Skip to main content

TLS Termination

Overview

On HTTPS endpoints, TLS is always terminated at the ngrok edge.

This module allows you to configure the particulars of how TLS is terminated. At the moment, the only behavior that is configurable is the minimum version of TLS to support.

By default, endpoints will attempt to to use the latest supported version of TLS 1.3 but they will support clients down to a minimum version of TLS 1.2.

Example Usage

Set the minimum supported TLS version to 1.3.

info

TLS termination is not configurable via the Agent CLI

Behavior

This module allows you to configure particulars of how TLS is terminated.

On HTTPS endpoints, TLS is always terminated at the ngrok edge. The ngrok edge will attempt to use the latest supported version of TLS, TLS 1.3.

If you configure a minimum version of TLS older than the default of 1.2, be aware that older versions of TLS have known security flaws.

Reference

Configuration

ParameterDefaultDescription
Minimum TLS Version1.2The minimum version of TLS to negotiate. Clients which do not support at least this version of TLS will be unable to connect.

Upstream Headers

This module does not add any upstream headers.

Errors

This module does not return any errors.

Edges

TLS Termination is an HTTPS Edge module. It is attached directly to the Edge, it can not be configured on a per-Route basis. This is because TLS termination occurs before any HTTP multiplexing may begin.

Events

When this module is enabled, it populates the following fields in http_request_complete.v0 events.

Fields
tls.version
tls.cipher_suite

Pricing

This module is available on all plans.

Try it out

Coming Soon

This documentation is incomplete. Please check back later, we appreciate your patience.