put-bucket-https-config用于为存储空间(Bucket)开启或关闭TLS版本设置。
注意事项
阿里云账号默认拥有为Bucket开启或关闭TLS版本设置的权限。如果您需要通过RAM用户或者STS的方式进行开启或关闭,您必须拥有oss:PutBucketHttpsConfig权限。具体操作,请参见为RAM用户授权自定义的权限策略。
命令格式
ossutil api put-bucket-https-config --bucket value --https-configuration value [flags]参数 | 类型 | 说明 |
--bucket | string | Bucket名称。 |
--https-configuration | string | 保存Content信息列表的容器。 |
说明
put-bucket-https-config命令对应API接口PutBucketHttpsConfig。关于API中的具体参数含义,请参见PutBucketHttpsConfig。
--https-configuration
--https-configuration配置选项既支持XML语法也支持JSON语法,当选项值包含file://前缀时,表示从文件中读取配置。
XML语法:
<HttpsConfiguration> <TLS> <Enable>boolean</Enable> <TLSVersion>string</TLSVersion> ... </TLS> <CipherSuite> <Enable>true</Enable> <StrongCipherSuite>false</StrongCipherSuite> <CustomCipherSuite>ECDHE-ECDSA-AES128-SHA256</CustomCipherSuite> <TLS13CustomCipherSuite>ECDHE-ECDSA-AES256-CCM8</CustomCipherSuite> </CipherSuite> </HttpsConfiguration>JSON语法:
{ "TLS": { "Enable": boolean, "TLSVersion": ["string", ...] }, "CipherSuite": { "Enable": "true", "StrongCipherSuite": "false", "CustomCipherSuite": "ECDHE-ECDSA-AES128-SHA256", "TLS13CustomCipherSuite": "ECDHE-ECDSA-AES256-CCM8" } }
说明
关于支持的全局命令行选项,请参见支持的全局命令行选项。
使用示例
为存储空间examplebucket开启TLS版本设置,TLS版本设置为TLSv1.2、TLSv1.3,并启用加密套件配置。
使用XML配置文件,https-configuration.xml内容如下:
<?xml version="1.0" encoding="UTF-8"?> <HttpsConfiguration> <TLS> <Enable>true</Enable> <TLSVersion>TLSv1.2</TLSVersion> <TLSVersion>TLSv1.3</TLSVersion> </TLS> <CipherSuite> <Enable>true</Enable> <StrongCipherSuite>false</StrongCipherSuite> <CustomCipherSuite>ECDHE-ECDSA-AES128-SHA256</CustomCipherSuite> <CustomCipherSuite>ECDHE-RSA-AES128-GCM-SHA256</CustomCipherSuite> <CustomCipherSuite>ECDHE-ECDSA-AES256-CCM8</CustomCipherSuite> <TLS13CustomCipherSuite>ECDHE-ECDSA-AES256-CCM8</CustomCipherSuite> <TLS13CustomCipherSuite>ECDHE-ECDSA-AES256-CCM8</CustomCipherSuite> <TLS13CustomCipherSuite>ECDHE-ECDSA-AES256-CCM8</CustomCipherSuite> </CipherSuite> </HttpsConfiguration>命令示例如下:
ossutil api put-bucket-https-config --bucket examplebucket --https-configuration file://https-configuration.xml使用JSON配置文件,https-configuration.json内容如下:
{ "TLS": { "Enable": "true", "TLSVersion": [ "TLSv1.2", "TLSv1.3" ] }, "CipherSuite": { "Enable": "true", "StrongCipherSuite": "false", "CustomCipherSuite": [ "ECDHE-ECDSA-AES128-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES256-CCM8" ], "TLS13CustomCipherSuite": [ "ECDHE-ECDSA-AES256-CCM8", "ECDHE-ECDSA-AES256-CCM8", "ECDHE-ECDSA-AES256-CCM8" ] } }命令示例如下:
ossutil api put-bucket-https-config --bucket examplebucket --https-configuration file://https-configuration.json使用JSON配置参数,命令示例如下:
ossutil api put-bucket-https-config --bucket examplebucket --https-configuration "{\"TLS\":{\"Enable\":\"true\",\"TLSVersion\":[\"TLSv1.2\",\"TLSv1.3\"]},\"CipherSuite\":{\"Enable\":\"true\",\"StrongCipherSuite\":\"false\",\"CustomCipherSuite\":[\"ECDHE-ECDSA-AES128-SHA256\",\"ECDHE-RSA-AES128-GCM-SHA256\",\"ECDHE-ECDSA-AES256-CCM8\"],\"TLS13CustomCipherSuite\":[\"ECDHE-ECDSA-AES256-CCM8\",\"ECDHE-ECDSA-AES256-CCM8\",\"ECDHE-ECDSA-AES256-CCM8\"]}}"
该文章对您有帮助吗?