put-bucket-https-config用於為儲存空間(Bucket)開啟或關閉TLS版本設定。
注意事項
阿里雲帳號預設擁有為Bucket開啟或關閉TLS版本設定的許可權。如果您需要通過RAM使用者或者STS的方式進行開啟或關閉,您必須擁有oss:PutBucketHttpsConfig許可權。具體操作,請參見為RAM使用者授予自訂的權限原則。
命令格式
ossutil api put-bucket-https-config --bucket value --https-configuration value [flags]參數 | 類型 | 說明 |
--bucket | string | Bucket名稱。 |
--https-configuration | string | 儲存Content資訊列表的容器。 |
說明
put-bucket-https-config命令對應API介面PutBucketHttpsConfig。關於API中的具體參數含義,請參見PutBucketHttpsConfig。
--https-configuration
--https-configuration配置選項既支援XML文法也支援JSON文法,當選項值包含file://首碼時,表示從檔案中讀取配置。
XML文法:
<HttpsConfiguration> <TLS> <Enable>boolean</Enable> <TLSVersion>string</TLSVersion> ... </TLS> <CipherSuite> <Enable>true</Enable> <StrongCipherSuite>false</StrongCipherSuite> <CustomCipherSuite>ECDHE-ECDSA-AES128-SHA256</CustomCipherSuite> <TLS13CustomCipherSuite>ECDHE-ECDSA-AES256-CCM8</CustomCipherSuite> </CipherSuite> </HttpsConfiguration>JSON文法:
{ "TLS": { "Enable": boolean, "TLSVersion": ["string", ...] }, "CipherSuite": { "Enable": "true", "StrongCipherSuite": "false", "CustomCipherSuite": "ECDHE-ECDSA-AES128-SHA256", "TLS13CustomCipherSuite": "ECDHE-ECDSA-AES256-CCM8" } }
說明
關於支援的全域命令列選項,請參見支援的全域命令列選項。
使用樣本
為儲存空間examplebucket開啟TLS版本設定,TLS版本設定為TLSv1.2、TLSv1.3,並啟用加密套件配置。
使用XML設定檔,https-configuration.xml內容如下:
<?xml version="1.0" encoding="UTF-8"?> <HttpsConfiguration> <TLS> <Enable>true</Enable> <TLSVersion>TLSv1.2</TLSVersion> <TLSVersion>TLSv1.3</TLSVersion> </TLS> <CipherSuite> <Enable>true</Enable> <StrongCipherSuite>false</StrongCipherSuite> <CustomCipherSuite>ECDHE-ECDSA-AES128-SHA256</CustomCipherSuite> <CustomCipherSuite>ECDHE-RSA-AES128-GCM-SHA256</CustomCipherSuite> <CustomCipherSuite>ECDHE-ECDSA-AES256-CCM8</CustomCipherSuite> <TLS13CustomCipherSuite>ECDHE-ECDSA-AES256-CCM8</CustomCipherSuite> <TLS13CustomCipherSuite>ECDHE-ECDSA-AES256-CCM8</CustomCipherSuite> <TLS13CustomCipherSuite>ECDHE-ECDSA-AES256-CCM8</CustomCipherSuite> </CipherSuite> </HttpsConfiguration>命令樣本如下:
ossutil api put-bucket-https-config --bucket examplebucket --https-configuration file://https-configuration.xml使用JSON設定檔,https-configuration.json內容如下:
{ "TLS": { "Enable": "true", "TLSVersion": [ "TLSv1.2", "TLSv1.3" ] }, "CipherSuite": { "Enable": "true", "StrongCipherSuite": "false", "CustomCipherSuite": [ "ECDHE-ECDSA-AES128-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES256-CCM8" ], "TLS13CustomCipherSuite": [ "ECDHE-ECDSA-AES256-CCM8", "ECDHE-ECDSA-AES256-CCM8", "ECDHE-ECDSA-AES256-CCM8" ] } }命令樣本如下:
ossutil api put-bucket-https-config --bucket examplebucket --https-configuration file://https-configuration.json使用JSON配置參數,命令樣本如下:
ossutil api put-bucket-https-config --bucket examplebucket --https-configuration "{\"TLS\":{\"Enable\":\"true\",\"TLSVersion\":[\"TLSv1.2\",\"TLSv1.3\"]},\"CipherSuite\":{\"Enable\":\"true\",\"StrongCipherSuite\":\"false\",\"CustomCipherSuite\":[\"ECDHE-ECDSA-AES128-SHA256\",\"ECDHE-RSA-AES128-GCM-SHA256\",\"ECDHE-ECDSA-AES256-CCM8\"],\"TLS13CustomCipherSuite\":[\"ECDHE-ECDSA-AES256-CCM8\",\"ECDHE-ECDSA-AES256-CCM8\",\"ECDHE-ECDSA-AES256-CCM8\"]}}"