Amazon CloudFront now supports SHA-256 as a hash algorithm for creating signed URLs and signed cookies. SHA-256 provides an improved security posture with stronger collision detection and alignment with modern cryptographic standards, giving you stronger cryptographic signing when restricting access to content. Previously, CloudFront signed URLs and signed cookies used SHA-1 exclusively for signature generation. This feature helps you meet security and compliance requirements that mandate SHA-256 for digital signatures, while also future-proofing your content delivery workflows.
To use SHA-256, include the Hash-Algorithm=SHA256 query parameter in your signed URLs, or the CloudFront-Hash-Algorithm=SHA256 cookie attribute for signed cookies. Existing signed URLs and signed cookies that don’t specify a hash algorithm continue to use SHA-1, so this change is fully backwards compatible.
This feature is available in all edge locations where Amazon CloudFront is available. There is no additional cost to use SHA-256 signing. To learn more, see Create a signed URL using a canned policy or Set signed cookies using a canned policy in the Amazon CloudFront Developer Guide.
Categories: marketing:marchitecture/networking-and-content-delivery,general:products/amazon-cloudfront
Source: Amazon Web Services
Latest Posts
- AWS VPC Encryption Controls now available in AWS GovCloud (US) Regions
- Oracle Database@AWS launches sub-millisecond network latency for high performance applications
- Amazon CloudFront now supports SHA-256 for signed URLs and signed cookies
- AWS Managed Microsoft AD adds Multi-Region replication for Opt-In regions
