All Products
Search
Document Center

Server Load Balancer:ListTLSCipherPolicies

Last Updated:Mar 06, 2026

Queries Transport Layer Security (TLS) policies.

Operation description

This operation is unavailable by default. To use it, contact your account manager or submit a ticket. We recommend you use Application Load Balancer (ALB) or Network Load Balancer (NLB) and configure TLS security policies.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

slb:ListTLSCipherPolicies

list

*TLSPolicy

acs:slb:{#regionId}:{#AccountId}:tlspolicy/*

None

None

Request parameters

Parameter

Type

Required

Description

Example

RegionId

string

Yes

The ID of the region where the Classic Load Balancer (CLB) instance is deployed.

You can call the DescribeRegions operation to query the most recent region list.

cn-hangzhou

TLSCipherPolicyId

string

No

The ID of the TLS policy.

tls-bp17elso1h323r****

Name

string

No

The name of the TLS policy. The name must be 2 to 128 characters in length, and can contain letters, digits, periods (.), underscores (_), and hyphens (-). The name must start with a letter.

TLSPolicy-test****

IncludeListener

boolean

No

Specifies whether to return the information about the associated listeners. Valid values:

  • true: returns the information about the associated listeners.

  • false (default): does not return the information about the associated listeners.

false

NextToken

string

No

The token that is used for the next query. Valid values:

  • If this is your first query or no next query is to be sent, ignore this parameter.

  • If a next query is to be sent, set the value to the value of NextToken that is returned from the last call.

FFmyTO70tTpLG6I3FmYAXGKPd****

MaxItems

integer

No

The maximum number of TLS policies to be queried in this call. Valid values: 1 to 100. If you do not set this parameter, the default value 20 is used.

20

Response elements

Element

Type

Description

Example

object

NextToken

string

The token that is used for the next query. Valid values:

  • If NextToken is empty, it indicates that no next query is to be sent.

  • If NextToken is not empty, the value indicates the token that is used for the next query.

FFmyTO70tTpLG6I3FmYAXGKPd****

RequestId

string

The ID of the request.

CEF72CEB-54B6-4AE8-B225-F876FF7BA984

TotalCount

integer

The total number of TLS policies returned.

1000

IsTruncated

boolean

Indicates whether the current page is the last page. Valid values:

  • true: The current page is the last page.

  • false: The current page is not the last page.

false

TLSCipherPolicies

array<object>

The list of TLS policies.

array<object>

Status

string

The status of the TLS policy. Valid values:

  • configuring: The TLS policy is being configured.

  • normal: The TLS policy works as expected.

normal

InstanceId

string

The ID of the TLS policy.

tls-bp17elso1h323r****

Name

string

The name of the TLS policy.

TLSPolicy-test****

CreateTime

integer

The timestamp generated when the TLS policy is created.

1608273800000

RelateListeners

array<object>

The list of associated listeners.

object

Port

integer

The listening port. Valid values: 1 to 65535.

80

Protocol

string

The listening protocol. Valid values:

  • TCP

  • UDP

  • HTTP

  • HTTPS

HTTPS

LoadBalancerId

string

The ID of the CLB instance.

lb-bp1b6c719dfa08ex****

TLSVersions

array

The version of the TLS protocol.

string

The version of the TLS protocol. Valid values: TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3.

TLSv1.0

Ciphers

array

The cipher suites supported by the TLS version.

TLS 1.0 and TLS 1.1 support the following cipher suites:

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-SHA AES256-SHA

  • DES-CBC3-SHA

TLS 1.2 supports the following cipher suites:

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-SHA AES256-SHA

  • DES-CBC3-SHA

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-RSA-AES256-SHA384

  • AES128-GCM-SHA256

  • AES256-GCM-SHA384

  • AES128-SHA256 AES256-SHA256

TLS 1.3 supports the following cipher suites:

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256

  • TLS_AES_128_CCM_SHA256

  • TLS_AES_128_CCM_8_SHA256

string

The cipher suites supported by the TLS version.

The specified cipher suites must be supported by at least one TLS protocol version that you specify. For example, if you set the TLSVersions parameter to TLSv1.3, you must specify cipher suites that are supported by this protocol version.

TLS 1.0 and TLS 1.1 support the following cipher suites:

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-SHA AES256-SHA

  • DES-CBC3-SHA

TLS 1.2 supports the following cipher suites:

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-SHA AES256-SHA

  • DES-CBC3-SHA

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-RSA-AES256-SHA384

  • AES128-GCM-SHA256

  • AES256-GCM-SHA384

  • AES128-SHA256 AES256-SHA256

TLS 1.3 supports the following cipher suites:

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256

  • TLS_AES_128_CCM_SHA256

  • TLS_AES_128_CCM_8_SHA256

ECDHE-ECDSA-AES128-SHA

Examples

Success response

JSON format

{
  "NextToken": "FFmyTO70tTpLG6I3FmYAXGKPd****",
  "RequestId": "CEF72CEB-54B6-4AE8-B225-F876FF7BA984",
  "TotalCount": 1000,
  "IsTruncated": false,
  "TLSCipherPolicies": [
    {
      "Status": "normal",
      "InstanceId": "tls-bp17elso1h323r****",
      "Name": "TLSPolicy-test****",
      "CreateTime": 1608273800000,
      "RelateListeners": [
        {
          "Port": 80,
          "Protocol": "HTTPS",
          "LoadBalancerId": "lb-bp1b6c719dfa08ex****"
        }
      ],
      "TLSVersions": [
        "TLSv1.0"
      ],
      "Ciphers": [
        "ECDHE-ECDSA-AES128-SHA"
      ]
    }
  ]
}

Error codes

HTTP status code

Error code

Error message

Description

400

QueryTokenInvalid

The specified token is invalid.

400

QueryTokenNotExist

The specified token is not exist.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.