put-bucket-https-config enables or disables the Transport Layer Security (TLS) version management for a bucket.
Notes
By default, an Alibaba Cloud account has the permissions to enable or disable TLS version management for a bucket. If you want to enable or disable TLS version management as a RAM user or by using Security Token Service (STS), you must have the oss:PutBucketHttpsConfig permission. For more information, see Grant custom permissions to a RAM user.
Command syntax
ossutil api put-bucket-https-config --bucket value --https-configuration value [flags]Parameter | Type | Description |
--bucket | string | The name of the bucket. |
--https-configuration | string | The container that stores the TLS version configurations. |
The put-bucket-https-config command corresponds to the PutBucketHttpsConfig operation. For more information about the parameters in the API, see PutBucketHttpsConfig.
--https-configuration
The --https-configuration option supports both the XML and JSON formats. If the value of the option contains the file:// prefix, ossutil reads the configurations from the configuration file.
XML format:
<HttpsConfiguration> <TLS> <Enable>boolean</Enable> <TLSVersion>string</TLSVersion> ... </TLS> <CipherSuite> <Enable>true</Enable> <StrongCipherSuite>false</StrongCipherSuite> <CustomCipherSuite>ECDHE-ECDSA-AES128-SHA256</CustomCipherSuite> <TLS13CustomCipherSuite>ECDHE-ECDSA-AES256-CCM8</CustomCipherSuite> </CipherSuite> </HttpsConfiguration>JSON format:
{ "TLS": { "Enable": boolean, "TLSVersion": ["string", ...] }, "CipherSuite": { "Enable": "true", "StrongCipherSuite": "false", "CustomCipherSuite": "ECDHE-ECDSA-AES128-SHA256", "TLS13CustomCipherSuite": "ECDHE-ECDSA-AES256-CCM8" } }
For more information about the supported global command-line options, see Supported global command-line options.
Examples
Enable TLS version management for the bucket named examplebucket, set the TLS versions to TLSv1.2 and TLSv1.3, and enable cipher suite configuration.
Create an XML configuration file named https-configuration.xml and add the following code to the configuration file:
<?xml version="1.0" encoding="UTF-8"?> <HttpsConfiguration> <TLS> <Enable>true</Enable> <TLSVersion>TLSv1.2</TLSVersion> <TLSVersion>TLSv1.3</TLSVersion> </TLS> <CipherSuite> <Enable>true</Enable> <StrongCipherSuite>false</StrongCipherSuite> <CustomCipherSuite>ECDHE-ECDSA-AES128-SHA256</CustomCipherSuite> <CustomCipherSuite>ECDHE-RSA-AES128-GCM-SHA256</CustomCipherSuite> <CustomCipherSuite>ECDHE-ECDSA-AES256-CCM8</CustomCipherSuite> <TLS13CustomCipherSuite>ECDHE-ECDSA-AES256-CCM8</TLS13CustomCipherSuite> <TLS13CustomCipherSuite>ECDHE-ECDSA-AES256-CCM8</TLS13CustomCipherSuite> <TLS13CustomCipherSuite>ECDHE-ECDSA-AES256-CCM8</TLS13CustomCipherSuite> </CipherSuite> </HttpsConfiguration>The following example shows how to use this configuration:
ossutil api put-bucket-https-config --bucket examplebucket --https-configuration file://https-configuration.xmlCreate a JSON configuration file named https-configuration.json and add the following code to the configuration file:
{ "TLS": { "Enable": "true", "TLSVersion": [ "TLSv1.2", "TLSv1.3" ] }, "CipherSuite": { "Enable": "true", "StrongCipherSuite": "false", "CustomCipherSuite": [ "ECDHE-ECDSA-AES128-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES256-CCM8" ], "TLS13CustomCipherSuite": [ "ECDHE-ECDSA-AES256-CCM8", "ECDHE-ECDSA-AES256-CCM8", "ECDHE-ECDSA-AES256-CCM8" ] } }The following example shows how to use this configuration:
ossutil api put-bucket-https-config --bucket examplebucket --https-configuration file://https-configuration.jsonYou can configure parameters directly in the command using JSON format:
ossutil api put-bucket-https-config --bucket examplebucket --https-configuration "{\"TLS\":{\"Enable\":\"true\",\"TLSVersion\":[\"TLSv1.2\",\"TLSv1.3\"]},\"CipherSuite\":{\"Enable\":\"true\",\"StrongCipherSuite\":\"false\",\"CustomCipherSuite\":[\"ECDHE-ECDSA-AES128-SHA256\",\"ECDHE-RSA-AES128-GCM-SHA256\",\"ECDHE-ECDSA-AES256-CCM8\"],\"TLS13CustomCipherSuite\":[\"ECDHE-ECDSA-AES256-CCM8\",\"ECDHE-ECDSA-AES256-CCM8\",\"ECDHE-ECDSA-AES256-CCM8\"]}}"