Is it possible to have a API (HTTPS), which has some endpoints (test_1, test_2) with different HTTP methods (test_1-GET,POST) while GET and POST are having different HTTPS security features. (like different cipher suites, different certificates)
I am expecting experts' idea about this. Since I am a newby, I need to verify that. What I have seen is we do that for an API.
HTTPS is HTTP over TLS. This means that the TLS session must be first successfully established before any HTTP level information are available. This means that all the information needed to establish the TLS session, i.e. certificate, protocol version, ciphers ... must be known before the HTTP method is known.
This means that it is impossible to choose the TLS features depending on the HTTP method.
