Guide
TrainingSupportCommunity

Protocol Downgrade (Legacy)

Suggest Edits

Include this behavior to downgrade from Enhanced TLS certificate (HTTPS L3) security to HTTP for the connection between ​Akamai​ edge servers and your origin server.

How it works

Enable this behavior if you're using an Enhanced TLS certificate (HTTPS L3) and want to serve static objects to the end-user client over HTTPS, but fetch them from the origin via HTTP. This eliminates the need for a secure certificate on your origin server, for requests that originate with an Enhanced TLS certificate.

Implementation

❗️

If you use this version of Protocol Downgrade, you're assuming all liability for all information transferred.

When you implement Protocol Downgrade in Property Manager, you should enclose the behavior in a rule to restrict it to content that is appropriate to transfer over HTTP. This rule can use URL path, query string, filename, file extension or any other property of the request that would identify it as safe to transfer over HTTP.

Protocol Downgrade for Standard TLS

​Akamai​ also offers the Protocol Downgrade (HTTPS Downgrade to Origin) behavior that you can use with various products, including Adaptive Media Delivery (AMD), Download Delivery, and Object Delivery. You can downgrade from a Standard TLS or the ​Akamai​ shared certificate request to HTTP between the origin and a requesting client. Talk to your account representative to see if it's supported for use in your environment.

Restrictions

There are some restrictions that apply to the use of this behavior.

RestrictionDescription

No personally identifiable information

You can't use Protocol Downgrade if you're transferring any data that exposes personally identifiable information (PII).

File type restrictions

You can only apply Protocol Downgrade to media assets with the following file extensions:

m3u8, ts, aac, mp3, vtt, f4m, f4f, bootstrap, ism, csm, ismc, isml, ismv, isma, 3g2, 3gp, aac, asf, avi, dv, f4v, flv, f4a, m4a, m4v, m4p, matroska, mj2, mkv, mov, mp3, mp4, mpeg, mpegts, mpg, mxf, ogg, ts, webm, wmv, jpg, gif, png, ico, bmp

You can't use Protocol Downgrade on any request for HTML, JavaScript, or executable file types.

Forward request content restrictions

The forward HTTP request to the origin will be stripped of all cookies, query strings, and referer information.

Custom certificate restrictions

Any HTTPS connection terminated on the PCI compliant secure network (that is, HTTPS requests using a custom certificate) are first forwarded using the ​Akamai​ shared certificate before going forward to the origin using HTTP. This may result in additional midgress costs. No protocol downgrade is applied directly on the PCI compliant network.

Updated about 1 month ago