Configure an HTTPS security policy for an API group

API Gateway allows you to configure HTTPS security policies for an API group, provided that you have bound an independent domain name and a Secure Sockets Layer (SSL) certificate to the API group. API Gateway supports the HTTPS1_1_TLS1_0, HTTPS2_TLS1_0, and HTTPS2_TLS1_2 security policies. Note that each region supports different security policies. To view which security policies are supported in the region where an API group resides, log on to the API Gateway console and go to the Group Details page of the API group.

Supported HTTPS security policies

HTTPS1_1_TLS1_0

  • An HTTP/1.1 protocol.
  • Supported Transport Layer Security (TLS) protocol versions: TLS 1.0, TLS 1.1, and TLS 1.2.
  • Supported encryption algorithm suite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!RC4:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS;

HTTPS2_TLS1_0

  • An HTTP/2 protocol. Note that HTTP/2 converts all header field names to lowercase.
  • Supported TLS protocol versions: TLS 1.0, TLS 1.1, and TLS 1.2.
  • Supported encryption algorithm suite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!RC4:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS;

HTTPS2_TLS1_2

  • An HTTP/2 protocol. Note that HTTP/2 converts all header field names to lowercase.
  • Supported TLS protocol version: TLS 1.2. Note that after you configure this security policy for an API group, a client can call an API operation in the API group only if the client supports TLS 1.2.
  • Supported encryption algorithm suite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE:!3DES;