aptible endpoints:tls:create
command.
123
, the Endpoint will listen for TLS traffic on port 123
, and forward it as TCP traffic to your app Containers on port 123
.
❗️ Unlike HTTP(S) Endpoints, TLS Endpoints currently do not provide Zero-Downtime Deployment. If you require Zero-Downtime Deployments for a TLS app, you’d need to architect it yourself, e.g. at the DNS level.
SSL_PROTOCOLS_OVERRIDE
: Control SSL / TLS ProtocolsSSL_PROTOCOLS_OVERRIDE
variable lets you customize the SSL Protocols allowed on your Endpoint. The format is that of Nginx’s ssl_protocols directive. Pay very close attention to the format, as a bad variable will prevent the proxies from starting.
SSL_CIPHERS_OVERRIDE
: Control ciphersDISABLE_WEAK_CIPHER_SUITES
: an opinionated policytrue
(it has to be the exact string true
) causes your Endpoint to stop accepting traffic over the SSLv3
protocol or using the RC4
cipher.
We strongly recommend setting this variable to true
on all TLS Endpoints nowadays.
SSL_PROTOCOLS_OVERRIDE
DISABLE_WEAK_CIPHER_SUITES