Skip to main content

Documentation Index

Fetch the complete documentation index at: https://www.aptible.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Aptible allows you to configure the protocols and ciphers used by your HTTP(S) Endpoints for HTTPS termination using a single configuration setting. This is configured per endpoint, allowing each endpoint to have independent protocol configuration.

SSL Protocols Override

The SSL Protocols Override setting lets you customize the SSL/TLS protocols allowed on your Endpoint.
  • For ALB Endpoints: you can choose from these 8 combinations:
    • TLSv1 TLSv1.1 TLSv1.2 (default)
    • TLSv1 TLSv1.1 TLSv1.2 PFS
    • TLSv1.1 TLSv1.2
    • TLSv1.1 TLSv1.2 PFS
    • TLSv1.2
    • TLSv1.2 PFS
    • TLSv1.2 PFS TLSv1.3 (see note below comparing ciphers to TLSv1.2 PFS)
    • TLSv1.3
The ciphers used becomes more restrictive and secure when choosing only newer TLS versions, and choosing options with “PFS”.
PFS ensures your Endpoint’s ciphersuites support perfect forward secrecy on TLSv1.2 or earlier. TLSv1.3 natively includes perfect forward secrecy. Note for TLSv1.2 PFS TLSv1.3, compared to ciphers for TLSv1.2 PFS, this adds TLSv1.3 ciphers and omits the following:
  • ECDHE-ECDSA-AES128-SHA
  • ECDHE-RSA-AES128-SHA
  • ECDHE-RSA-AES256-SHA
  • ECDHE-ECDSA-AES256-SHA

Examples

Configuring Allowed SSL Protocols

aptible endpoints:https:modify --app "$APP_HANDLE" "$ENDPOINT_HOSTNAME" \
        --ssl-protocols-override "TLSv1.1 TLSv1.2"
In Terraform, set ssl_protocols_override on the aptible_endpoint resource (see Endpoint Settings).
Migrating from environment variables: This setting wa previously configured via the SSL_PROTOCOLS_OVERRIDE, app configuration variables. Once your endpoints are configured, unset them from your app using aptible config:unset.