Queries the TLS security policies set for a Network Load Balancer (NLB) instance.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes ListSecurityPolicy

The operation that you want to perform. Set the value to ListSecurityPolicy.

SecurityPolicyIds.N String No tls-bp14bb1e7dll4f****

The IDs of the TLS security policies. You can specify at most 20 policy IDs in each call.

SecurityPolicyNames.N String No TLSCipherPolicy

The names of the TLS security policies. You can specify at most 20 policy names.

Tag.N.Key String No Test

The tag keys. You can specify up to 10 tag keys.

It can be at most 64 characters in length, and cannot contain http:// or https://. It must not start with aliyun or acs:.

Tag.N.Value String No Test

The tag values. You can specify up to 10 tag values.

It can be at most 128 characters in length, and cannot contain http:// or https://. It must not start with aliyun or acs:.

ResourceGroupId String No rg-atstuj3rtop****

The ID of the resource group.

NextToken String No FFmyTO70tTpLG6I3FmYAXGKPd****

The token that is used for the next query. Valid values:

  • If this is your first query or no next query is to be sent, ignore this parameter.
  • If a next query is to be sent, set the parameter to the value of NextToken that is returned from the last call.
MaxResults Integer No 20

The number of entries to return on each page. Valid values: 1 to 100. Default value: 20.

RegionId String No cn-hangzhou

The ID of the region where the NLB instance is deployed.

You can call the DescribeRegions operation to query the most recent region list.

Response parameters

Parameter Type Example Description
RequestId String D7A8875F-373A-5F48-8484-25B07A61F2AF

The ID of the request.

SecurityPolicies Array of SecurityPolicie

A list of TLS security policies.

SecurityPolicyId String tls-bp14bb1e7dll4f****

The ID of the TLS security policy.

SecurityPolicyName String TLSCipherPolicy

The name of the TLS security policy.

TlsVersion String TLSv1.0

The supported versions of the TLS protocol. Valid values: TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3.

Ciphers String ECDHE-ECDSA-AES128-SHA

The supported cipher suites, which are determined by the TLS protocol version. You can specify at most 32 cipher suites.

TLS 1.0 and TLS 1.1 support the following cipher suites:

  • ECDHE-ECDSA-AES128-SHA
  • ECDHE-ECDSA-AES256-SHA
  • ECDHE-RSA-AES128-SHA
  • ECDHE-RSA-AES256-SHA
  • AES128-SHA
  • AES256-SHA
  • DES-CBC3-SHA

TLS 1.2 supports the following cipher suites:

  • ECDHE-ECDSA-AES128-SHA
  • ECDHE-ECDSA-AES256-SHA
  • ECDHE-RSA-AES128-SHA
  • ECDHE-RSA-AES256-SHA
  • AES128-SHA
  • AES256-SHA
  • DES-CBC3-SHA
  • ECDHE-ECDSA-AES128-GCM-SHA256
  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-AES128-SHA256
  • ECDHE-ECDSA-AES256-SHA384
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES128-SHA256
  • ECDHE-RSA-AES256-SHA384
  • AES128-GCM-SHA256
  • AES256-GCM-SHA384
  • AES128-SHA256
  • AES256-SHA256

TLS 1.3 supports the following cipher suites:

  • TLS_AES_128_GCM_SHA256
  • TLS_AES_256_GCM_SHA384
  • TLS_CHACHA20_POLY1305_SHA256
  • TLS_AES_128_CCM_SHA256
  • TLS_AES_128_CCM_8_SHA256
RegionId String cn-hangzhou

The ID of the region where the NLB instance is deployed.

Tags Array of Tag

The tags that are added to the NLB instance.

Key String Test

The tag keys. You can specify up to 10 tag keys.

The tag key can be at most 64 characters in length, and cannot contain http:// or https://. The tag key cannot start with aliyun or acs:.

Value String Test

The tag values. You can specify up to 10 tag values.

It can be at most 128 characters in length, and cannot contain http:// or https://. It must not start with aliyun or acs:.

RelatedListeners Array of RelatedListener

The listeners that are associated with the NLB instance.

ListenerId String lsn-bp1bpn0kn908w4nbw****

The ID of the listener.

ListenerPort Long 443

The listening port.

ListenerProtocol String TCPSSL

The listening protocol. Valid value: TCPSSL.

LoadBalancerId String nlb-83ckzc8d4xlp8o****

The ID of the NLB instance.

ResourceGroupId String rg-atstuj3rtop****

The ID of the resource group.

SecurityPolicyStatus String Available

The status of the TLS security policy. Valid values:

  • Configuring: The security policy is being configured.
  • Available: The security policy is available.
TotalCount Integer 10

The number of entries returned.

NextToken String FFmyTO70tTpLG6I3FmYAXGKPd****

The token that is used for the next query. Valid values:

  • If this is your first query or no next query is to be sent, ignore this parameter.
  • If a next query is to be sent, set the parameter to the value of NextToken that is returned from the last call.
MaxResults Integer 20

The number of entries returned per page.

Examples

Sample requests

http(s)://[Endpoint]/?Action=ListSecurityPolicy
&SecurityPolicyIds=["tls-bp14bb1e7dll4f****"]
&SecurityPolicyNames=["TLSCipherPolicy"]
&Tag=[{"Key":"Test","Value":"Test"}]
&ResourceGroupId=rg-atstuj3rtop****
&NextToken=FFmyTO70tTpLG6I3FmYAXGKPd****
&MaxResults=20
&RegionId=cn-hangzhou
&<Common request parameters>

Sample success responses

XML format 

HTTP/1.1 200 OK
Content-Type:application/xml

<ListSecurityPolicyResponse>
    <RequestId>D7A8875F-373A-5F48-8484-25B07A61F2AF</RequestId>
    <SecurityPolicies>
        <SecurityPolicyId>tls-bp14bb1e7dll4f****</SecurityPolicyId>
        <SecurityPolicyName>TLSCipherPolicy</SecurityPolicyName>
        <TlsVersion>TLSv1.0</TlsVersion>
        <Ciphers>ECDHE-ECDSA-AES128-SHA</Ciphers>
        <RegionId>cn-hangzhou</RegionId>
        <Tags>
            <Key>Test</Key>
            <Value>Test</Value>
        </Tags>
        <RelatedListeners>
            <ListenerId>lsn-bp1bpn0kn908w4nbw****</ListenerId>
            <ListenerPort>443</ListenerPort>
            <ListenerProtocol>TCPSSL</ListenerProtocol>
            <LoadBalancerId>nlb-83ckzc8d4xlp8o****</LoadBalancerId>
        </RelatedListeners>
        <ResourceGroupId>rg-atstuj3rtop****</ResourceGroupId>
        <SecurityPolicyStatus>Available</SecurityPolicyStatus>
    </SecurityPolicies>
    <TotalCount>10</TotalCount>
    <NextToken>FFmyTO70tTpLG6I3FmYAXGKPd****</NextToken>
    <MaxResults>20</MaxResults>
</ListSecurityPolicyResponse>

JSON format 

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "D7A8875F-373A-5F48-8484-25B07A61F2AF",
  "SecurityPolicies" : [ {
    "SecurityPolicyId" : "tls-bp14bb1e7dll4f****",
    "SecurityPolicyName" : "TLSCipherPolicy",
    "TlsVersion" : "TLSv1.0",
    "Ciphers" : "ECDHE-ECDSA-AES128-SHA",
    "RegionId" : "cn-hangzhou",
    "Tags" : [ {
      "Key" : "Test",
      "Value" : "Test"
    } ],
    "RelatedListeners" : [ {
      "ListenerId" : "lsn-bp1bpn0kn908w4nbw****",
      "ListenerPort" : 443,
      "ListenerProtocol" : "TCPSSL",
      "LoadBalancerId" : "nlb-83ckzc8d4xlp8o****"
    } ],
    "ResourceGroupId" : "rg-atstuj3rtop****",
    "SecurityPolicyStatus" : "Available"
  } ],
  "TotalCount" : 10,
  "NextToken" : "FFmyTO70tTpLG6I3FmYAXGKPd****",
  "MaxResults" : 20
}

Error codes

For a list of error codes, visit the API Error Center.