AWS Security ChangesHomeSearch

AWS AmazonCloudFront documentation change

Service: AmazonCloudFront · 2026-04-01 · Documentation low

File: AmazonCloudFront/latest/DeveloperGuide/CreateURL_PHP.md

Summary

Added note about SHA256 support in PHP OpenSSL signing for CloudFront URLs

Security assessment

This change adds documentation about using OPENSSL_ALGO_SHA256 instead of default SHA1 in PHP's openssl_sign function for CloudFront URL signing. This promotes stronger cryptographic security but doesn't indicate a specific security issue being addressed.

Diff

diff --git a/AmazonCloudFront/latest/DeveloperGuide/CreateURL_PHP.md b/AmazonCloudFront/latest/DeveloperGuide/CreateURL_PHP.md
index 0a42c0c9b..15e15dcf1 100644
--- a//AmazonCloudFront/latest/DeveloperGuide/CreateURL_PHP.md
+++ b//AmazonCloudFront/latest/DeveloperGuide/CreateURL_PHP.md
@@ -16,0 +17,2 @@ Any web server that runs PHP can use this PHP example code to create policy stat
+  * In the `openssl_sign` call, note that passing `OPENSSL_ALGO_SHA256` as the fourth argument switches to SHA-256. (See also the [Create signed cookies using PHP](./signed-cookies-PHP.html) for a full example.)
+