliant HTTPS security. When migrating, you incorporate a Cache Migration Duration. L3 security is applied until it expires and reverts to L1 security. Then, you can apply the Protocol Downgrade (HTTPS Downgrade to Origin) behavior.

  • Create a new Download Delivery property and implement Standard TLS. You can generate a new configuration to deliver your content and apply Standard TLS protection. You can then apply the Protocol Downgrade (HTTPS Downgrade to Origin) behavior.