How to disable TLS v1.1 on regional API gateway

Question

I have a regional API gateway, and I want to disable the use of TLS v1 and v1.1. An answer to [another question](https://repost.aws/questions/QU0wbL8lfbTvWllCvih3OI9Q/can-we-disable-the-older-versions-of-tls-when-using-api-gateway) indicated that regional APIs are restricted to v1.2 or higher already, but I am able to call my API with TLS v1.1 using Postman. Is there a way for me to force this now? Is this part of the upcoming changes AWS is making to eliminate old TLS versions?

Accepted Answer

Hello,

The [AWS Documentation on Amazon API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/welcome.html) provides the following information for choosing a minimum TLS version.

> You can change the security policy by updating the domain name settings. To change the minimum TLS version, use one of the following commands, specifying the new TLS version (TLS_1_0 or TLS_1_2) in the securityPolicy parameter. Allow up to 60 minutes for the update to be completed.

Additional information can be found directly under [Choosing a minimum TLS version](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.html).

How to disable TLS v1.1 on regional API gateway

相關內容