Release: AWS SDK for PHP 1.4.2

Configurable cipher support

You can now select a pre-defined set of ciphers or specify your own list of ciphers to use for SSL termination at the Elastic Load Balancer.

For more information, please see Elastic Load Balancing Security Features.

Back-end SSL

Application servers can now accept secure communication from the corresponding Elastic Load Balancer.

For more information, please see Elastic Load Balancing Security Features.

Secure health checks

In cases where HTTPS is required for all traffic entering the back-end server, Elastic Load Balancing can now perform health checks using HTTPS.

For more information, please see How to Create a LoadBalancer.

Back-end server authentication

You can create a white list of public keys and associate them with your back-end servers. Elastic Load Balancing authenticates your back-end servers with the public keys in your white list and communicates only with back-end servers that pass this authentication check.

For more information, please see Elastic Load Balancing Security Features.

SSL Vulnerability

In response to Mozilla recently revoking the certificate of DigiNotar, we will are shipping an update to the AWS SDK for PHP that uses Mozilla's updated cacert.pem file which revokes the DigiNotar certificate.

For more information, please see Announcement: Potential SSL security vulnerability. Please read..

Amazon EC2

Requests made to Amazon EC2 now use the correct API version (2011-07-15).

2GB limit for 32-bit stacks

Because PHP's integer type is signed and many platforms use 32-bit integers, the AWS SDK for PHP does not correctly handle files larger than 2GB on a 32-bit stack (whereby "stack" includes CPU, OS, web server, and PHP binary). This is a well-known PHP issue.

The recommended solution is to use a 64-bit stack, such as the 64-bit Amazon Linux AMI with the latest version of PHP installed.

For more information, please see: PHP filesize: Return values. A workaround is suggested in AmazonS3::create_mpu_object() with files bigger than 2GB.

S3 Buckets containing periods

Amazon S3's SSL certificate covers domains that match *.s3.amazonaws.com. When buckets (e.g., my-bucket) are accessed using DNS-style addressing (e.g., my-bucket.s3.amazonaws.com), those SSL/HTTPS connections are covered by the certificate.

However, when a bucket name contains one or more periods (e.g., s3.my-domain.com) and is accessed using DNS-style addressing (e.g., s3.my-domain.com.s3.amazonaws.com), that SSL/HTTPS connection will fail because the certificate doesn't match.

The most secure workaround is to change the bucket name to one that does not contain periods. Less secure workarounds are to use disable_ssl() or disable_ssl_verification(). Because of the security implications, calling either of these methods will throw a warning. You can avoid the warning by adjusting your error_reporting() settings.

Expiring request signatures

When leveraging AmazonS3::create_mpu_object(), it's possible that later parts of the multipart upload will fail if the upload takes more than 15 minutes.

Too many open file connections

When leveraging AmazonS3::create_mpu_object(), it's possible that the SDK will attempt to open too many file resources at once. Because the file connection limit is not available to the PHP environment, the SDK is unable to automatically adjust the number of connections it attempts to open.

A workaround is to increase the part size so that fewer file connections are opened.

Exceptionally large batch requests

When leveraging the batch request feature to execute multiple requests in parallel, it's possible that the SDK will throw a fatal exception if a particular batch pool is exceptionally large and a service gets overloaded with requests.

This seems to be most common when attempting to send a large number of emails with the SES service.