Release: AWS SDK for PHP 1.4.2

Release Notes>PHP>Release: AWS SDK for PHP 1.4.2
This release adds support for several new SSL-related Elastic Load Balancing features, revokes the trust from DigiNotar's root certificate, and resolves an issue with Amazon EC2.

Details

Submitted By: RyanP
Release Date: September 2, 2011 5:17 AM GMT
Latest Version: 1.4.2
Created On: September 2, 2011 5:17 AM GMT
Last Updated: September 2, 2011 5:17 AM GMT

Download

Download the latest AWS SDK for PHP

New Features

Change Description

Configurable cipher support

You can now select a pre-defined set of ciphers or specify your own list of ciphers to use for SSL termination at the Elastic Load Balancer.

For more information, please see Elastic Load Balancing Security Features.

Back-end SSL

Application servers can now accept secure communication from the corresponding Elastic Load Balancer.

For more information, please see Elastic Load Balancing Security Features.

Secure health checks

In cases where HTTPS is required for all traffic entering the back-end server, Elastic Load Balancing can now perform health checks using HTTPS.

For more information, please see How to Create a LoadBalancer.

Back-end server authentication

You can create a white list of public keys and associate them with your back-end servers. Elastic Load Balancing authenticates your back-end servers with the public keys in your white list and communicates only with back-end servers that pass this authentication check.

For more information, please see Elastic Load Balancing Security Features.

Resolved Issues

Change Description

SSL Vulnerability

In response to Mozilla recently revoking the certificate of DigiNotar, we will are shipping an update to the AWS SDK for PHP that uses Mozilla's updated cacert.pem file which revokes the DigiNotar certificate.

For more information, please see Announcement: Potential SSL security vulnerability. Please read..

Amazon EC2

Requests made to Amazon EC2 now use the correct API version (2011-07-15).

Known Issues

Issue Description

2GB limit for 32-bit stacks

Because PHP's integer type is signed and many platforms use 32-bit integers, the AWS SDK for PHP does not correctly handle files larger than 2GB on a 32-bit stack (whereby "stack" includes CPU, OS, web server, and PHP binary). This is a well-known PHP issue.

The recommended solution is to use a 64-bit stack, such as the 64-bit Amazon Linux AMI with the latest version of PHP installed.

For more information, please see: PHP filesize: Return values. A workaround is suggested in AmazonS3::create_mpu_object() with files bigger than 2GB.

S3 Buckets containing periods

Amazon S3's SSL certificate covers domains that match *.s3.amazonaws.com. When buckets (e.g., my-bucket) are accessed using DNS-style addressing (e.g., my-bucket.s3.amazonaws.com), those SSL/HTTPS connections are covered by the certificate.

However, when a bucket name contains one or more periods (e.g., s3.my-domain.com) and is accessed using DNS-style addressing (e.g., s3.my-domain.com.s3.amazonaws.com), that SSL/HTTPS connection will fail because the certificate doesn't match.

The most secure workaround is to change the bucket name to one that does not contain periods. Less secure workarounds are to use disable_ssl() or disable_ssl_verification(). Because of the security implications, calling either of these methods will throw a warning. You can avoid the warning by adjusting your error_reporting() settings.

Expiring request signatures

When leveraging AmazonS3::create_mpu_object(), it's possible that later parts of the multipart upload will fail if the upload takes more than 15 minutes.

Too many open file connections

When leveraging AmazonS3::create_mpu_object(), it's possible that the SDK will attempt to open too many file resources at once. Because the file connection limit is not available to the PHP environment, the SDK is unable to automatically adjust the number of connections it attempts to open.

A workaround is to increase the part size so that fewer file connections are opened.

Exceptionally large batch requests

When leveraging the batch request feature to execute multiple requests in parallel, it's possible that the SDK will throw a fatal exception if a particular batch pool is exceptionally large and a service gets overloaded with requests.

This seems to be most common when attempting to send a large number of emails with the SES service.

Supported API Versions

The AWS SDK for PHP supports the following services and API versions:

Service API Version
Amazon CloudFront 2010-11-01
Amazon CloudWatch 2010-08-01
Amazon Elastic Compute Cloud (Amazon EC2) with Amazon Virtual Private Cloud (Amazon VPC) 2011-05-15
Amazon ElastiCache 2011-07-15
Amazon Elastic MapReduce (Amazon EMR) 2009-03-31
Amazon Relational Database Service (Amazon RDS) 2011-04-01
Amazon Simple Storage Service (Amazon S3) 2006-03-01
Amazon SimpleDB 2009-04-15
Amazon Simple Email Service (Amazon SES) 2010-12-01
Amazon Simple Notification Service (Amazon SNS) 2010-03-31
Amazon Simple Queue Service (Amazon SQS) 2009-02-01
Auto Scaling 2010-08-01
AWS CloudFormation 2010-05-15
AWS Elastic Beanstalk 2010-12-01
AWS Identity and Access Management 2010-05-08
AWS Import/Export 2010-06-01
AWS Security Token Service 2011-06-15
Elastic Load Balancing (ELB) 2011-08-15
©2014, Amazon Web Services, Inc. or its affiliates. All rights reserved.