Skip navigation
AWS Releases Open Source TLS Encryption Protocol
Rendering of an Amazon campus currently under construction in Seattle’s Denny Triangle neighborhood (Image:

AWS Releases Open Source TLS Encryption Protocol

s2n library designed to be smaller, faster, and easier to review than TLS

logo-WHIR

This article originally appeared at The WHIR

Amazon Web Services has released a new open source implementation of the TLS encryption protocol, called signal to noise (s2n). Released on Tuesday, the s2n library is designed to be smaller, faster and easier to review than TLS.

According to a blog post by Stephen Schmidt, VP and chief security officer for AWS, s2n today is “just more than 6,000 lines of code”, considerably less than OpenSSL, the most popular reference implementation, which contains more than 500,000 lines of code with 70,000 of those involved in processing TLS. He said that s2n isn’t a replacement for OpenSSL: “OpenSSL provides two main libraries: ‘libssl’, which implements TLS, and ‘libcrypto, which is a general-purpose cryptography library. Think of s2n as an analogue of ‘libssl,’ but not ‘libcrypto.’”

“The last 18 months or so has been an eventful time for the TLS protocol. Impressive cryptography analysis highlighted flaws in several TLS algorithms that are more serious than previously thought, and security research revealed issues in several software implementations of TLS,” Schmidt said. “Overall, these developments are positive and improve security, but for many they have also led to time-consuming operational events, such as software upgrades and certificate rotations.”

In March, a TLS vulnerability known as the FREAK attack was discovered, which allowed attackers to intercept HTTPS connections between clients and servers.

AWS plans to integrate s2n into several AWS services over the next few months.

The source code, documentation, commits and enhancements are all publicly available under the terms of the Apache Software License 2.0 from the s2n GitHub repository.

This first ran at http://www.thewhir.com/web-hosting-news/aws-releases-open-source-tls-encryption-protocol

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish