diff --git a/codebuild/coverage/coverage.yml b/codebuild/coverage/coverage.yml
index f82a3a982..51d8b0a6f 100644
--- a/codebuild/coverage/coverage.yml
+++ b/codebuild/coverage/coverage.yml
@@ -10,5 +10,5 @@ phases:
       python: latest
   build:
     commands:
-      - pip install tox
+      - pip install "tox < 4.0"
       - tox
diff --git a/codebuild/py310/awses_local.yml b/codebuild/py310/awses_local.yml
index a60eba6d2..beb967f47 100644
--- a/codebuild/py310/awses_local.yml
+++ b/codebuild/py310/awses_local.yml
@@ -22,6 +22,6 @@ phases:
     commands:
       - pyenv install 3.10.0
       - pyenv local 3.10.0
-      - pip install tox tox-pyenv
+      - pip install "tox < 4.0"
       - cd test_vector_handlers
       - tox
diff --git a/codebuild/py310/examples.yml b/codebuild/py310/examples.yml
index 59bb42499..4d64f5c6c 100644
--- a/codebuild/py310/examples.yml
+++ b/codebuild/py310/examples.yml
@@ -20,5 +20,5 @@ phases:
     commands:
       - pyenv install 3.10.0
       - pyenv local 3.10.0
-      - pip install tox tox-pyenv
+      - pip install "tox < 4.0"
       - tox
diff --git a/codebuild/py310/integ.yml b/codebuild/py310/integ.yml
index 3346a06a2..1a2ca5022 100644
--- a/codebuild/py310/integ.yml
+++ b/codebuild/py310/integ.yml
@@ -20,5 +20,5 @@ phases:
     commands:
       - pyenv install 3.10.0
       - pyenv local 3.10.0
-      - pip install tox tox-pyenv
+      - pip install "tox < 4.0"
       - tox
diff --git a/codebuild/py37/awses_local.yml b/codebuild/py37/awses_local.yml
index 9e77d43f7..c4265fc71 100644
--- a/codebuild/py37/awses_local.yml
+++ b/codebuild/py37/awses_local.yml
@@ -22,6 +22,6 @@ phases:
     commands:
       - pyenv install 3.7.12
       - pyenv local 3.7.12
-      - pip install tox tox-pyenv
+      - pip install "tox < 4.0"
       - cd test_vector_handlers
       - tox
diff --git a/codebuild/py37/examples.yml b/codebuild/py37/examples.yml
index 57d1626df..14b220524 100644
--- a/codebuild/py37/examples.yml
+++ b/codebuild/py37/examples.yml
@@ -20,5 +20,5 @@ phases:
     commands:
       - pyenv install 3.7.12
       - pyenv local 3.7.12
-      - pip install tox tox-pyenv
+      - pip install "tox < 4.0"
       - tox
diff --git a/codebuild/py37/integ.yml b/codebuild/py37/integ.yml
index 04d24c26d..6306c20e2 100644
--- a/codebuild/py37/integ.yml
+++ b/codebuild/py37/integ.yml
@@ -20,5 +20,5 @@ phases:
     commands:
       - pyenv install 3.7.12
       - pyenv local 3.7.12
-      - pip install tox tox-pyenv
+      - pip install "tox < 4.0"
       - tox
diff --git a/codebuild/py38/awses_local.yml b/codebuild/py38/awses_local.yml
index 4e20973d4..936a9ca6c 100644
--- a/codebuild/py38/awses_local.yml
+++ b/codebuild/py38/awses_local.yml
@@ -22,6 +22,6 @@ phases:
     commands:
       - pyenv install 3.8.12
       - pyenv local 3.8.12
-      - pip install tox tox-pyenv
+      - pip install "tox < 4.0"
       - cd test_vector_handlers
       - tox
diff --git a/codebuild/py38/examples.yml b/codebuild/py38/examples.yml
index 1a8f4f826..221ad4f80 100644
--- a/codebuild/py38/examples.yml
+++ b/codebuild/py38/examples.yml
@@ -20,5 +20,5 @@ phases:
     commands:
       - pyenv install 3.8.12
       - pyenv local 3.8.12
-      - pip install tox tox-pyenv
+      - pip install "tox < 4.0"
       - tox
diff --git a/codebuild/py38/integ.yml b/codebuild/py38/integ.yml
index 28eae25fc..088a2c7ba 100644
--- a/codebuild/py38/integ.yml
+++ b/codebuild/py38/integ.yml
@@ -20,5 +20,5 @@ phases:
     commands:
       - pyenv install 3.8.12
       - pyenv local 3.8.12
-      - pip install tox tox-pyenv
+      - pip install "tox < 4.0"
       - tox
diff --git a/codebuild/py39/awses_1.7.1.yml b/codebuild/py39/awses_1.7.1.yml
index e261b5e4d..c61024409 100644
--- a/codebuild/py39/awses_1.7.1.yml
+++ b/codebuild/py39/awses_1.7.1.yml
@@ -22,6 +22,6 @@ phases:
     commands:
       - pyenv install 3.9.7
       - pyenv local 3.9.7
-      - pip install tox tox-pyenv
+      - pip install "tox < 4.0"
       - cd test_vector_handlers
       - tox
diff --git a/codebuild/py39/awses_2.0.0.yml b/codebuild/py39/awses_2.0.0.yml
index b4a6654d5..df6cd489c 100644
--- a/codebuild/py39/awses_2.0.0.yml
+++ b/codebuild/py39/awses_2.0.0.yml
@@ -22,6 +22,6 @@ phases:
     commands:
       - pyenv install 3.9.7
       - pyenv local 3.9.7
-      - pip install tox tox-pyenv
+      - pip install "tox < 4.0"
       - cd test_vector_handlers
       - tox
diff --git a/codebuild/py39/awses_latest.yml b/codebuild/py39/awses_latest.yml
index ac70cede8..0675cbb0a 100644
--- a/codebuild/py39/awses_latest.yml
+++ b/codebuild/py39/awses_latest.yml
@@ -22,6 +22,6 @@ phases:
     commands:
       - pyenv install 3.9.7
       - pyenv local 3.9.7
-      - pip install tox tox-pyenv
+      - pip install "tox < 4.0"
       - cd test_vector_handlers
       - tox
diff --git a/codebuild/py39/examples.yml b/codebuild/py39/examples.yml
index 9b1911024..6f07efcea 100644
--- a/codebuild/py39/examples.yml
+++ b/codebuild/py39/examples.yml
@@ -20,5 +20,5 @@ phases:
     commands:
       - pyenv install 3.9.7
       - pyenv local 3.9.7
-      - pip install tox tox-pyenv
+      - pip install "tox < 4.0"
       - tox
diff --git a/codebuild/py39/integ.yml b/codebuild/py39/integ.yml
index c7452e37e..1e9743e39 100644
--- a/codebuild/py39/integ.yml
+++ b/codebuild/py39/integ.yml
@@ -20,5 +20,5 @@ phases:
     commands:
       - pyenv install 3.9.7
       - pyenv local 3.9.7
-      - pip install tox tox-pyenv
+      - pip install "tox < 4.0"
       - tox
diff --git a/codebuild/release/prod-release.yml b/codebuild/release/prod-release.yml
index 1ca777732..df5afb2fc 100644
--- a/codebuild/release/prod-release.yml
+++ b/codebuild/release/prod-release.yml
@@ -10,7 +10,7 @@ env:
 phases:
   install:
     commands:
-      - pip install tox
+      - pip install "tox < 4.0"
       - pip install --upgrade pip
     runtime-versions:
       python: latest
diff --git a/codebuild/release/test-release.yml b/codebuild/release/test-release.yml
index 36452b76c..cab56a9fd 100644
--- a/codebuild/release/test-release.yml
+++ b/codebuild/release/test-release.yml
@@ -10,7 +10,7 @@ env:
 phases:
   install:
     commands:
-      - pip install tox
+      - pip install "tox < 4.0"
       - pip install --upgrade pip
     runtime-versions:
       python: latest
diff --git a/codebuild/release/validate.yml b/codebuild/release/validate.yml
index 95dfd5cb2..1043745ee 100644
--- a/codebuild/release/validate.yml
+++ b/codebuild/release/validate.yml
@@ -3,7 +3,7 @@ version: 0.2
 phases:
   install:
     commands:
-      - pip install tox
+      - pip install "tox < 4.0"
     runtime-versions:
       python: latest
   pre_build:
@@ -13,7 +13,7 @@ phases:
       - sed -i "s/aws_encryption_sdk/aws_encryption_sdk==$VERSION/" requirements-dev.txt
       - pyenv install 3.8.12
       - pyenv local 3.8.12
-      - pip install tox tox-pyenv
+      - pip install "tox < 4.0"
   build:
     commands:
       - NUM_RETRIES=3
diff --git a/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py b/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py
index b0d8a8d48..820b9e015 100644
--- a/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py
+++ b/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py
@@ -16,6 +16,7 @@
 import os
 
 import aws_encryption_sdk
+from aws_encryption_sdk.identifiers import CommitmentPolicy
 from aws_encryption_sdk.key_providers.kms import DiscoveryAwsKmsMasterKeyProvider
 from chalice import Chalice, Response
 
@@ -59,7 +60,9 @@ def basic_decrypt() -> Response:
     APP.log.debug(APP.current_request.raw_body)
 
     try:
-        client = aws_encryption_sdk.EncryptionSDKClient()
+        # The decrypt oracle needs to be able to decrypt any message
+        # it does not encrypt messages for anyone.
+        client = aws_encryption_sdk.EncryptionSDKClient(commitment_policy=CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT)
         ciphertext = APP.current_request.raw_body
         plaintext, _header = client.decrypt(source=ciphertext, key_provider=_master_key_provider())
         APP.log.debug("Plaintext:")