PutBucketHttpsConfig
Configures TLS versions and cipher suites for a bucket.
Usage notes
-
This operation requires the
oss:PutBucketHttpsConfigpermission. For more information, see Grant custom permissions to a RAM user. -
Each region has its own endpoints for accessing OSS. For more information about the mappings between regions and endpoints, see Endpoints and data centers.
Request syntax
PUT /?httpsConfig HTTP/1.1
Date: GMT Date
Authorization: SignatureValue
Host: BucketName.oss-cn-hangzhou.aliyuncs.com
<?xml version="1.0" encoding="UTF-8"?>
<HttpsConfiguration>
<TLS>
<Enable>true</Enable>
<TLSVersion>TLSv1.2</TLSVersion>
<TLSVersion>TLSv1.3</TLSVersion>
</TLS>
<CipherSuite>
<Enable>true</Enable>
<StrongCipherSuite>false</StrongCipherSuite>
<CustomCipherSuite>ECDHE-ECDSA-AES128-SHA256</CustomCipherSuite>
<TLS13CustomCipherSuite>ECDHE-ECDSA-AES256-CCM8</CustomCipherSuite>
</CipherSuite>
</HttpsConfiguration>
Request headers
A PutBucketHttpsConfig request uses only common request headers. For more information, see Common request headers.
Request elements
|
Name |
Type |
Required |
Example |
Description |
|
HttpsConfiguration |
The container |
Yes |
None |
The container that stores HTTPS configurations. Parent nodes: none |
|
TLS |
The container |
Yes |
None |
The container that stores TLS version configurations. Parent nodes: HttpsConfiguration |
|
Enable |
Boolean |
Yes |
true |
Specifies whether to enable TLS version control for the bucket. Valid values:
Parent nodes: TLS |
|
TLSVersion |
string |
Optional |
TLSv1.2 |
The TLS version. Required only when Enable is set to true. Valid values:
For more information about TLS version scenarios and descriptions, see TLS version description. Parent nodes: TLS |
|
CipherSuite |
The container |
Optional |
None |
The container for cipher suite configurations. Parent nodes: HttpsConfiguration |
|
Enable |
Boolean |
Optional |
true |
Specifies whether to enable cipher suite configuration. Valid values:
Parent nodes: CipherSuite |
|
StrongCipherSuite |
Boolean |
Optional |
false |
Specifies whether to use strong cipher suites. Valid values:
Parent nodes: CipherSuite |
|
CustomCipherSuite |
string |
Optional |
ECDHE-ECDSA-AES128-SHA256 |
The custom cipher suites. You can specify multiple suites. For supported values, see configure custom encryption algorithm suites for TLS 1.2. Parent nodes: CipherSuite |
|
TLS13CustomCipherSuite |
string |
Optional |
ECDHE-ECDSA-AES256-CCM8 |
The custom cipher suites for TLS 1.3. You can specify multiple suites. For supported values, see configure custom encryption algorithm suites for TLS 1.3. Parent nodes: CipherSuite |
Response headers
The response uses only common response headers. For more information, see Common response headers.
Examples
-
Sample request
PUT /?httpsConfig HTTP/1.1 Date: Thu, 17 Apr 2025 08:40:17 GMT Authorization: OSS4-HMAC-SHA256 Credential=LTAI********************/20250417/cn-hangzhou/oss/aliyun_v4_request,Signature=a7c3554c729d71929e0b84489addee6b2e8d5cb48595adfc51868c299c0c218e Host: oss-example.oss-cn-hangzhou.aliyuncs.com <?xml version="1.0" encoding="UTF-8"?> <HttpsConfiguration> <TLS> <Enable>true</Enable> <TLSVersion>TLSv1.2</TLSVersion> <TLSVersion>TLSv1.3</TLSVersion> </TLS> <CipherSuite> <Enable>true</Enable> <StrongCipherSuite>false</StrongCipherSuite> <CustomCipherSuite>ECDHE-ECDSA-AES128-SHA256</CustomCipherSuite> <CustomCipherSuite>ECDHE-RSA-AES128-GCM-SHA256</CustomCipherSuite> <CustomCipherSuite>ECDHE-ECDSA-AES256-CCM8</CustomCipherSuite> <TLS13CustomCipherSuite>ECDHE-ECDSA-AES256-CCM8</CustomCipherSuite> <TLS13CustomCipherSuite>ECDHE-ECDSA-AES256-CCM8</CustomCipherSuite> <TLS13CustomCipherSuite>ECDHE-ECDSA-AES256-CCM8</CustomCipherSuite> </CipherSuite> </HttpsConfiguration> -
Sample response
HTTP/1.1 200 OK x-oss-request-id: 534B371674E88A4D8906**** Date: Wed, 16 Aug 2023 15:56:37 GMT Content-Length: 0 Connection: keep-alive Server: AliyunOSS
Command-line tool ossutil
For the ossutil command that corresponds to this operation, see put-bucket-https-config.