Supported Platforms - AWS CloudHSM

Supported Platforms

This topic lists platform support for the AWS CloudHSM Client SDK. The Client SDK includes the following components:

  • The client daemon and command-line tools, cloudhsm_mgmt_util (CMU) and key_mgmt_util (KMU)

  • PKCS #11 library

  • Java Cryptographic Extension (JCE) provider

  • OpenSSL Dynamic Engine

  • Cryptography API: Next Generation (CNG) and key storage providers (KSP) for Windows

The Client SDK provides support for both Linux and Windows, but the PKCS #11 library and most of the providers included in the SDK are for Linux. Typically platform support for items in the SDK match base support, but not always. To determine platform support for a given component, first make sure the platform you want appears in the base section, then check for an exclusion or any other pertinent information in the section for the item.

Here are some things to keep in mind about platform support:

  • Base support is the same as support for the client daemon and command-line tools.

  • Any differences from the base support appear in the sections for the PKCS #11 library and providers.

  • Platform support changes over time. Earlier versions of the CloudHSM Client SDK may not support all the operating systems listed here. Use release notes to determine the operating system support for previous versions of the CloudHSM Client SDK. For more information, see Download AWS CloudHSM Client SDK.

Base Platform Support

AWS CloudHSM supports only 64-bit operating systems. Base platform support is the same as support for the client daemon and command-line tools.

Linux Support

  • Amazon Linux

  • Amazon Linux 2 1

  • CentOS 6.10+

  • CentOS 7.3+

  • CentOS 8 2

  • Red Hat Enterprise Linux (RHEL) 6.10+

  • Red Hat Enterprise Linux (RHEL) 7.3+

  • Red Hat Enterprise Linux (RHEL) 8 2

  • Ubuntu 16.04 LTS

  • Ubuntu 18.04 LTS 2

Linux support annotations

Windows Support

  • Microsoft Windows Server 2012

  • Microsoft Windows Server 2012 R2

  • Microsoft Windows Server 2016

PKCS #11 Library

The PKCS #11 library matches Linux support for the client daemon and command-line tools. For more information, see Linux Support.

JCE Provider

The JCE provider requires OpenJDK 1.8 and matches Linux support for the client daemon and command-line tools. For more information, see Linux Support.

  • Requires OpenJDK 1.8

OpenSSL Dynamic Engine

The OpenSSL Dynamic Engine requires OpenSSL 1.0.2[f+] and does not match Linux support for the client daemon and command-line tools.

  • Requires OpenSSL 1.0.2[f+]

Unsupported platforms:

  • CentOS 8

  • Red Hat Enterprise Linux (RHEL) 8

  • Ubuntu 18.04 LTS

These platforms ship with a version of OpenSSL incompatible with OpenSSL Dynamic Engine. For more information about the known issue or platform support, see Known Issues for the OpenSSL Dynamic Engine and Linux Support.

CNG and KSP Providers

The CNG and KSP providers match Windows support for the client daemon and command-line tools. For more information, see Windows Support.