AWS S3 Signature Version 2 Obsolete

Issue

  • AWS S3 signature version 2 is going to be deprecated, does it affect Liferay DXP?

Environment

  • Liferay Portal 6.2, Liferay DXP 7.0, Liferay DXP 7.1

Resolution

  • If you are using LiferayDXP, you do not need to support Liferay side basically because it supports signature version 4.

Liferay uses the AWS SDK to connect to AWS S3.
According to the official AWS website, the recommended version is 1.11.x.
The SDK version used by Liferay differs depending on the FixPack, and applying FixPack 41 or higher is the recommended version for AWS.

On the engineering side, tests were performed with FixPack41 and older versions of FixPack on buckets in regions that only supportsignature version 4.
In either case, we have confirmed that communication is possible without any particular problems.

If you are currently connected to a bucket where both signature versions 2 and 4 are available, the signature versions used in the communication may be mixed.
This is because the preferred signature version is different for each AWS region, and does not depend on the Liferay side settings.(AWS SDK will always choose the best signature version)

We do not expect any problems if Signature Version 2 becomes obsolete, but we recommend upgrading to FixPack 41 or higher if possible.
If some requirement makes it difficult to upgrade the FixPack, you can fix the signature version used to 4.

You can adjust the Java startup options by checking thisAWS official page.

Additional Information

这篇文章有帮助吗?
0 人中有 0 人觉得有帮助