AWS cloudhsm medium security documentation change
Summary
Updated issue title and description to reflect FIPS 140-3 compliance requirements causing login latency, removed PBKDF2 iteration details and timeout resolution
Security assessment
Explicitly references FIPS 140-3 Level 3 compliance requirements, which are security-related standards. The change documents enhanced security measures affecting login behavior.
Diff
diff --git a/cloudhsm/latest/userguide/ki-hsm2m-medium.md b/cloudhsm/latest/userguide/ki-hsm2m-medium.md index 9e53c189c..48f04c5a2 100644 --- a//cloudhsm/latest/userguide/ki-hsm2m-medium.md +++ b//cloudhsm/latest/userguide/ki-hsm2m-medium.md @@ -5 +5 @@ -Issue: Login latency increases due to increased PBKDF2 iterationsIssue: A CO using trying to set the trusted attribute of a key will fail with Client SDK 5.12.0 and earlierIssue: ECDSA verify will fail with Client SDK 5.12.0 and earlier for clusters in FIPS modeIssue: Only the PEM-formatted certificates can be registered as mtls trust anchors with CloudHSM CLIIssue: Customer applications will stop processing all requests when using mTLS with a passphrase protected client private key.Issue: User replicate fails when using the CloudHSM CLI +Issue: Increased login latency on hsm2m.mediumIssue: A CO using trying to set the trusted attribute of a key will fail with Client SDK 5.12.0 and earlierIssue: ECDSA verify will fail with Client SDK 5.12.0 and earlier for clusters in FIPS modeIssue: Only the PEM-formatted certificates can be registered as mtls trust anchors with CloudHSM CLIIssue: Customer applications will stop processing all requests when using mTLS with a passphrase protected client private key.Issue: User replicate fails when using the CloudHSM CLI @@ -13 +13 @@ The following issues impact all AWS CloudHSM hsm2m.medium instances. - * Issue: Login latency increases due to increased PBKDF2 iterations + * Issue: Increased login latency on hsm2m.medium @@ -28 +28 @@ The following issues impact all AWS CloudHSM hsm2m.medium instances. -## Issue: Login latency increases due to increased PBKDF2 iterations +## Issue: Increased login latency on hsm2m.medium @@ -30,3 +30 @@ The following issues impact all AWS CloudHSM hsm2m.medium instances. - * **Impact:** For increased security, hsm2m.medium performs 60,000 iterations of Password-Based Key Derivation Function 2 (PBKDF2) during login requests compared to 1,000 in hsm1.medium. This increase may result in an increased latency of up to 2 seconds (2s) per login request. - -The default timeout for the AWS CloudHSM Client SDKs is 20s. Login requests may timeout and result in an error. + * **Impact:** The hsm2m.medium adheres to the latest FIPS 140-3 Level 3 requirements. Logging into hsm2m.medium follows enhanced security and compliance requirements, which results in increased latency. @@ -36,2 +33,0 @@ The default timeout for the AWS CloudHSM Client SDKs is 20s. Login requests may - * **Resolution status:** Future versions of the Client SDK will have an increased default timeout for login requests to account for this increased latency. -