AWS cloudhsm documentation change
Summary
Updated library path, simplified configuration steps, and corrected version number
Security assessment
Configuration and path updates improve accuracy but show no security vulnerability fixes. Correct library path prevents potential misconfiguration issues.
Diff
diff --git a/cloudhsm/latest/userguide/openssl-provider-install.md b/cloudhsm/latest/userguide/openssl-provider-install.md index 22bf7602f..694892570 100644 --- a//cloudhsm/latest/userguide/openssl-provider-install.md +++ b//cloudhsm/latest/userguide/openssl-provider-install.md @@ -85 +85 @@ Install the OpenSSL Provider for Ubuntu 24.04 on ARM64 architecture: -You have installed the shared library for the OpenSSL Provider at `/opt/cloudhsm/lib/cloudhsm.so`. +You have installed the shared library for the OpenSSL Provider at `/opt/cloudhsm/lib/licloudhsm_openssl_provider.so`. @@ -120 +120 @@ Replace `/etc/pki/tls/openssl.cnf` with the path from the previous step if diffe - 3. Add the following sections to your copied `example-cloudhsm-openssl.cnf` file: + 3. Add or update the `[provider_sect]` section in your copied `example-cloudhsm-openssl.cnf` file: @@ -122,4 +121,0 @@ Replace `/etc/pki/tls/openssl.cnf` with the path from the previous step if diffe - # NOTE: This should point to the system default openssl config file. - .include /etc/ssl/openssl.cnf - - # Override the existing provider_section to include AWS CloudHSM OpenSSL Provider @@ -127,2 +122,0 @@ Replace `/etc/pki/tls/openssl.cnf` with the path from the previous step if diffe - # Include AWS CloudHSM CloudHSM OpenSSL provider - # cloudhsm is the name of the provider. This is the same as file name for /usr/lib64/ossl-modules/cloudhsm.so @@ -131,0 +126,2 @@ Replace `/etc/pki/tls/openssl.cnf` with the path from the previous step if diffe + 4. Add the CloudHSM provider section and ensure the default provider is activated: + @@ -138 +134 @@ Replace `/etc/pki/tls/openssl.cnf` with the path from the previous step if diffe - 4. Set the OPENSSL_CONF environment variable to point to your updated configuration file and verify the provider is loaded: + 5. Set the OPENSSL_CONF environment variable to point to your updated configuration file and verify the provider is loaded: @@ -148 +144 @@ You should see both the default provider and the CloudHSM provider listed: - version: 3.6.0 + version: 3.2.2