.svg?format=pjpg&auto=webp)
.svg?format=pjpg&auto=webp)
.png?format=pjpg&auto=webp)
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.png?format=pjpg&auto=webp)
.svg?format=pjpg&auto=webp){kind=icon}
Traffic Encryption
Contentstack Launch ensures secure, encrypted connections for all deployments with built-in HTTPS and TLS support.
HTTPS Support
All deployments in Launch are served over HTTPS by default. Launch automatically provisions and manages secure SSL certificates to protect your applications. You can also bring your own certificate if needed.
Automatic HTTPS Redirection
Launch automatically redirects all incoming HTTP requests to HTTPS using the HTTP 308 Permanent Redirect status code.
This redirection is enforced and cannot be disabled, following industry best practices for secure content delivery. It helps protect end-user data and ensures privacy throughout the browsing experience.
TLS Support
Launch supports the following modern and secure versions of the Transport Layer Security (TLS) protocol to ensure data integrity and confidentiality:
- TLS 1.2
- TLS 1.3
Supported Cipher Suites
To maintain broad client compatibility, Launch supports a wide set of cipher suites.
Supported Cipher Suites (Legacy)
TLS 1.3:
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
TLS 1.2:
- AES128-GCM-SHA256
- AES128-SHA256
- AES256-GCM-SHA384
- AES256-SHA256
- ECDHE-ECDSA-AES128-SHA
- ECDHE-RSA-AES128-SHA
- AES128-SHA
- ECDHE-RSA-AES256-SHA
- AES256-SHA
- DES-CBC3-SHA
Note: Launch will adopt a compatibility-focused cipher suite configuration starting September 8, 2025 to strengthen security and align with modern TLS best practices.
Upcoming Cipher Suite Policy Update
This update will:
- Remove support for older, weaker cipher suites (for example, RSA + CBC-based).
- Retain support for strong, widely supported ECDHE ciphers.
Supported Cipher Suites (Effective September 8, 2025)
TLS 1.3:
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
TLS 1.2:
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-ECDSA-CHACHA20-POLY1305
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-CHACHA20-POLY1305
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-SHA256
- ECDHE-RSA-AES128-SHA256
- ECDHE-ECDSA-AES256-SHA384
- ECDHE-RSA-AES256-SHA384
Note: This configuration follows Mozilla’s recommended cipher suite policy.
More articles in "Launch Features"
