Skip to content

Cannot create CloudFront signed urls (hardcodes no longer supported RSA-SHA1, no option to use secure RSA-SHA256) #4345

New issue
New issue
Open
Open
Cannot create CloudFront signed urls (hardcodes no longer supported RSA-SHA1, no option to use secure RSA-SHA256)#4345
Labels
bugThis issue is a bug.queuedservice-apiThis issue is due to a problem in a service API, not the SDK implementation.
@xnox

Description

@xnox
xnox
opened on Mar 6, 2026

Describe the bug

Cannot create CloudFront signed urls with RSA key use SHA1 based signatures.

These are deprecated and removed from all hardened implementations (non-fips / ietf) but also deprecated and removed from FIPS implementations (for example AmazonLinux 2023 FIPS with OpenSSL)

Regression Issue

  • Select this option if this issue appears to be a regression.

Expected Behavior

RSA signatures use SHA256

Current Behavior

RSA signatures hard-code SHA1

Reproduction Steps

Put AmazonLinux 2023 into FIPS mode
Install aws-sdk-net
Attempt to create RSA signed S3 URL

Possible Solution

Upgrade to SHA256 RSA signatures

Additional Information/Context

No response

AWS .NET SDK and/or Package version used

All

Targeted .NET Platform

All

Operating System and version

All Linux in FIPS mode

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugThis issue is a bug.queuedservice-apiThis issue is due to a problem in a service API, not the SDK implementation.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions