Google Git
Sign in
apache / apisix-website / refs/heads/asf-site / . / docs / apisix / 3.11 / ssl-protocol / index.html
blob: 0ae6ba34f5d29342a090dc753449f66961a94e2d [file] [log] [blame]
<!doctype html>
<html class="docs-version-3.11" lang="en" dir="ltr">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="ahrefs-site-verification" content="c2f7370ecf46173f4fb25f114e74c97e0a2976d4f02f61c9b00a9d7d34e34698">
<meta name="generator" content="Docusaurus v2.0.0-beta.6">
<link rel="search" type="application/opensearchdescription+xml" title="Apache APISIX® -- Cloud-Native API Gateway and AI Gateway" href="/opensearch.xml">
<script type="application/ld+json">{"@context":"https://schema.org","@type":"WebSite","name":"Apache APISIX","url":"https://apisix.apache.org"}</script>
<script src="https://widget.kapa.ai/kapa-widget.bundle.js" data-website-id="24b59d9a-682e-4c3d-9e83-bf2ee85cdc19" data-project-name="APISIX" data-project-color="#E8442E" data-project-logo="https://static.apiseven.com/202202/apache-apisix.png" data-modal-disclaimer="This is a custom LLM for APISIX with access to all developer documentation, GitHub issues and discussions." data-modal-example-questions="How to set up canary release in APISIX?,How to develop a custom APISIX plugin?,How to use custom NGINX configuration in APISIX?,How to configure mTLS between clients and APISIX?,How to only allow a specific APISIX consumer to access special services or routes?" async></script><title data-react-helmet="true">SSL Protocol | Apache APISIX® -- Cloud-Native API Gateway and AI Gateway</title><meta data-react-helmet="true" property="og:image" content="https://static.apiseven.com/202202/apache-apisix.png"><meta data-react-helmet="true" name="twitter:image" content="https://static.apiseven.com/202202/apache-apisix.png"><meta data-react-helmet="true" property="og:url" content="https://apisix.apache.org/docs/apisix/3.11/ssl-protocol/"><meta data-react-helmet="true" name="docsearch:language" content="en"><meta data-react-helmet="true" name="docsearch:version" content="3.11"><meta data-react-helmet="true" name="docsearch:docusaurus_tag" content="docs-docs-apisix-3.11"><meta data-react-helmet="true" name="robots" content="index,follow"><meta data-react-helmet="true" name="twitter:card" content="summary"><meta data-react-helmet="true" property="og:title" content="SSL Protocol | Apache APISIX® -- Cloud-Native API Gateway and AI Gateway"><meta data-react-helmet="true" name="description" content="APISIX supports set TLS protocol and also supports dynamically specifying different TLS protocol versions for each SNI."><meta data-react-helmet="true" property="og:description" content="APISIX supports set TLS protocol and also supports dynamically specifying different TLS protocol versions for each SNI."><link data-react-helmet="true" rel="shortcut icon" href="https://static.apiseven.com/202202/favicon.png"><link data-react-helmet="true" rel="canonical" href="https://apisix.apache.org/docs/apisix/3.11/ssl-protocol/"><link data-react-helmet="true" rel="alternate" href="https://apisix.apache.org/docs/apisix/3.11/ssl-protocol/" hreflang="en"><link data-react-helmet="true" rel="alternate" href="https://apisix.apache.org/zh/docs/apisix/3.11/ssl-protocol/" hreflang="zh"><link data-react-helmet="true" rel="alternate" href="https://apisix.apache.org/docs/apisix/3.11/ssl-protocol/" hreflang="x-default"><link data-react-helmet="true" rel="preconnect" href="https://38VC84A2WJ-dsn.algolia.net" crossorigin="anonymous"><link rel="preload" href="https://static.apiseven.com/202202/MaisonNeue-Medium.otf" as="font" type="font/otf" crossorigin>
<link rel="preload" href="https://static.apiseven.com/202202/MaisonNeue-Bold.otf" as="font" type="font/otf" crossorigin>
<link rel="preload" href="https://static.apiseven.com/202202/MaisonNeue-Light.otf" as="font" type="font/otf" crossorigin>
<link rel="preload" href="https://static.apiseven.com/202202/MaisonNeue-Demi.otf" as="font" type="font/otf" crossorigin>
<link rel="preload" href="https://static.apiseven.com/202202/MaisonNeue-ExtraBold.otf" as="font" type="font/otf" crossorigin>
<link rel="preload" href="https://apisix-website-static.apiseven.com/assets/js/runtime~main.4cace94d.js" as="script">
<link rel="preload" href="https://apisix-website-static.apiseven.com/assets/js/main.94a341ac.js" as="script">
<link rel="stylesheet" href="https://apisix-website-static.apiseven.com/assets/css/styles.8de0825e.css">
<script>var _paq=window._paq=window._paq||[];_paq.push(["disableCookies"]),_paq.push(["trackPageView"]),_paq.push(["enableLinkTracking"]),function(){var a="https://analytics.apache.org/";_paq.push(["setTrackerUrl",a+"matomo.php"]),_paq.push(["setSiteId","17"]);var e=document,p=e.createElement("script"),t=e.getElementsByTagName("script")[0];p.async=!0,p.src=a+"matomo.js",t.parentNode.insertBefore(p,t)}()</script>
</head>
<body>
<script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}(),document.documentElement.setAttribute("data-announcement-bar-initially-dismissed",function(){try{return"true"===localStorage.getItem("docusaurus.announcement.dismiss")}catch(t){}return!1}())</script><div id="__docusaurus">
<div><a href="#" class="skipToContent_OuoZ">Skip to main content</a></div><div class="announcementBar_axC9" style="background-color:#e8433e;color:white" role="banner"><div class="announcementBarPlaceholder_xYHE"></div><div class="announcementBarContent_6uhP">🤔 Introducing APISIX AI Gateway – Built for LLMs and AI workloads. <a target="_blank" rel="noopener noreferrer" href="/ai-gateway/"> Learn More</a></div><button type="button" class="clean-btn close announcementBarClose_A3A1" aria-label="Close"><svg viewBox="0 0 24 24" width="14" height="14" fill="currentColor"><path d="M24 20.188l-8.315-8.209 8.2-8.282-3.697-3.697-8.212 8.318-8.31-8.203-3.666 3.666 8.321 8.24-8.206 8.313 3.666 3.666 8.237-8.318 8.285 8.203z"></path></svg></button></div><nav class="navbar navbar--fixed-top navbarHideable_RReh"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Navigation bar toggle" class="navbar__toggle clean-btn" type="button" tabindex="0"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a target="_parent" class="navbar__brand" href="/"><img src="/img/logo2.svg" alt="Apache APISIX®" class="themedImage_TMUO themedImage--light_4Vu1 navbar__logo"><img src="/img/logo2.svg" alt="Apache APISIX®" class="themedImage_TMUO themedImage--dark_uzRr navbar__logo"><b class="navbar__title">Apache APISIX®</b></a></div><div class="navbar__items navbar__items--right"><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a aria-current="page" class="navbar__link" target="_parent" href="/docs/">Docs</a><ul class="dropdown__menu"><li><a class="dropdown__link" target="_parent" href="/docs/apisix/getting-started/">Apache APISIX®️</a></li><li><a class="dropdown__link" target="_parent" href="/docs/apisix/next/dashboard/">Apache APISIX®️ Dashboard</a></li><li><a class="dropdown__link" target="_parent" href="/docs/ingress-controller/overview/">Apache APISIX®️ Ingress Controller</a></li><li><a class="dropdown__link" target="_parent" href="/docs/helm-chart/apisix/">Apache APISIX®️ Helm Charts</a></li><li><a class="dropdown__link" target="_parent" href="/docs/docker/build/">Apache APISIX®️ Docker</a></li><li><a class="dropdown__link" target="_parent" href="/docs/java-plugin-runner/development/">Apache APISIX®️ Java Plugin Runner</a></li><li><a class="dropdown__link" target="_parent" href="/docs/go-plugin-runner/getting-started/">Apache APISIX®️ Go Plugin Runner</a></li><li><a class="dropdown__link" target="_parent" href="/docs/python-plugin-runner/getting-started/">Apache APISIX®️ Python Plugin Runner</a></li><li><a class="dropdown__link" target="_parent" href="/docs/general/join/">General</a></li></ul></div><a class="navbar__item navbar__link" target="_parent" href="/blog/">Blog</a><a class="navbar__item navbar__link" target="_parent" href="/blog/tags/case-studies/">Case Studies</a><a class="navbar__item navbar__link" target="_parent" href="/downloads/">Downloads</a><a class="navbar__item navbar__link" target="_parent" href="/help/">Help</a><a class="navbar__item navbar__link" target="_parent" href="/team/">Team</a><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a class="navbar__link">Resources</a><ul class="dropdown__menu"><li><a class="dropdown__link" target="_parent" href="/showcase/">Showcase</a></li><li><a class="dropdown__link" target="_parent" href="/docs/general/code-samples/">Code Samples</a></li><li><a class="dropdown__link" target="_parent" href="/plugins/">PluginHub</a></li><li><a class="dropdown__link" target="_parent" href="/docs/general/join/">Community</a></li><li><a class="dropdown__link" target="_parent" href="/docs/general/events/">Events</a></li><li><a href="https://github.com/apache/apisix/milestones" target="_parent" rel="noopener noreferrer" class="dropdown__link">Roadmap</a></li></ul></div><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" class="navbar__link"><span><svg viewBox="0 0 20 20" width="20" height="20" aria-hidden="true" class="iconLanguage_zID8"><path fill="currentColor" d="M19.753 10.909c-.624-1.707-2.366-2.726-4.661-2.726-.09 0-.176.002-.262.006l-.016-2.063 3.525-.607c.115-.019.133-.119.109-.231-.023-.111-.167-.883-.188-.976-.027-.131-.102-.127-.207-.109-.104.018-3.25.461-3.25.461l-.013-2.078c-.001-.125-.069-.158-.194-.156l-1.025.016c-.105.002-.164.049-.162.148l.033 2.307s-3.061.527-3.144.543c-.084.014-.17.053-.151.143.019.09.19 1.094.208 1.172.018.08.072.129.188.107l2.924-.504.035 2.018c-1.077.281-1.801.824-2.256 1.303-.768.807-1.207 1.887-1.207 2.963 0 1.586.971 2.529 2.328 2.695 3.162.387 5.119-3.06 5.769-4.715 1.097 1.506.256 4.354-2.094 5.98-.043.029-.098.129-.033.207l.619.756c.08.096.206.059.256.023 2.51-1.73 3.661-4.515 2.869-6.683zm-7.386 3.188c-.966-.121-.944-.914-.944-1.453 0-.773.327-1.58.876-2.156a3.21 3.21 0 011.229-.799l.082 4.277a2.773 2.773 0 01-1.243.131zm2.427-.553l.046-4.109c.084-.004.166-.01.252-.01.773 0 1.494.145 1.885.361.391.217-1.023 2.713-2.183 3.758zm-8.95-7.668a.196.196 0 00-.196-.145h-1.95a.194.194 0 00-.194.144L.008 16.916c-.017.051-.011.076.062.076h1.733c.075 0 .099-.023.114-.072l1.008-3.318h3.496l1.008 3.318c.016.049.039.072.113.072h1.734c.072 0 .078-.025.062-.076-.014-.05-3.083-9.741-3.494-11.04zm-2.618 6.318l1.447-5.25 1.447 5.25H3.226z"></path></svg><span>English</span></span></a><ul class="dropdown__menu"><li><a href="/docs/apisix/3.11/ssl-protocol/" target="_self" rel="noopener noreferrer" class="dropdown__link dropdown__link--active" style="text-transform:capitalize">English</a></li><li><a href="/zh/docs/apisix/3.11/ssl-protocol/" target="_self" rel="noopener noreferrer" class="dropdown__link" style="text-transform:capitalize">简体中文</a></li></ul></div><div class="react-toggle toggle_2i4l react-toggle--disabled"><div class="react-toggle-track" role="button" tabindex="-1"><div class="react-toggle-track-check"><span class="toggle_iYfV">🌜</span></div><div class="react-toggle-track-x"><span class="toggle_iYfV">🌞</span></div><div class="react-toggle-thumb"></div></div><input type="checkbox" class="react-toggle-screenreader-only" aria-label="Switch between dark and light mode"></div><div class="searchBox_fBfG"><button type="button" class="DocSearch DocSearch-Button" aria-label="Search"><span class="DocSearch-Button-Container"><svg width="20" height="20" class="DocSearch-Search-Icon" viewBox="0 0 20 20"><path d="M14.386 14.386l4.0877 4.0877-4.0877-4.0877c-2.9418 2.9419-7.7115 2.9419-10.6533 0-2.9419-2.9418-2.9419-7.7115 0-10.6533 2.9418-2.9419 7.7115-2.9419 10.6533 0 2.9419 2.9418 2.9419 7.7115 0 10.6533z" stroke="currentColor" fill="none" fill-rule="evenodd" stroke-linecap="round" stroke-linejoin="round"></path></svg><span class="DocSearch-Button-Placeholder">Search</span></span><span class="DocSearch-Button-Keys"></span></button></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div class="main-wrapper docs-wrapper docs-doc-page"><div class="docPage_GMj9"><button class="clean-btn backToTopButton_i9tI" type="button"><svg viewBox="0 0 24 24" width="28"><path d="M7.41 15.41L12 10.83l4.59 4.58L18 14l-6-6-6 6z" fill="currentColor"></path></svg></button><aside class="docSidebarContainer_k0Pq"><div class="sidebar_LIo8 sidebarWithHideableNavbar_CMI-"><a target="_parent" tabindex="-1" class="sidebarLogo_P87M" href="/"><img src="/img/logo2.svg" alt="Apache APISIX®" class="themedImage_TMUO themedImage--light_4Vu1"><img src="/img/logo2.svg" alt="Apache APISIX®" class="themedImage_TMUO themedImage--dark_uzRr"><b>Apache APISIX®</b></a><div class="sidebarVersionSwitch_0QIZ">Version:<div class="navbar__item dropdown dropdown--hoverable"><a class="navbar__link" href="/docs/apisix/3.11/getting-started/README/">3.11</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/docs/apisix/next/ssl-protocol/"><div>Next</div></a></li><li><a class="dropdown__link" href="/docs/apisix/ssl-protocol/"><div>3.14<div class="badge_6FVu Latest_oyqS">Latest</div></div></a></li><li><a class="dropdown__link" href="/docs/apisix/3.13/ssl-protocol/"><div>3.13</div></a></li><li><a class="dropdown__link" href="/docs/apisix/3.12/ssl-protocol/"><div>3.12</div></a></li><li><a aria-current="page" class="dropdown__link dropdown__link--active" href="/docs/apisix/3.11/ssl-protocol/"><div>3.11</div></a></li><li><a class="dropdown__link" href="/docs/apisix/3.10/ssl-protocol/"><div>3.10</div></a></li><li><a href="https://apache-apisix.netlify.app/docs/apisix/3.9/getting-started/readme/" target="_blank" rel="noopener noreferrer" class="dropdown__link"><span>3.9<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_wgqa"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a></li><li><a href="https://apache-apisix.netlify.app/docs/apisix/3.8/getting-started/readme/" target="_blank" rel="noopener noreferrer" class="dropdown__link"><span>3.8<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_wgqa"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a></li><li><a href="https://apache-apisix.netlify.app/docs/apisix/3.7/getting-started/readme/" target="_blank" rel="noopener noreferrer" class="dropdown__link"><span>3.7<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_wgqa"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a></li><li><a href="https://apache-apisix.netlify.app/docs/apisix/3.6/getting-started/readme/" target="_blank" rel="noopener noreferrer" class="dropdown__link"><span>3.6<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_wgqa"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a></li><li><a href="https://apache-apisix.netlify.app/docs/apisix/3.5/getting-started/readme/" target="_blank" rel="noopener noreferrer" class="dropdown__link"><span>3.5<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_wgqa"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a></li><li><a href="https://apache-apisix.netlify.app/docs/apisix/3.4/getting-started/readme/" target="_blank" rel="noopener noreferrer" class="dropdown__link"><span>3.4<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_wgqa"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a></li><li><a href="https://apache-apisix.netlify.app/docs/apisix/3.3/getting-started/readme/" target="_blank" rel="noopener noreferrer" class="dropdown__link"><span>3.3<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_wgqa"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a></li><li><a href="https://apache-apisix.netlify.app/docs/apisix/3.2/getting-started/" target="_blank" rel="noopener noreferrer" class="dropdown__link"><span>3.2<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_wgqa"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a></li><li><a href="https://apache-apisix.netlify.app/docs/apisix/3.1/getting-started/" target="_blank" rel="noopener noreferrer" class="dropdown__link"><span>3.1<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_wgqa"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a></li><li><a href="https://apache-apisix.netlify.app/docs/apisix/3.0/getting-started/" target="_blank" rel="noopener noreferrer" class="dropdown__link"><span>3.0<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_wgqa"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a></li><li><a href="https://apache-apisix.netlify.app/docs/apisix/2.15/getting-started/" target="_blank" rel="noopener noreferrer" class="dropdown__link"><span>2.15<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_wgqa"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a></li><li><a href="https://apache-apisix.netlify.app/docs/apisix/2.14/getting-started/" target="_blank" rel="noopener noreferrer" class="dropdown__link"><span>2.14<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_wgqa"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a></li><li><a href="https://apache-apisix.netlify.app/docs/apisix/2.13/getting-started/" target="_blank" rel="noopener noreferrer" class="dropdown__link"><span>2.13<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_wgqa"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a></li><li><a href="https://apache-apisix.netlify.app/docs/apisix/2.12/getting-started/" target="_blank" rel="noopener noreferrer" class="dropdown__link"><span>2.12<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_wgqa"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a></li><li><a href="https://apache-apisix.netlify.app/docs/apisix/2.11/getting-started/" target="_blank" rel="noopener noreferrer" class="dropdown__link"><span>2.11<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_wgqa"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a></li><li><a href="https://apache-apisix.netlify.app/docs/apisix/2.10/getting-started/" target="_blank" rel="noopener noreferrer" class="dropdown__link"><span>2.10<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_wgqa"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a></li><li><a href="https://apache-apisix.netlify.app/docs/apisix/2.9/getting-started/" target="_blank" rel="noopener noreferrer" class="dropdown__link"><span>2.9<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_wgqa"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a></li><li><a href="https://apache-apisix.netlify.app/docs/apisix/2.8/getting-started/" target="_blank" rel="noopener noreferrer" class="dropdown__link"><span>2.8<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_wgqa"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a></li><li><a href="https://apache-apisix.netlify.app/docs/apisix/2.7/getting-started/" target="_blank" rel="noopener noreferrer" class="dropdown__link"><span>2.7<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_wgqa"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a></li><li><a href="https://apache-apisix.netlify.app/docs/apisix/2.6/getting-started/" target="_blank" rel="noopener noreferrer" class="dropdown__link"><span>2.6<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_wgqa"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a></li><li><a href="https://apache-apisix.netlify.app/docs/apisix/2.5/getting-started/" target="_blank" rel="noopener noreferrer" class="dropdown__link"><span>2.5<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_wgqa"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a></li><li><a href="https://apache-apisix.netlify.app/docs/apisix/2.4/getting-started/" target="_blank" rel="noopener noreferrer" class="dropdown__link"><span>2.4<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_wgqa"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a></li></ul></div></div><nav class="menu thin-scrollbar menu_oAhv menuWithAnnouncementBar_IVfW"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-category menu__list-item menu__list-item--collapsed"><a class="menu__link menu__link--sublist" href="#">Getting Started</a></li><li class="theme-doc-sidebar-item-link menu__list-item"><a class="menu__link" href="/docs/apisix/3.11/installation-guide/">Installation</a></li><li class="theme-doc-sidebar-item-link menu__list-item"><a class="menu__link" href="/docs/apisix/3.11/architecture-design/apisix/">Architecture</a></li><li class="theme-doc-sidebar-item-category menu__list-item menu__list-item--collapsed"><a class="menu__link menu__link--sublist" href="#">Tutorials</a></li><li class="theme-doc-sidebar-item-category menu__list-item menu__list-item--collapsed"><a class="menu__link menu__link--sublist" href="#">Terminology</a></li><li class="theme-doc-sidebar-item-category menu__list-item menu__list-item--collapsed"><a class="menu__link menu__link--sublist" href="#">Plugins</a></li><li class="theme-doc-sidebar-item-category menu__list-item menu__list-item--collapsed"><a class="menu__link menu__link--sublist" href="#">API</a></li><li class="theme-doc-sidebar-item-category menu__list-item menu__list-item--collapsed"><a class="menu__link menu__link--sublist" href="#">Development</a></li><li class="theme-doc-sidebar-item-link menu__list-item"><a class="menu__link" href="/docs/apisix/3.11/deployment-modes/">Deployment modes</a></li><li class="theme-doc-sidebar-item-link menu__list-item"><a class="menu__link" href="/docs/apisix/3.11/FAQ/">FAQ</a></li><li class="theme-doc-sidebar-item-category menu__list-item"><a class="menu__link menu__link--sublist menu__link--active" href="#">Others</a><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-category menu__list-item menu__list-item--collapsed"><a class="menu__link menu__link--sublist" href="#" tabindex="0">Discovery</a></li><li class="theme-doc-sidebar-item-category menu__list-item menu__list-item--collapsed"><a class="menu__link menu__link--sublist" href="#" tabindex="0">PubSub</a></li><li class="theme-doc-sidebar-item-category menu__list-item menu__list-item--collapsed"><a class="menu__link menu__link--sublist" href="#" tabindex="0">xRPC</a></li><li class="theme-doc-sidebar-item-link menu__list-item"><a class="menu__link" tabindex="0" href="/docs/apisix/3.11/router-radixtree/">router-radixtree</a></li><li class="theme-doc-sidebar-item-link menu__list-item"><a class="menu__link" tabindex="0" href="/docs/apisix/3.11/stream-proxy/">Stream Proxy</a></li><li class="theme-doc-sidebar-item-link menu__list-item"><a class="menu__link" tabindex="0" href="/docs/apisix/3.11/grpc-proxy/">gRPC Proxy</a></li><li class="theme-doc-sidebar-item-link menu__list-item"><a class="menu__link" tabindex="0" href="/docs/apisix/3.11/customize-nginx-configuration/">Customize Nginx configuration</a></li><li class="theme-doc-sidebar-item-link menu__list-item"><a class="menu__link" tabindex="0" href="/docs/apisix/3.11/certificate/">Certificate</a></li><li class="theme-doc-sidebar-item-link menu__list-item"><a class="menu__link" tabindex="0" href="/docs/apisix/3.11/batch-processor/">Batch Processor</a></li><li class="theme-doc-sidebar-item-link menu__list-item"><a class="menu__link" tabindex="0" href="/docs/apisix/3.11/benchmark/">Benchmark</a></li><li class="theme-doc-sidebar-item-link menu__list-item"><a class="menu__link" tabindex="0" href="/docs/apisix/3.11/install-dependencies/">Install Dependencies</a></li><li class="theme-doc-sidebar-item-link menu__list-item"><a class="menu__link" tabindex="0" href="/docs/apisix/3.11/apisix-variable/">APISIX variable</a></li><li class="theme-doc-sidebar-item-link menu__list-item"><a class="menu__link" tabindex="0" href="/docs/apisix/3.11/aws/">Running APISIX in AWS with AWS CDK</a></li><li class="theme-doc-sidebar-item-link menu__list-item"><a class="menu__link" tabindex="0" href="/docs/apisix/3.11/mtls/">Mutual TLS Authentication</a></li><li class="theme-doc-sidebar-item-link menu__list-item"><a class="menu__link" tabindex="0" href="/docs/apisix/3.11/debug-function/">Debug Function</a></li><li class="theme-doc-sidebar-item-link menu__list-item"><a class="menu__link" tabindex="0" href="/docs/apisix/3.11/profile/">Configuration based on environments</a></li><li class="theme-doc-sidebar-item-link menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/docs/apisix/3.11/ssl-protocol/">SSL Protocol</a></li><li class="theme-doc-sidebar-item-link menu__list-item"><a class="menu__link" tabindex="0" href="/docs/apisix/3.11/http3/">HTTP/3 Protocol</a></li></ul></li><li class="theme-doc-sidebar-item-link menu__list-item"><a href="https://github.com/apache/apisix/blob/master/CHANGELOG.md" target="_blank" rel="noopener noreferrer" class="menu__link"><span>CHANGELOG<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_wgqa"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a></li><li class="theme-doc-sidebar-item-link menu__list-item"><a class="menu__link" href="/docs/apisix/3.11/upgrade-guide-from-2.15.x-to-3.0.0/">Upgrade Guide</a></li></ul></nav><button type="button" title="Collapse sidebar" aria-label="Collapse sidebar" class="button button--secondary button--outline collapseSidebarButton_EBxv"><svg width="20" height="20" aria-hidden="true" class="collapseSidebarButtonIcon_AF9Q"><g fill="#7a7a7a"><path d="M9.992 10.023c0 .2-.062.399-.172.547l-4.996 7.492a.982.982 0 01-.828.454H1c-.55 0-1-.453-1-1 0-.2.059-.403.168-.551l4.629-6.942L.168 3.078A.939.939 0 010 2.528c0-.548.45-.997 1-.997h2.996c.352 0 .649.18.828.45L9.82 9.472c.11.148.172.347.172.55zm0 0"></path><path d="M19.98 10.023c0 .2-.058.399-.168.547l-4.996 7.492a.987.987 0 01-.828.454h-3c-.547 0-.996-.453-.996-1 0-.2.059-.403.168-.551l4.625-6.942-4.625-6.945a.939.939 0 01-.168-.55 1 1 0 01.996-.997h3c.348 0 .649.18.828.45l4.996 7.492c.11.148.168.347.168.55zm0 0"></path></g></svg></button></div></aside><main class="docMainContainer_Q970"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_zHA2"><div class="theme-doc-version-banner alert alert--warning margin-bottom--md" role="alert"><div>This is documentation for Apache APISIX® -- Cloud-Native API Gateway and AI Gateway <b>3.11</b>, which is no longer actively maintained.</div><div class="margin-top--md">For up-to-date documentation, see the <b><a href="/docs/apisix/ssl-protocol/">latest version</a></b> (3.14).</div></div><div class="docItemContainer_oiyr"><article><span class="theme-doc-version-badge badge badge--secondary">Version: 3.11</span><div class="tocCollapsible_aw-L theme-doc-toc-mobile tocMobile_Tx6Y"><button type="button" class="clean-btn tocCollapsibleButton_zr6a">On this page</button></div><div class="theme-doc-markdown markdown"><header><h1>SSL Protocol</h1></header><p><code>APISIX</code> supports set TLS protocol and also supports dynamically specifying different TLS protocol versions for each <a href="https://en.wikipedia.org/wiki/Server_Name_Indication" target="_blank" rel="noopener noreferrer">SNI</a>.</p><p><strong>For security reasons, the encryption suite used by default in <code>APISIX</code> does not support TLSv1.1 and lower versions.</strong>
<strong>If you need to enable the TLSv1.1 protocol, please add the encryption suite supported by the TLSv1.1 protocol to the configuration item <code>apisix.ssl.ssl_ciphers</code> in <code>config.yaml</code>.</strong></p><h2><a aria-hidden="true" tabindex="-1" class="anchor anchor__h2 anchorWithHideOnScrollNavbar_3ly5" id="ssl_protocols-configuration"></a>ssl_protocols Configuration<a class="hash-link" href="#ssl_protocols-configuration" title="Direct link to heading">#</a></h2><h3><a aria-hidden="true" tabindex="-1" class="anchor anchor__h3 anchorWithHideOnScrollNavbar_3ly5" id="static-configuration"></a>Static Configuration<a class="hash-link" href="#static-configuration" title="Direct link to heading">#</a></h3><p>The <code>ssl_protocols</code> parameter in the static configuration <code>config.yaml</code> applies to the entire APISIX, but cannot be dynamically modified. It only takes effect when the matching SSL resource does not set <code>ssl_protocols</code>.</p><div class="codeBlockContainer_EiTO"><div class="codeBlockContent_X2I6 yaml"><pre tabindex="0" class="prism-code language-yaml codeBlock_UxnK thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_W6UD"><span class="token-line" style="color:#393A34"><span class="token key atrule" style="color:#00a4db">apisix</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token key atrule" style="color:#00a4db">ssl</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token key atrule" style="color:#00a4db">ssl_protocols</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"> TLSv1.2 TLSv1.3 </span><span class="token comment" style="color:#999988;font-style:italic"># default TLSv1.2 TLSv1.3</span><br></span></code></pre><button type="button" aria-label="Copy code to clipboard" class="copyButton_V-PD clean-btn">Copy</button></div></div><h3><a aria-hidden="true" tabindex="-1" class="anchor anchor__h3 anchorWithHideOnScrollNavbar_3ly5" id="dynamic-configuration"></a>Dynamic Configuration<a class="hash-link" href="#dynamic-configuration" title="Direct link to heading">#</a></h3><p>Use the <code>ssl_protocols</code> field in the <code>ssl</code> resource to dynamically specify different TLS protocol versions for each SNI.</p><p>Specify the <code>test.com</code> domain uses the TLSv1.2 and TLSv1.3:</p><div class="codeBlockContainer_EiTO"><div class="codeBlockContent_X2I6 bash"><pre tabindex="0" class="prism-code language-bash codeBlock_UxnK thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_W6UD"><span class="token-line" style="color:#393A34"><span class="token punctuation" style="color:#393A34">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;cert&quot;</span><span class="token builtin class-name">:</span><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;</span><span class="token string variable" style="color:#36acaa">$cert</span><span class="token string" style="color:#e3116c">&quot;</span><span class="token plain">,</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;key&quot;</span><span class="token builtin class-name">:</span><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;</span><span class="token string variable" style="color:#36acaa">$key</span><span class="token string" style="color:#e3116c">&quot;</span><span class="token plain">,</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;snis&quot;</span><span class="token builtin class-name">:</span><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">[</span><span class="token string" style="color:#e3116c">&quot;test.com&quot;</span><span class="token punctuation" style="color:#393A34">]</span><span class="token plain">,</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;ssl_protocols&quot;</span><span class="token builtin class-name">:</span><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;TLSv1.2&quot;</span><span class="token plain">,</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;TLSv1.3&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"></span><span class="token punctuation" style="color:#393A34">}</span><br></span></code></pre><button type="button" aria-label="Copy code to clipboard" class="copyButton_V-PD clean-btn">Copy</button></div></div><h3><a aria-hidden="true" tabindex="-1" class="anchor anchor__h3 anchorWithHideOnScrollNavbar_3ly5" id="notes"></a>Notes<a class="hash-link" href="#notes" title="Direct link to heading">#</a></h3><ul><li>Dynamic configuration has a higher priority than static configuration. When the <code>ssl_protocols</code> configuration item in the ssl resource is not empty, the static configuration will be overridden.</li><li>The static configuration applies to the entire APISIX and requires a reload of APISIX to take effect.</li><li>Dynamic configuration can control the TLS protocol version of each SNI in a fine-grained manner and can be dynamically modified, which is more flexible than static configuration.</li></ul><h2><a aria-hidden="true" tabindex="-1" class="anchor anchor__h2 anchorWithHideOnScrollNavbar_3ly5" id="examples"></a>Examples<a class="hash-link" href="#examples" title="Direct link to heading">#</a></h2><h3><a aria-hidden="true" tabindex="-1" class="anchor anchor__h3 anchorWithHideOnScrollNavbar_3ly5" id="how-to-specify-the-tlsv11-protocol"></a>How to specify the TLSv1.1 protocol<a class="hash-link" href="#how-to-specify-the-tlsv11-protocol" title="Direct link to heading">#</a></h3><p>While newer products utilize higher security-level TLS protocol versions, there are still legacy clients that rely on the lower-level TLSv1.1 protocol. However, enabling TLSv1.1 for new products presents potential security risks. In order to maintain the security of the API, it is crucial to have the ability to seamlessly switch between different protocol versions based on specific requirements and circumstances.
For example, consider two domain names: <code>test.com</code>, utilized by legacy clients requiring TLSv1.1 configuration, and <code>test2.com</code>, associated with new products that support TLSv1.2 and TLSv1.3 protocols.</p><ol><li><code>config.yaml</code> configuration.</li></ol><div class="codeBlockContainer_EiTO"><div class="codeBlockContent_X2I6 yaml"><pre tabindex="0" class="prism-code language-yaml codeBlock_UxnK thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_W6UD"><span class="token-line" style="color:#393A34"><span class="token key atrule" style="color:#00a4db">apisix</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token key atrule" style="color:#00a4db">ssl</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token key atrule" style="color:#00a4db">ssl_protocols</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"> TLSv1.3</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token comment" style="color:#999988;font-style:italic"># ssl_ciphers is for reference only</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token key atrule" style="color:#00a4db">ssl_ciphers</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"> ECDHE</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">ECDSA</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">AES128</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">GCM</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">SHA256</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain">ECDHE</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">RSA</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">AES128</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">GCM</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">SHA256</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain">ECDHE</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">ECDSA</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">AES256</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">GCM</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">SHA384</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain">ECDHE</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">RSA</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">AES256</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">GCM</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">SHA384</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain">ECDHE</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">ECDSA</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">CHACHA20</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">POLY1305</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain">ECDHE</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">RSA</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">CHACHA20</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">POLY1305</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain">DHE</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">RSA</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">AES128</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">GCM</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">SHA256</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain">DHE</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">RSA</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">AES256</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">GCM</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">SHA384</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain">ECDHE</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">RSA</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">AES256</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">SHA</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain">ECDHE</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">ECDSA</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">AES256</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">SHA</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain">DHE</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">RSA</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">AES256</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">SHA</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain">DHE</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">DSS</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">AES256</span><span class="token punctuation" style="color:#393A34">-</span><span class="token plain">SHA</span><br></span></code></pre><button type="button" aria-label="Copy code to clipboard" class="copyButton_V-PD clean-btn">Copy</button></div></div><div class="admonition admonition-note alert alert--secondary"><div class="admonition-heading"><h5><span class="admonition-icon"><svg xmlns="http://www.w3.org/2000/svg" width="14" height="16" viewBox="0 0 14 16"><path fill-rule="evenodd" d="M6.3 5.69a.942.942 0 0 1-.28-.7c0-.28.09-.52.28-.7.19-.18.42-.28.7-.28.28 0 .52.09.7.28.18.19.28.42.28.7 0 .28-.09.52-.28.7a1 1 0 0 1-.7.3c-.28 0-.52-.11-.7-.3zM8 7.99c-.02-.25-.11-.48-.31-.69-.2-.19-.42-.3-.69-.31H6c-.27.02-.48.13-.69.31-.2.2-.3.44-.31.69h1v3c.02.27.11.5.31.69.2.2.42.31.69.31h1c.27 0 .48-.11.69-.31.2-.19.3-.42.31-.69H8V7.98v.01zM7 2.3c-3.14 0-5.7 2.54-5.7 5.68 0 3.14 2.56 5.7 5.7 5.7s5.7-2.55 5.7-5.7c0-3.15-2.56-5.69-5.7-5.69v.01zM7 .98c3.86 0 7 3.14 7 7s-3.14 7-7 7-7-3.12-7-7 3.14-7 7-7z"></path></svg></span>note</h5></div><div class="admonition-content"><p>You can fetch the <code>admin_key</code> from <code>config.yaml</code> and save to an environment variable with the following command:</p><div class="codeBlockContainer_EiTO"><div class="codeBlockContent_X2I6 bash"><pre tabindex="0" class="prism-code language-bash codeBlock_UxnK thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_W6UD"><span class="token-line" style="color:#393A34"><span class="token assign-left variable" style="color:#36acaa">admin_key</span><span class="token operator" style="color:#393A34">=</span><span class="token variable" style="color:#36acaa">$(</span><span class="token variable" style="color:#36acaa">yq </span><span class="token variable string" style="color:#e3116c">&#x27;.deployment.admin.admin_key[0].key&#x27;</span><span class="token variable" style="color:#36acaa"> conf/config.yaml </span><span class="token variable operator" style="color:#393A34">|</span><span class="token variable" style="color:#36acaa"> </span><span class="token variable function" style="color:#d73a49">sed</span><span class="token variable" style="color:#36acaa"> </span><span class="token variable string" style="color:#e3116c">&#x27;s/&quot;//g&#x27;</span><span class="token variable" style="color:#36acaa">)</span><br></span></code></pre><button type="button" aria-label="Copy code to clipboard" class="copyButton_V-PD clean-btn">Copy</button></div></div></div></div><ol start="2"><li>Specify the TLSv1.1 protocol version for the test.com domain.</li></ol><div class="codeBlockContainer_EiTO"><div class="codeBlockContent_X2I6 bash"><pre tabindex="0" class="prism-code language-bash codeBlock_UxnK thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_W6UD"><span class="token-line" style="color:#393A34"><span class="token function" style="color:#d73a49">curl</span><span class="token plain"> http://127.0.0.1:9180/apisix/admin/ssls/1 </span><span class="token punctuation" style="color:#393A34">\</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">-H </span><span class="token string" style="color:#e3116c">&quot;X-API-KEY: </span><span class="token string variable" style="color:#36acaa">$admin_key</span><span class="token string" style="color:#e3116c">&quot;</span><span class="token plain"> -X PUT -d </span><span class="token string" style="color:#e3116c">&#x27;</span><br></span><span class="token-line" style="color:#393A34"><span class="token string" style="color:#e3116c">{</span><br></span><span class="token-line" style="color:#393A34"><span class="token string" style="color:#e3116c"> &quot;cert&quot; : &quot;&#x27;</span><span class="token plain">&quot;</span><span class="token variable" style="color:#36acaa">$(</span><span class="token variable function" style="color:#d73a49">cat</span><span class="token variable" style="color:#36acaa"> server.crt</span><span class="token variable" style="color:#36acaa">)</span><span class="token string" style="color:#e3116c">&quot;&#x27;&quot;</span><span class="token plain">,</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;key&quot;</span><span class="token builtin class-name">:</span><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;&#x27;&quot;</span><span class="token variable" style="color:#36acaa">$(</span><span class="token variable function" style="color:#d73a49">cat</span><span class="token variable" style="color:#36acaa"> server.key</span><span class="token variable" style="color:#36acaa">)</span><span class="token string" style="color:#e3116c">&quot;&#x27;&quot;</span><span class="token plain">,</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;snis&quot;</span><span class="token builtin class-name">:</span><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">[</span><span class="token string" style="color:#e3116c">&quot;test.com&quot;</span><span class="token punctuation" style="color:#393A34">]</span><span class="token plain">,</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;ssl_protocols&quot;</span><span class="token builtin class-name">:</span><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;TLSv1.1&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"></span><span class="token punctuation" style="color:#393A34">}</span><span class="token plain">&#x27;</span><br></span></code></pre><button type="button" aria-label="Copy code to clipboard" class="copyButton_V-PD clean-btn">Copy</button></div></div><ol start="3"><li>Create an SSL object for test.com without specifying the TLS protocol version, which will use the static configuration by default.</li></ol><div class="codeBlockContainer_EiTO"><div class="codeBlockContent_X2I6 bash"><pre tabindex="0" class="prism-code language-bash codeBlock_UxnK thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_W6UD"><span class="token-line" style="color:#393A34"><span class="token function" style="color:#d73a49">curl</span><span class="token plain"> http://127.0.0.1:9180/apisix/admin/ssls/1 </span><span class="token punctuation" style="color:#393A34">\</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">-H </span><span class="token string" style="color:#e3116c">&quot;X-API-KEY: </span><span class="token string variable" style="color:#36acaa">$admin_key</span><span class="token string" style="color:#e3116c">&quot;</span><span class="token plain"> -X PUT -d </span><span class="token string" style="color:#e3116c">&#x27;</span><br></span><span class="token-line" style="color:#393A34"><span class="token string" style="color:#e3116c">{</span><br></span><span class="token-line" style="color:#393A34"><span class="token string" style="color:#e3116c"> &quot;cert&quot; : &quot;&#x27;</span><span class="token plain">&quot;</span><span class="token variable" style="color:#36acaa">$(</span><span class="token variable function" style="color:#d73a49">cat</span><span class="token variable" style="color:#36acaa"> server2.crt</span><span class="token variable" style="color:#36acaa">)</span><span class="token string" style="color:#e3116c">&quot;&#x27;&quot;</span><span class="token plain">,</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;key&quot;</span><span class="token builtin class-name">:</span><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;&#x27;&quot;</span><span class="token variable" style="color:#36acaa">$(</span><span class="token variable function" style="color:#d73a49">cat</span><span class="token variable" style="color:#36acaa"> server2.key</span><span class="token variable" style="color:#36acaa">)</span><span class="token string" style="color:#e3116c">&quot;&#x27;&quot;</span><span class="token plain">,</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;snis&quot;</span><span class="token builtin class-name">:</span><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">[</span><span class="token string" style="color:#e3116c">&quot;test2.com&quot;</span><span class="token punctuation" style="color:#393A34">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"></span><span class="token punctuation" style="color:#393A34">}</span><span class="token plain">&#x27;</span><br></span></code></pre><button type="button" aria-label="Copy code to clipboard" class="copyButton_V-PD clean-btn">Copy</button></div></div><ol start="4"><li>Access Verification</li></ol><p>Failed, accessed test.com with TLSv1.3:</p><div class="codeBlockContainer_EiTO"><div class="codeBlockContent_X2I6 shell"><pre tabindex="0" class="prism-code language-shell codeBlock_UxnK thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_W6UD"><span class="token-line" style="color:#393A34"><span class="token plain">$ </span><span class="token function" style="color:#d73a49">curl</span><span class="token plain"> --tls-max </span><span class="token number" style="color:#36acaa">1.3</span><span class="token plain"> --tlsv1.3 https://test.com:9443 -v -k -I</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Trying </span><span class="token number" style="color:#36acaa">127.0</span><span class="token plain">.0.1:9443</span><span class="token punctuation" style="color:#393A34">..</span><span class="token plain">.</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Connected to test.com </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">127.0</span><span class="token plain">.0.1</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain"> port </span><span class="token number" style="color:#36acaa">9443</span><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">(</span><span class="token comment" style="color:#999988;font-style:italic">#0)</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* ALPN, offering h2</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* ALPN, offering http/1.1</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* successfully </span><span class="token builtin class-name">set</span><span class="token plain"> certificate verify locations:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* CAfile: /etc/ssl/certs/ca-certificates.crt</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* CApath: /etc/ssl/certs</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.3 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">OUT</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Client hello </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">1</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.3 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS alert, protocol version </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">582</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Closing connection </span><span class="token number" style="color:#36acaa">0</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">curl: </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">35</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain"> error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version</span><br></span></code></pre><button type="button" aria-label="Copy code to clipboard" class="copyButton_V-PD clean-btn">Copy</button></div></div><p>Successfully, accessed test.com with TLSv1.1:</p><div class="codeBlockContainer_EiTO"><div class="codeBlockContent_X2I6 shell"><pre tabindex="0" class="prism-code language-shell codeBlock_UxnK thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_W6UD"><span class="token-line" style="color:#393A34"><span class="token plain">$ </span><span class="token function" style="color:#d73a49">curl</span><span class="token plain"> --tls-max </span><span class="token number" style="color:#36acaa">1.1</span><span class="token plain"> --tlsv1.1 https://test.com:9443 -v -k -I</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Trying </span><span class="token number" style="color:#36acaa">127.0</span><span class="token plain">.0.1:9443</span><span class="token punctuation" style="color:#393A34">..</span><span class="token plain">.</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Connected to test.com </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">127.0</span><span class="token plain">.0.1</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain"> port </span><span class="token number" style="color:#36acaa">9443</span><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">(</span><span class="token comment" style="color:#999988;font-style:italic">#0)</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* ALPN, offering h2</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* ALPN, offering http/1.1</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* successfully </span><span class="token builtin class-name">set</span><span class="token plain"> certificate verify locations:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* CAfile: /etc/ssl/certs/ca-certificates.crt</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* CApath: /etc/ssl/certs</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.1 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">OUT</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Client hello </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">1</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.1 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Server hello </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">2</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.1 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Certificate </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">11</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.1 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Server key exchange </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">12</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.1 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Server finished </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">14</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.1 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">OUT</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Client key exchange </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">16</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.1 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">OUT</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS change cipher, Change cipher spec </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">1</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.1 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">OUT</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Finished </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">20</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.1 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Finished </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">20</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* SSL connection using TLSv1.1 / ECDHE-RSA-AES256-SHA</span><br></span></code></pre><button type="button" aria-label="Copy code to clipboard" class="copyButton_V-PD clean-btn">Copy</button></div></div><p>Successfully, accessed test2.com with TLSv1.3:</p><div class="codeBlockContainer_EiTO"><div class="codeBlockContent_X2I6 shell"><pre tabindex="0" class="prism-code language-shell codeBlock_UxnK thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_W6UD"><span class="token-line" style="color:#393A34"><span class="token plain">$ </span><span class="token function" style="color:#d73a49">curl</span><span class="token plain"> --tls-max </span><span class="token number" style="color:#36acaa">1.3</span><span class="token plain"> --tlsv1.3 https://test2.com:9443 -v -k -I</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Trying </span><span class="token number" style="color:#36acaa">127.0</span><span class="token plain">.0.1:9443</span><span class="token punctuation" style="color:#393A34">..</span><span class="token plain">.</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Connected to test2.com </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">127.0</span><span class="token plain">.0.1</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain"> port </span><span class="token number" style="color:#36acaa">9443</span><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">(</span><span class="token comment" style="color:#999988;font-style:italic">#0)</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* ALPN, offering h2</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* ALPN, offering http/1.1</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* successfully </span><span class="token builtin class-name">set</span><span class="token plain"> certificate verify locations:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* CAfile: /etc/ssl/certs/ca-certificates.crt</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* CApath: /etc/ssl/certs</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.3 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">OUT</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Client hello </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">1</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.3 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Server hello </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">2</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.3 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Encrypted Extensions </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">8</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.3 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Certificate </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">11</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.3 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, CERT verify </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">15</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.3 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Finished </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">20</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.3 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">OUT</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS change cipher, Change cipher spec </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">1</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.3 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">OUT</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Finished </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">20</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384</span><br></span></code></pre><button type="button" aria-label="Copy code to clipboard" class="copyButton_V-PD clean-btn">Copy</button></div></div><p>Failed, accessed test2.com with TLSv1.1:</p><div class="codeBlockContainer_EiTO"><div class="codeBlockContent_X2I6 shell"><pre tabindex="0" class="prism-code language-shell codeBlock_UxnK thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_W6UD"><span class="token-line" style="color:#393A34"><span class="token function" style="color:#d73a49">curl</span><span class="token plain"> --tls-max </span><span class="token number" style="color:#36acaa">1.1</span><span class="token plain"> --tlsv1.1 https://test2.com:9443 -v -k -I</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Trying </span><span class="token number" style="color:#36acaa">127.0</span><span class="token plain">.0.1:9443</span><span class="token punctuation" style="color:#393A34">..</span><span class="token plain">.</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Connected to test2.com </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">127.0</span><span class="token plain">.0.1</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain"> port </span><span class="token number" style="color:#36acaa">9443</span><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">(</span><span class="token comment" style="color:#999988;font-style:italic">#0)</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* ALPN, offering h2</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* ALPN, offering http/1.1</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* successfully </span><span class="token builtin class-name">set</span><span class="token plain"> certificate verify locations:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* CAfile: /etc/ssl/certs/ca-certificates.crt</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* CApath: /etc/ssl/certs</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.1 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">OUT</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Client hello </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">1</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.1 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS alert, protocol version </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">582</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Closing connection </span><span class="token number" style="color:#36acaa">0</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">curl: </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">35</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain"> error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version</span><br></span></code></pre><button type="button" aria-label="Copy code to clipboard" class="copyButton_V-PD clean-btn">Copy</button></div></div><h3><a aria-hidden="true" tabindex="-1" class="anchor anchor__h3 anchorWithHideOnScrollNavbar_3ly5" id="certificates-are-associated-with-multiple-domains-but-different-tls-protocols-are-used-between-domains"></a>Certificates are associated with multiple domains, but different TLS protocols are used between domains<a class="hash-link" href="#certificates-are-associated-with-multiple-domains-but-different-tls-protocols-are-used-between-domains" title="Direct link to heading">#</a></h3><p>Sometimes, we may encounter a situation where a certificate is associated with multiple domains, but they need to use different TLS protocols to ensure security. For example, the test.com domain needs to use the TLSv1.2 protocol, while the test2.com domain needs to use the TLSv1.3 protocol. In this case, we cannot simply create an SSL object for all domains, but need to create an SSL object for each domain separately and specify the appropriate protocol version. This way, we can perform the correct SSL handshake and encrypted communication based on different domains and protocol versions. The example is as follows:</p><ol><li>Create an SSL object for test.com using the certificate and specify the TLSv1.2 protocol.</li></ol><div class="codeBlockContainer_EiTO"><div class="codeBlockContent_X2I6 bash"><pre tabindex="0" class="prism-code language-bash codeBlock_UxnK thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_W6UD"><span class="token-line" style="color:#393A34"><span class="token function" style="color:#d73a49">curl</span><span class="token plain"> http://127.0.0.1:9180/apisix/admin/ssls/1 </span><span class="token punctuation" style="color:#393A34">\</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">-H </span><span class="token string" style="color:#e3116c">&quot;X-API-KEY: </span><span class="token string variable" style="color:#36acaa">$admin_key</span><span class="token string" style="color:#e3116c">&quot;</span><span class="token plain"> -X PUT -d </span><span class="token string" style="color:#e3116c">&#x27;</span><br></span><span class="token-line" style="color:#393A34"><span class="token string" style="color:#e3116c">{</span><br></span><span class="token-line" style="color:#393A34"><span class="token string" style="color:#e3116c"> &quot;cert&quot; : &quot;&#x27;</span><span class="token plain">&quot;</span><span class="token variable" style="color:#36acaa">$(</span><span class="token variable function" style="color:#d73a49">cat</span><span class="token variable" style="color:#36acaa"> server.crt</span><span class="token variable" style="color:#36acaa">)</span><span class="token string" style="color:#e3116c">&quot;&#x27;&quot;</span><span class="token plain">,</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;key&quot;</span><span class="token builtin class-name">:</span><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;&#x27;&quot;</span><span class="token variable" style="color:#36acaa">$(</span><span class="token variable function" style="color:#d73a49">cat</span><span class="token variable" style="color:#36acaa"> server.key</span><span class="token variable" style="color:#36acaa">)</span><span class="token string" style="color:#e3116c">&quot;&#x27;&quot;</span><span class="token plain">,</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;snis&quot;</span><span class="token builtin class-name">:</span><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">[</span><span class="token string" style="color:#e3116c">&quot;test.com&quot;</span><span class="token punctuation" style="color:#393A34">]</span><span class="token plain">,</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;ssl_protocols&quot;</span><span class="token builtin class-name">:</span><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;TLSv1.2&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"></span><span class="token punctuation" style="color:#393A34">}</span><span class="token plain">&#x27;</span><br></span></code></pre><button type="button" aria-label="Copy code to clipboard" class="copyButton_V-PD clean-btn">Copy</button></div></div><ol start="2"><li>Use the same certificate as test.com to create an SSL object for test2.com and specify the TLSv1.3 protocol.</li></ol><div class="codeBlockContainer_EiTO"><div class="codeBlockContent_X2I6 bash"><pre tabindex="0" class="prism-code language-bash codeBlock_UxnK thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_W6UD"><span class="token-line" style="color:#393A34"><span class="token function" style="color:#d73a49">curl</span><span class="token plain"> http://127.0.0.1:9180/apisix/admin/ssls/2 </span><span class="token punctuation" style="color:#393A34">\</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">-H </span><span class="token string" style="color:#e3116c">&quot;X-API-KEY: </span><span class="token string variable" style="color:#36acaa">$admin_key</span><span class="token string" style="color:#e3116c">&quot;</span><span class="token plain"> -X PUT -d </span><span class="token string" style="color:#e3116c">&#x27;</span><br></span><span class="token-line" style="color:#393A34"><span class="token string" style="color:#e3116c">{</span><br></span><span class="token-line" style="color:#393A34"><span class="token string" style="color:#e3116c"> &quot;cert&quot; : &quot;&#x27;</span><span class="token plain">&quot;</span><span class="token variable" style="color:#36acaa">$(</span><span class="token variable function" style="color:#d73a49">cat</span><span class="token variable" style="color:#36acaa"> server.crt</span><span class="token variable" style="color:#36acaa">)</span><span class="token string" style="color:#e3116c">&quot;&#x27;&quot;</span><span class="token plain">,</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;key&quot;</span><span class="token builtin class-name">:</span><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;&#x27;&quot;</span><span class="token variable" style="color:#36acaa">$(</span><span class="token variable function" style="color:#d73a49">cat</span><span class="token variable" style="color:#36acaa"> server.key</span><span class="token variable" style="color:#36acaa">)</span><span class="token string" style="color:#e3116c">&quot;&#x27;&quot;</span><span class="token plain">,</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;snis&quot;</span><span class="token builtin class-name">:</span><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">[</span><span class="token string" style="color:#e3116c">&quot;test2.com&quot;</span><span class="token punctuation" style="color:#393A34">]</span><span class="token plain">,</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;ssl_protocols&quot;</span><span class="token builtin class-name">:</span><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;TLSv1.3&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"></span><span class="token punctuation" style="color:#393A34">}</span><span class="token plain">&#x27;</span><br></span></code></pre><button type="button" aria-label="Copy code to clipboard" class="copyButton_V-PD clean-btn">Copy</button></div></div><ol start="3"><li>Access verification</li></ol><p>Successfully, accessed test.com with TLSv1.2:</p><div class="codeBlockContainer_EiTO"><div class="codeBlockContent_X2I6 shell"><pre tabindex="0" class="prism-code language-shell codeBlock_UxnK thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_W6UD"><span class="token-line" style="color:#393A34"><span class="token plain">$ </span><span class="token function" style="color:#d73a49">curl</span><span class="token plain"> --tls-max </span><span class="token number" style="color:#36acaa">1.2</span><span class="token plain"> --tlsv1.2 https://test.com:9443 -v -k -I</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Trying </span><span class="token number" style="color:#36acaa">127.0</span><span class="token plain">.0.1:9443</span><span class="token punctuation" style="color:#393A34">..</span><span class="token plain">.</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Connected to test.com </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">127.0</span><span class="token plain">.0.1</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain"> port </span><span class="token number" style="color:#36acaa">9443</span><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">(</span><span class="token comment" style="color:#999988;font-style:italic">#0)</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* ALPN, offering h2</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* ALPN, offering http/1.1</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* successfully </span><span class="token builtin class-name">set</span><span class="token plain"> certificate verify locations:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* CAfile: /etc/ssl/certs/ca-certificates.crt</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* CApath: /etc/ssl/certs</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.2 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">OUT</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Client hello </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">1</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.2 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Server hello </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">2</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.2 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Certificate </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">11</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.2 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Server key exchange </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">12</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.2 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Server finished </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">14</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.2 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">OUT</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Client key exchange </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">16</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.2 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">OUT</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS change cipher, Change cipher spec </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">1</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.2 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">OUT</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Finished </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">20</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.2 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Finished </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">20</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* ALPN, server accepted to use h2</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Server certificate:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* subject: </span><span class="token assign-left variable" style="color:#36acaa">C</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">AU</span><span class="token punctuation" style="color:#393A34">;</span><span class="token plain"> </span><span class="token assign-left variable" style="color:#36acaa">ST</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">Some-State</span><span class="token punctuation" style="color:#393A34">;</span><span class="token plain"> </span><span class="token assign-left variable" style="color:#36acaa">O</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">Internet Widgits Pty Ltd</span><span class="token punctuation" style="color:#393A34">;</span><span class="token plain"> </span><span class="token assign-left variable" style="color:#36acaa">CN</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">test.com</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* start date: Jul </span><span class="token number" style="color:#36acaa">20</span><span class="token plain"> </span><span class="token number" style="color:#36acaa">15</span><span class="token plain">:50:08 </span><span class="token number" style="color:#36acaa">2023</span><span class="token plain"> GMT</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* expire date: Jul </span><span class="token number" style="color:#36acaa">17</span><span class="token plain"> </span><span class="token number" style="color:#36acaa">15</span><span class="token plain">:50:08 </span><span class="token number" style="color:#36acaa">2033</span><span class="token plain"> GMT</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* issuer: </span><span class="token assign-left variable" style="color:#36acaa">C</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">AU</span><span class="token punctuation" style="color:#393A34">;</span><span class="token plain"> </span><span class="token assign-left variable" style="color:#36acaa">ST</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">Some-State</span><span class="token punctuation" style="color:#393A34">;</span><span class="token plain"> </span><span class="token assign-left variable" style="color:#36acaa">O</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">Internet Widgits Pty Ltd</span><span class="token punctuation" style="color:#393A34">;</span><span class="token plain"> </span><span class="token assign-left variable" style="color:#36acaa">CN</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">test.com</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* SSL certificate verify result: EE certificate key too weak </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">66</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, continuing anyway.</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Using HTTP2, server supports multi-use</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Connection state changed </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">HTTP/2 confirmed</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Copying HTTP/2 data </span><span class="token keyword" style="color:#00009f">in</span><span class="token plain"> stream buffer to connection buffer after upgrade: </span><span class="token assign-left variable" style="color:#36acaa">len</span><span class="token operator" style="color:#393A34">=</span><span class="token number" style="color:#36acaa">0</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Using Stream ID: </span><span class="token number" style="color:#36acaa">1</span><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">easy handle 0x5608905ee2e0</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"></span><span class="token operator" style="color:#393A34">&gt;</span><span class="token plain"> HEAD / HTTP/2</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"></span><span class="token operator" style="color:#393A34">&gt;</span><span class="token plain"> Host: test.com:9443</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"></span><span class="token operator" style="color:#393A34">&gt;</span><span class="token plain"> user-agent: curl/7.74.0</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"></span><span class="token operator" style="color:#393A34">&gt;</span><span class="token plain"> accept: */*</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain" style="display:inline-block"></span><br></span></code></pre><button type="button" aria-label="Copy code to clipboard" class="copyButton_V-PD clean-btn">Copy</button></div></div><p>Failed, accessed test.com with TLSv1.3:</p><div class="codeBlockContainer_EiTO"><div class="codeBlockContent_X2I6 shell"><pre tabindex="0" class="prism-code language-shell codeBlock_UxnK thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_W6UD"><span class="token-line" style="color:#393A34"><span class="token plain">$ </span><span class="token function" style="color:#d73a49">curl</span><span class="token plain"> --tls-max </span><span class="token number" style="color:#36acaa">1.3</span><span class="token plain"> --tlsv1.3 https://test.com:9443 -v -k -I</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Trying </span><span class="token number" style="color:#36acaa">127.0</span><span class="token plain">.0.1:9443</span><span class="token punctuation" style="color:#393A34">..</span><span class="token plain">.</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Connected to test.com </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">127.0</span><span class="token plain">.0.1</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain"> port </span><span class="token number" style="color:#36acaa">9443</span><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">(</span><span class="token comment" style="color:#999988;font-style:italic">#0)</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* ALPN, offering h2</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* ALPN, offering http/1.1</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* successfully </span><span class="token builtin class-name">set</span><span class="token plain"> certificate verify locations:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* CAfile: /etc/ssl/certs/ca-certificates.crt</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* CApath: /etc/ssl/certs</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.3 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">OUT</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Client hello </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">1</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.3 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS alert, protocol version </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">582</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Closing connection </span><span class="token number" style="color:#36acaa">0</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">curl: </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">35</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain"> error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain" style="display:inline-block"></span><br></span></code></pre><button type="button" aria-label="Copy code to clipboard" class="copyButton_V-PD clean-btn">Copy</button></div></div><p>Successfully, accessed test2.com with TLSv1.3:</p><div class="codeBlockContainer_EiTO"><div class="codeBlockContent_X2I6 shell"><pre tabindex="0" class="prism-code language-shell codeBlock_UxnK thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_W6UD"><span class="token-line" style="color:#393A34"><span class="token plain">$ </span><span class="token function" style="color:#d73a49">curl</span><span class="token plain"> --tls-max </span><span class="token number" style="color:#36acaa">1.3</span><span class="token plain"> --tlsv1.3 https://test2.com:9443 -v -k -I</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Trying </span><span class="token number" style="color:#36acaa">127.0</span><span class="token plain">.0.1:9443</span><span class="token punctuation" style="color:#393A34">..</span><span class="token plain">.</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Connected to test2.com </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">127.0</span><span class="token plain">.0.1</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain"> port </span><span class="token number" style="color:#36acaa">9443</span><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">(</span><span class="token comment" style="color:#999988;font-style:italic">#0)</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* ALPN, offering h2</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* ALPN, offering http/1.1</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* successfully </span><span class="token builtin class-name">set</span><span class="token plain"> certificate verify locations:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* CAfile: /etc/ssl/certs/ca-certificates.crt</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* CApath: /etc/ssl/certs</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.3 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">OUT</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Client hello </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">1</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.3 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Server hello </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">2</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.3 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Encrypted Extensions </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">8</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.3 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Certificate </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">11</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.3 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, CERT verify </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">15</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.3 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Finished </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">20</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.3 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">OUT</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS change cipher, Change cipher spec </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">1</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.3 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">OUT</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Finished </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">20</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* ALPN, server accepted to use h2</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Server certificate:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* subject: </span><span class="token assign-left variable" style="color:#36acaa">C</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">AU</span><span class="token punctuation" style="color:#393A34">;</span><span class="token plain"> </span><span class="token assign-left variable" style="color:#36acaa">ST</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">Some-State</span><span class="token punctuation" style="color:#393A34">;</span><span class="token plain"> </span><span class="token assign-left variable" style="color:#36acaa">O</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">Internet Widgits Pty Ltd</span><span class="token punctuation" style="color:#393A34">;</span><span class="token plain"> </span><span class="token assign-left variable" style="color:#36acaa">CN</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">test2.com</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* start date: Jul </span><span class="token number" style="color:#36acaa">20</span><span class="token plain"> </span><span class="token number" style="color:#36acaa">16</span><span class="token plain">:05:47 </span><span class="token number" style="color:#36acaa">2023</span><span class="token plain"> GMT</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* expire date: Jul </span><span class="token number" style="color:#36acaa">17</span><span class="token plain"> </span><span class="token number" style="color:#36acaa">16</span><span class="token plain">:05:47 </span><span class="token number" style="color:#36acaa">2033</span><span class="token plain"> GMT</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* issuer: </span><span class="token assign-left variable" style="color:#36acaa">C</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">AU</span><span class="token punctuation" style="color:#393A34">;</span><span class="token plain"> </span><span class="token assign-left variable" style="color:#36acaa">ST</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">Some-State</span><span class="token punctuation" style="color:#393A34">;</span><span class="token plain"> </span><span class="token assign-left variable" style="color:#36acaa">O</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">Internet Widgits Pty Ltd</span><span class="token punctuation" style="color:#393A34">;</span><span class="token plain"> </span><span class="token assign-left variable" style="color:#36acaa">CN</span><span class="token operator" style="color:#393A34">=</span><span class="token plain">test2.com</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* SSL certificate verify result: EE certificate key too weak </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">66</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, continuing anyway.</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Using HTTP2, server supports multi-use</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Connection state changed </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">HTTP/2 confirmed</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Copying HTTP/2 data </span><span class="token keyword" style="color:#00009f">in</span><span class="token plain"> stream buffer to connection buffer after upgrade: </span><span class="token assign-left variable" style="color:#36acaa">len</span><span class="token operator" style="color:#393A34">=</span><span class="token number" style="color:#36acaa">0</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Using Stream ID: </span><span class="token number" style="color:#36acaa">1</span><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">easy handle 0x55569cbe42e0</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"></span><span class="token operator" style="color:#393A34">&gt;</span><span class="token plain"> HEAD / HTTP/2</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"></span><span class="token operator" style="color:#393A34">&gt;</span><span class="token plain"> Host: test2.com:9443</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"></span><span class="token operator" style="color:#393A34">&gt;</span><span class="token plain"> user-agent: curl/7.74.0</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"></span><span class="token operator" style="color:#393A34">&gt;</span><span class="token plain"> accept: */*</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"></span><span class="token operator" style="color:#393A34">&gt;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.3 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Newsession Ticket </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">4</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.3 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Newsession Ticket </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">4</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* old SSL session ID is stale, removing</span><br></span></code></pre><button type="button" aria-label="Copy code to clipboard" class="copyButton_V-PD clean-btn">Copy</button></div></div><p>Failed, accessed test2.com with TLSv1.2:</p><div class="codeBlockContainer_EiTO"><div class="codeBlockContent_X2I6 shell"><pre tabindex="0" class="prism-code language-shell codeBlock_UxnK thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_W6UD"><span class="token-line" style="color:#393A34"><span class="token plain">$ </span><span class="token function" style="color:#d73a49">curl</span><span class="token plain"> --tls-max </span><span class="token number" style="color:#36acaa">1.2</span><span class="token plain"> --tlsv1.2 https://test2.com:9443 -v -k -I</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Trying </span><span class="token number" style="color:#36acaa">127.0</span><span class="token plain">.0.1:9443</span><span class="token punctuation" style="color:#393A34">..</span><span class="token plain">.</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Connected to test2.com </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">127.0</span><span class="token plain">.0.1</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain"> port </span><span class="token number" style="color:#36acaa">9443</span><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">(</span><span class="token comment" style="color:#999988;font-style:italic">#0)</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* ALPN, offering h2</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* ALPN, offering http/1.1</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* successfully </span><span class="token builtin class-name">set</span><span class="token plain"> certificate verify locations:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* CAfile: /etc/ssl/certs/ca-certificates.crt</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* CApath: /etc/ssl/certs</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.2 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">OUT</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS handshake, Client hello </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">1</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* TLSv1.2 </span><span class="token punctuation" style="color:#393A34">(</span><span class="token plain">IN</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">, TLS alert, protocol version </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">582</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain">:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">* Closing connection </span><span class="token number" style="color:#36acaa">0</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">curl: </span><span class="token punctuation" style="color:#393A34">(</span><span class="token number" style="color:#36acaa">35</span><span class="token punctuation" style="color:#393A34">)</span><span class="token plain"> error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version</span><br></span></code></pre><button type="button" aria-label="Copy code to clipboard" class="copyButton_V-PD clean-btn">Copy</button></div></div></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="/edit#https://github.com/apache/apisix/edit/release/3.11/docs/en/latest/ssl-protocol.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_mS5F" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_mt2f"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages navigation"><div class="pagination-nav__item"><a class="pagination-nav__link" href="/docs/apisix/3.11/profile/"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">« Configuration based on environments</div></a></div><div class="pagination-nav__item pagination-nav__item--next"><a class="pagination-nav__link" href="/docs/apisix/3.11/http3/"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">HTTP/3 Protocol »</div></a></div></nav></div></div><div class="col col--3"><div class="tableOfContents_vrFS thin-scrollbar"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#ssl_protocols-configuration" class="table-of-contents__link">ssl_protocols Configuration</a><ul><li><a href="#static-configuration" class="table-of-contents__link">Static Configuration</a></li><li><a href="#dynamic-configuration" class="table-of-contents__link">Dynamic Configuration</a></li><li><a href="#notes" class="table-of-contents__link">Notes</a></li></ul></li><li><a href="#examples" class="table-of-contents__link">Examples</a><ul><li><a href="#how-to-specify-the-tlsv11-protocol" class="table-of-contents__link">How to specify the TLSv1.1 protocol</a></li><li><a href="#certificates-are-associated-with-multiple-domains-but-different-tls-protocols-are-used-between-domains" class="table-of-contents__link">Certificates are associated with multiple domains, but different TLS protocols are used between domains</a></li></ul></li></ul></div></div></div></div></main></div></div><footer class="container_MP5Z"><div class="linksRow_iwpv"><div class="linksCol_a1ec"><div>ASF</div><ul><li class="footer__item"><a href="https://www.apache.org/" target="_blank" rel="noopener noreferrer"><span></span><span>Foundation</span></a></li><li class="footer__item"><a href="https://www.apache.org/licenses/" target="_blank" rel="noopener noreferrer"><span></span><span>License</span></a></li><li class="footer__item"><a href="https://www.apache.org/events/" target="_blank" rel="noopener noreferrer"><span></span><span>Events</span></a></li><li class="footer__item"><a href="https://www.apache.org/security/" target="_blank" rel="noopener noreferrer"><span></span><span>Security</span></a></li><li class="footer__item"><a href="https://www.apache.org/foundation/sponsorship.html" target="_blank" rel="noopener noreferrer"><span></span><span>Sponsorship</span></a></li><li class="footer__item"><a href="https://www.apache.org/foundation/thanks.html" target="_blank" rel="noopener noreferrer"><span></span><span>Thanks</span></a></li></ul></div><div class="linksCol_a1ec"><div>Community</div><ul><li class="footer__item"><a href="https://github.com/apache/apisix/issues" target="_blank" rel="noopener noreferrer"><span></span><span>GitHub</span></a></li><li class="footer__item"><a href="/docs/general/join/"><span></span><span>Slack</span></a></li><li class="footer__item"><a href="https://twitter.com/ApacheAPISIX" target="_blank" rel="noopener noreferrer"><span></span><span>Twitter</span></a></li><li class="footer__item"><a href="https://www.youtube.com/channel/UCgPD18cMhOg5rmPVnQhAC8g" target="_blank" rel="noopener noreferrer"><span></span><span>YouTube</span></a></li></ul></div><div class="linksCol_a1ec"><div>More</div><ul><li class="footer__item"><a target="_parent" href="/blog/"><span></span><span>Blog</span></a></li><li class="footer__item"><a target="_parent" href="/showcase/"><span></span><span>Showcase</span></a></li><li class="footer__item"><a target="_parent" href="/plugins/"><span></span><span>Plugin Hub</span></a></li><li class="footer__item"><a href="https://github.com/apache/apisix/milestones" target="_parent" rel="noopener noreferrer"><span></span><span>Roadmap</span></a></li></ul></div></div><div class="copyright_ZfFh"><a href="https://www.apache.org/" target="_blank" rel="noopener noreferrer"><span style="display:inline-block;width:231.25px;height:40px"></span></a><div>Copyright © 2019-2025 The Apache Software Foundation. Apache APISIX, APISIX®, Apache, the Apache feather logo, and the Apache APISIX project logo are either registered trademarks or trademarks of the Apache Software Foundation.</div></div></footer></div>
<script src="https://apisix-website-static.apiseven.com/assets/js/runtime~main.4cace94d.js"></script>
<script src="https://apisix-website-static.apiseven.com/assets/js/main.94a341ac.js"></script>
</body>
</html>