[Feature] Add --ssl-ciphers CLI argument for TLS cipher control (#30937)

Signed-off-by: rickychen-infinirc <ricky.chen@infinirc.com>

[Feature] Add --ssl-ciphers CLI argument for TLS cipher control (#30937)
Signed-off-by: rickychen-infinirc <ricky.chen@infinirc.com>
69d09fdd · RickyChen / 陳昭儒 · GitHub · 3a63be0f · 69d09fdd · 69d09fdd
Unverified Commit 69d09fdd authored Jan 23, 2026 by RickyChen / 陳昭儒 Committed by GitHub Jan 22, 2026
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

vllm/entrypoints/openai/api_server.py vllm/entrypoints/openai/api_server.py +1 -0

vllm/entrypoints/openai/cli_args.py vllm/entrypoints/openai/cli_args.py +3 -0

No files found.
--- a/vllm/entrypoints/openai/api_server.py
+++ b/vllm/entrypoints/openai/api_server.py
@@ -961,6 +961,7 @@ async def run_server_worker(
            ssl_certfile=args.ssl_certfile,
            ssl_ca_certs=args.ssl_ca_certs,
            ssl_cert_reqs=args.ssl_cert_reqs,
+            ssl_ciphers=args.ssl_ciphers,
            h11_max_incomplete_event_size=args.h11_max_incomplete_event_size,
            h11_max_header_count=args.h11_max_header_count,
            **uvicorn_kwargs,

--- a/vllm/entrypoints/openai/cli_args.py
+++ b/vllm/entrypoints/openai/cli_args.py
@@ -132,6 +132,9 @@ class FrontendArgs:
    """Refresh SSL Context when SSL certificate files change"""
    ssl_cert_reqs: int = int(ssl.CERT_NONE)
    """Whether client certificate is required (see stdlib ssl module's)."""
+    ssl_ciphers: str | None = None
+    """SSL cipher suites for HTTPS (TLS 1.2 and below only).
+    Example: 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305'"""
    root_path: str | None = None
    """FastAPI root_path when app is behind a path based routing proxy."""
    middleware: list[str] = field(default_factory=lambda: [])