Skip to main content

SSL, HTTP Proxy Security Settings

If you're in an environment using an older TTS bundle, with an older encryption, follow this guide. By default LiteLLM uses the certifi CA bundle for SSL verification, which is compatible with most modern servers. However, if you need to disable SSL verification or use a custom CA bundle, you can do so by following the steps below.

Be aware that environmental variables take precedence over the settings in the SDK.

LiteLLM uses HTTPX for network requests, unless otherwise specified.

1. Custom CA Bundle​

You can set a custom CA bundle file path using the SSL_CERT_FILE environmental variable or passing a string to the the ssl_verify setting.

import litellm
litellm.ssl_verify = "client.pem"

2. Disable SSL verification​

import litellm
litellm.ssl_verify = False

3. Lower security settings​

The ssl_security_level allows setting a lower security level for SSL connections.

import litellm
litellm.ssl_security_level = "DEFAULT@SECLEVEL=1"

4. Certificate authentication​

The SSL_CERTIFICATE environmental variable or ssl_certificate attribute allows setting a client side certificate to authenticate the client to the server.

import litellm
litellm.ssl_certificate = "/path/to/certificate.pem"

5. Use HTTP_PROXY environment variable​

Both httpx and aiohttp libraries use urllib.request.getproxies from environment variables. Before client initialization, you may set proxy (and optional SSL_CERT_FILE) by setting the environment variables:

import litellm
litellm.aiohttp_trust_env = True
export HTTPS_PROXY='http://username:password@proxy_uri:port'