This article originally appeared at The WHIR
Amazon Web Services has released a new open source implementation of the TLS encryption protocol, called signal to noise (s2n). Released on Tuesday, the s2n library is designed to be smaller, faster and easier to review than TLS.
According to a blog post by Stephen Schmidt, VP and chief security officer for AWS, s2n today is “just more than 6,000 lines of code”, considerably less than OpenSSL, the most popular reference implementation, which contains more than 500,000 lines of code with 70,000 of those involved in processing TLS. He said that s2n isn’t a replacement for OpenSSL: “OpenSSL provides two main libraries: ‘libssl’, which implements TLS, and ‘libcrypto, which is a general-purpose cryptography library. Think of s2n as an analogue of ‘libssl,’ but not ‘libcrypto.’”
“The last 18 months or so has been an eventful time for the TLS protocol. Impressive cryptography analysis highlighted flaws in several TLS algorithms that are more serious than previously thought, and security research revealed issues in several software implementations of TLS,” Schmidt said. “Overall, these developments are positive and improve security, but for many they have also led to time-consuming operational events, such as software upgrades and certificate rotations.”
In March, a TLS vulnerability known as the FREAK attack was discovered, which allowed attackers to intercept HTTPS connections between clients and servers.
The source code, documentation, commits and enhancements are all publicly available under the terms of the Apache Software License 2.0 from the s2n GitHub repository.