> ## Documentation Index
> Fetch the complete documentation index at: https://www.aptible.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.
# HTTPS Protocols
Aptible allows you to configure the protocols and ciphers used by your [HTTP(S) Endpoints](/core-concepts/apps/connecting-to-apps/app-endpoints/https-endpoints/overview) for HTTPS termination using a single configuration setting. This is configured per endpoint, allowing each endpoint to have independent protocol configuration.
# SSL Protocols Override
The SSL Protocols Override setting lets you customize the SSL/TLS protocols allowed on your Endpoint.
* For ALB Endpoints: you can choose from these 8 combinations:
* `TLSv1 TLSv1.1 TLSv1.2` (default)
* `TLSv1 TLSv1.1 TLSv1.2 PFS`
* `TLSv1.1 TLSv1.2`
* `TLSv1.1 TLSv1.2 PFS`
* `TLSv1.2`
* `TLSv1.2 PFS`
* `TLSv1.2 PFS TLSv1.3` (see note below comparing ciphers to `TLSv1.2 PFS`)
* `TLSv1.3`
The ciphers used becomes more restrictive and secure when choosing only newer TLS versions, and choosing options with "PFS".
`PFS` ensures your Endpoint's ciphersuites support perfect forward secrecy on TLSv1.2 or earlier. TLSv1.3 natively includes perfect forward secrecy.
Note for `TLSv1.2 PFS TLSv1.3`, compared to ciphers for `TLSv1.2 PFS`, this adds `TLSv1.3` ciphers and omits the following:
* ECDHE-ECDSA-AES128-SHA
* ECDHE-RSA-AES128-SHA
* ECDHE-RSA-AES256-SHA
* ECDHE-ECDSA-AES256-SHA
# Examples
## Configuring Allowed SSL Protocols
```shell theme={null}
aptible endpoints:https:modify --app "$APP_HANDLE" "$ENDPOINT_HOSTNAME" \
--ssl-protocols-override "TLSv1.1 TLSv1.2"
```
In Terraform, set `ssl_protocols_override` on the `aptible_endpoint` resource (see [Endpoint Settings](/reference/terraform#endpoint-settings)).
**Migrating from environment variables:** This setting wa previously configured via the `SSL_PROTOCOLS_OVERRIDE`, app configuration variables. Once your endpoints are configured, unset them from your app using `aptible config:unset`.