Skip to content

Amazon Simple Email Service is ending support for Signature Version 3 effective September 30, 2020

edited July 2020 in Questions

Today I received this email from AWS:

Hello,

Amazon Web Services currently supports Amazon Simple Email Service (Amazon SES) API requests that are signed using either Signature Version 3 or Signature Version 4 processes. Signature Version 4 offers enhanced security for authentication and authorization of Amazon SES customers by using a signing key instead of your secret access key.

To enhance the security of Amazon SES customers, beginning October 1, 2020, support for Signature Version 3 will be turned off (deprecated) in Amazon SES, and only Signature Version 4 will be supported going forward. Amazon SES customers who are currently using Signature Version 3 must migrate to Signature Version 4 by September 30, 2020. After that, Amazon SES will only accept requests that are signed using Signature Version 4. For more information, see the Signature Version 4 signing process [1] in the AWS General Reference.

You can easily identify API requests that use Signature Version 3 by looking at the request headers. Requests that use the Signature Version 3 resemble the following example:

X-Amzn-Authorization: AWS3-HTTPS AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE,Algorithm=HMACSHA256,Signature=lBP67vCvGl...

What happens if I don't make updates?

Requests signed with Signature Version 3 that are made after September 30, 2020 will fail to authenticate with Amazon SES. Requesters will receive an InvalidClientTokenId sender error, stating the security token included in the request is invalid. For more information, see Authenticating requests to the Amazon SES API [2] in the Amazon SES Developer Guide.

References:
[1] https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
[2] https://docs.aws.amazon.com/ses/latest/DeveloperGuide/using-ses-api-authentication.html

Sincerely,
Amazon Web Services

Should I worry about this? Does Sendy runs on v3?

This discussion has been closed.