Issues with S3 Encryption Type
For SFTP Gateway version 3 (specifically, versions
3.2.1), there are a number of issues with the S3 encryption types under the AWS Cloud Connection.
We are currently working on a fix, which will be included in the
3.3.0 version update coming later this month (March 2022).
SSE-S3 encryption type in SFTP Gateway refers to the default service-level encryption for the S3 service.
In AWS, there are two service-level encryption types:
Although SFTP Gateway v3 is using a S3 service-level encryption, it is using
In most cases, this will not have any significant impact. The files stored on S3 are still encrypted at rest.
However, there are two edge cases where customers will face issues:
- Custom applications trying to access files on S3 will need to be updated to specify
signature version 4(a requirement of KMS) when making API calls to AWS S3.
- Likewise, files made publicly available on S3 cannot be accessed. This is because the
signature version 4requirement cannot be met by the web browser.
If you are encountering
signature version 4 issues, your first instinct may be to work around the issue by setting the Encryption Type to
No Encryption. However, there is an issue with this setting as well at the moment.
The Java backend is running into an issue recognizing the
No Encryption type. As a result, SFTP users will encounter errors when trying to upload files.
To test whether your version is affected, click the Test Connection button at the bottom of your Cloud Connection detail page. You may see a red "X" next to the write permission.
Status of the Issues
We recognize these issues, and are currently working on fixes that are on track to be released with version
3.3.0 later this month (March 2022).