User Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

AWS CloudHSM Dynamic Engine for OpenSSL

The AWS CloudHSM dynamic engine for OpenSSL is an OpenSSL dynamic engine that supports the OpenSSL command line interface and EVP API operations. The dynamic engine allows applications that are integrated with OpenSSL, such as the NGINX and Apache web servers, to offload their cryptographic processing to the HSMs in your AWS CloudHSM cluster. The engine supports the following key types and ciphers:

  • RSA key generation for 2048, 3072, and 4096-bit keys.

  • RSA sign/verify.

  • RSA encrypt/decrypt.

  • Random number generation that is cryptographically secure and FIPS-validated.

For more information, see the following topic.