Amazon Simple Email Service is ending support for Signature Version 3 effective September 30, 2020.

Blaine

I just received this email from Amazon, and wonder if it will impact our Sendy installation at all?

Amazon Web Services currently supports Amazon Simple Email Service (Amazon SES) API requests that are signed using either Signature Version 3 or Signature Version 4 processes. Signature Version 4 offers enhanced security for authentication and authorization of Amazon SES customers by using a signing key instead of your secret access key.

To enhance the security of Amazon SES customers, beginning October 1, 2020, support for Signature Version 3 will be turned off (deprecated) in Amazon SES, and only Signature Version 4 will be supported going forward. Amazon SES customers who are currently using Signature Version 3 must migrate to Signature Version 4 by September 30, 2020. After that, Amazon SES will only accept requests that are signed using Signature Version 4. For more information, see the Signature Version 4 signing process [1] in the AWS General Reference.

You can easily identify API requests that use Signature Version 3 by looking at the request headers. Requests that use the Signature Version 3 resemble the following example:

X-Amzn-Authorization: AWS3-HTTPS AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE,Algorithm=HMACSHA256,Signature=lBP67vCvGl...

What happens if I don't make updates?

Requests signed with Signature Version 3 that are made after September 30, 2020 will fail to authenticate with Amazon SES. Requesters will receive an InvalidClientTokenId sender error, stating the security token included in the request is invalid. For more information, see Authenticating requests to the Amazon SES API [2] in the Amazon SES Developer Guide.

References:
[1] https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
[2] https://docs.aws.amazon.com/ses/latest/DeveloperGuide/using-ses-api-authentication.html

Sincerely,
Amazon Web Services

Amazon Web Services, Inc. is a subsidiary of Amazon.com, Inc. Amazon.com is a registered trademark of Amazon.com, Inc. This message was produced and distributed by Amazon Web Services Inc., 410 Terry Ave. North, Seattle, WA 98109-5210

Ben

Hi,

Sendy uses AWS Signature Version 4 from version 4.0.4 onwards (see screenshot below).

You’re using an older version of Sendy, please update to the latest version of Sendy so you won’t be affected.

Screenshot:

https://sendy.co/forum/discussion/14863/amazon-ses-ends-support-for-039signature-v3039-update-sendy-to-the-latest-version

Thanks.

Best regards,
Ben

Blaine

Okay, thanks. I'm actually on version 4.0.9 (haven't updated to 4.1.0) yet, I'm just logged in w/an old email address for an installation I haven't been using for a years since that's what I have saved as my credentials.