All Products
Search
Document Center

Alibaba Cloud SDK:Configure HTTPS and TLS settings in the SDK

Last Updated:Jun 03, 2026

The Alibaba Cloud SDK V1.0 for Python defaults to HTTP and validates TLS certificates when HTTPS is enabled. Learn how to switch to HTTPS, disable certificate validation for testing, and supply a custom CA certificate for corporate network environments.

Understand the V1.0 SDK defaults

The V1.0 SDK behaves differently from V2.0 SDKs in two key ways:

  • Default protocol is HTTP: The V1.0 SDK does not use HTTPS by default. Unlike V2.0 SDKs, you must explicitly set HTTPS on each request to encrypt data in transit.

  • Certificate validation is enabled by default: When you use HTTPS, the SDK validates the server's TLS certificate automatically.

Set the request protocol

Call set_protocol_type('https') on each request object to enable HTTPS. Because HTTPS is not the SDK default, omitting this call sends the request over HTTP.

from aliyunsdkecs.request.v20140526.DescribeInstancesRequest import DescribeInstancesRequest
from aliyunsdkcore.client import AcsClient

# Initialize the client.
# For credential setup, see the V1.0 SDK documentation.
client = AcsClient(
    region_id='<region_id>',  # The region ID.
)

request = DescribeInstancesRequest()
request.set_protocol_type('https')  # Send this request over HTTPS.

client.do_action_with_exception(request)

Disable TLS certificate validation

Important

Only disable certificate validation in trusted test environments. With verify=False, the SDK accepts any certificate the server presents, ignoring hostname mismatches and expired certificates. This exposes your application to man-in-the-middle attacks. Never use this setting in production.

Set verify=False when initializing AcsClient to disable certificate validation for all requests made by that client.

from aliyunsdkcore.client import AcsClient

# Initialize the client.
# For credential setup, see the V1.0 SDK documentation.
client = AcsClient(
    region_id='<region_id>',  # The region ID.
    verify=False  # Disables certificate validation for all requests from this client.
)

Use a custom CA certificate

In corporate networks where a proxy terminates TLS with its own certificate, pass the path to your CA certificate file to the verify parameter. The file must be in .pem format. This applies to all requests made by the client.

from aliyunsdkcore.client import AcsClient

# Initialize the client.
# For credential setup, see the V1.0 SDK documentation.
client = AcsClient(
    region_id='<region_id>',  # The region ID.
    verify='./cacert.pem'  # Path to your CA certificate file in PEM format.
)