AWS Security ChangesHomeSearch

AWS cloudhsm medium security documentation change

Service: cloudhsm · 2025-04-11 · Security-related medium

File: cloudhsm/latest/userguide/ki-hsm2m-medium.md

Summary

Updated issue title and description to reflect FIPS 140-3 compliance requirements causing login latency, removed PBKDF2 iteration details and timeout resolution

Security assessment

Explicitly references FIPS 140-3 Level 3 compliance requirements, which are security-related standards. The change documents enhanced security measures affecting login behavior.

Diff

diff --git a/cloudhsm/latest/userguide/ki-hsm2m-medium.md b/cloudhsm/latest/userguide/ki-hsm2m-medium.md
index 9e53c189c..48f04c5a2 100644
--- a//cloudhsm/latest/userguide/ki-hsm2m-medium.md
+++ b//cloudhsm/latest/userguide/ki-hsm2m-medium.md
@@ -5 +5 @@
-Issue: Login latency increases due to increased PBKDF2 iterationsIssue: A CO using trying to set the trusted attribute of a key will fail with Client SDK 5.12.0 and earlierIssue: ECDSA verify will fail with Client SDK 5.12.0 and earlier for clusters in FIPS modeIssue: Only the PEM-formatted certificates can be registered as mtls trust anchors with CloudHSM CLIIssue: Customer applications will stop processing all requests when using mTLS with a passphrase protected client private key.Issue: User replicate fails when using the CloudHSM CLI
+Issue: Increased login latency on hsm2m.mediumIssue: A CO using trying to set the trusted attribute of a key will fail with Client SDK 5.12.0 and earlierIssue: ECDSA verify will fail with Client SDK 5.12.0 and earlier for clusters in FIPS modeIssue: Only the PEM-formatted certificates can be registered as mtls trust anchors with CloudHSM CLIIssue: Customer applications will stop processing all requests when using mTLS with a passphrase protected client private key.Issue: User replicate fails when using the CloudHSM CLI
@@ -13 +13 @@ The following issues impact all AWS CloudHSM hsm2m.medium instances.
-  * Issue: Login latency increases due to increased PBKDF2 iterations
+  * Issue: Increased login latency on hsm2m.medium
@@ -28 +28 @@ The following issues impact all AWS CloudHSM hsm2m.medium instances.
-## Issue: Login latency increases due to increased PBKDF2 iterations
+## Issue: Increased login latency on hsm2m.medium
@@ -30,3 +30 @@ The following issues impact all AWS CloudHSM hsm2m.medium instances.
-  * **Impact:** For increased security, hsm2m.medium performs 60,000 iterations of Password-Based Key Derivation Function 2 (PBKDF2) during login requests compared to 1,000 in hsm1.medium. This increase may result in an increased latency of up to 2 seconds (2s) per login request.
-
-The default timeout for the AWS CloudHSM Client SDKs is 20s. Login requests may timeout and result in an error.
+  * **Impact:** The hsm2m.medium adheres to the latest FIPS 140-3 Level 3 requirements. Logging into hsm2m.medium follows enhanced security and compliance requirements, which results in increased latency.
@@ -36,2 +33,0 @@ The default timeout for the AWS CloudHSM Client SDKs is 20s. Login requests may
-  * **Resolution status:** Future versions of the Client SDK will have an increased default timeout for login requests to account for this increased latency.
-