All Products
Search

This Product

    API Gateway:HTTPS security policies

    Document Center

    API Gateway:HTTPS security policies

    Last Updated:Jun 25, 2025

    This topic introduces the HTTPS security policies supported by API Gateway.

    Configure an HTTPS security policy for an API group

    API Gateway allows you to configure HTTPS security policies for an API group, provided that you have bound an independent domain name and a Secure Sockets Layer (SSL) certificate to the API group. API Gateway supports the HTTPS1_1_TLS1_0, HTTPS2_TLS1_0, and HTTPS2_TLS1_2 security policies. Note that each region supports different security policies. To view which security policies are supported in the region where an API group resides, log on to the API Gateway console and go to the Group Details page of the API group.

    Supported HTTPS security policies

    HTTPS1_1_TLS1_0

    • An HTTP/1.1 protocol.

    • Supported Transport Layer Security (TLS) protocol versions: TLS 1.0, TLS 1.1, and TLS 1.2.

    • Supported encryption algorithm suite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!RC4:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS;

    HTTPS2_TLS1_0

    • An HTTP/2 protocol.

      Note

      HTTP/2 converts all header keys to lowercase.

    • Supported TLS protocol versions: TLS 1.0, TLS 1.1, and TLS 1.2.

    • Supported encryption algorithm suite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!RC4:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS;

    HTTPS2_TLS1_2

    • An HTTP/2 protocol.

      Note

      HTTP/2 converts all header keys to lowercase.

    • Supported TLS protocol version: TLS 1.2.

      Note

      After you configure this security policy for an API group, a client can call an API operation in the API group only if the client supports TLS 1.2.

    • Supported encryption algorithm suite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE:!3DES;

    HTTPS2_TLS1_3

    • An HTTP/2 protocol.

      Note

      HTTP/2 converts all header keys to lowercase.

    • Supported TLS protocol versions: TLS 1.2 and TLS 1.3.

    • Supported encryption algorithm suite: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;