-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(merge-back): 2.164.1 #31910
chore(merge-back): 2.164.1 #31910
Conversation
Internal reference: D166315367 In FIPS enabled environments, the MD5 algorithm is not available for use in crypto module. However by default the S3 client is using an MD5 checksum for content integrity checking. This causes any S3 upload operation to fail with a cryptography error. We are disabling the S3 content checksums, and are re-enabling the regular SigV4 body signing. SigV4 uses SHA256 for their content checksum. This configuration matches the default behavior of the AWS SDKv3 and is a safe choice for all users. For non-FIPS users, we have verified functionality via cli-integ-tests. For FIPS users, we have manually verified `cdk deploy` is now working in a FIPS enabled environment. We have also verified the configuration with the affected customer. - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
See CHANGELOG
Some S3 APIs in SDKv2 have a bug that always requires them to use a MD5 checksum. GC is using them, so we will temporarily disable the feature in FIPS environments.
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
Pull request has been modified.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
Comments on closed issues and PRs are hard for our team to see. |
See CHANGELOG