I made a custom domain rest API with API GW.
・ [GET] https: // custom domain/hoge

The above API receives a get request and passes a value to Lamdba.

However, when I actually send a request to the API, I get the following error:

Error: write EPROTO 2330254536: error: 100000f7: SSL routines: OPENSSL_internal: WRONG_VERSION_NUMBER: ../../third_party/boringssl/src/ssl/tls_record.cc: 242:

Because there was the same caseLink content
When I checked, is https useless? What is it?

If i request with http :, the result will be as follows.
Since I accessed it via https in the first place, it does not meet the requirements.

<! DOCTYPE HTML PUBLIC "-// W3C // DTD HTML 4.01 Transitional // EN" "http://www.w3.org/TR/html4/loose.dtd">
  <META HTTP-EQUIV = "Content-Type" CONTENT = "text/html;charset = iso-8859-1">
  <TITLE>ERROR: The request could not be satisfied</TITLE>
     403 ERROR

If anyone knows how to solve this phenomenon, would you please tell me?
I look forward to working with you.

  • Answer # 1

    Isn't it an OpenSSL error?
    Is the problem on the side sending the request?

    API Gateway allows you to specify the version of TLS that the requester should meet.

    Choosing the minimum TLS version for your API Gateway custom domain

    It seems that the sender of the request does not meet the settings for that version.

    Possible countermeasures

    On the API Gateway side, set the client side TLS version to be included in the target

    Update the client side that sends the request

    The latter is desirable, but if it is really difficult, the former is for the time being.
    If you're using some OSS to send your request, you may be able to support it by upgrading that version.