From Wikipedia, the free encyclopedia
Open-source implementation of TLS
s2n
is an
open-source
C99
implementation of the
Transport Layer Security
(TLS) protocol developed by
Amazon Web Services
(AWS) and released in 2015. It was developed to ensure the code?about 6,000
lines
long?would be easier to
review
than that of
OpenSSL
?with 500,000 lines, 70,000 of which are involved in processing TLS.
[2]
[3]
History
[
edit
]
s2n was released on June 30, 2015 on
GitHub
. AWS said that the name "s2n" stand for
signal to noise
as a nod "to the almost magical act of
encryption
?disguising meaningful signals, like your critical data, as seemingly random noise".
[2]
It has been the subject of several external reviews as well as
penetration testing
.
[4]
It was reportedly vulnerable to
Lucky Thirteen attack
. In response, Amazon's s2n team said it would remove
CBC-mode
cipher suites
and take code from
BoringSSL
to replace its own CBC-mode decryption.
[5]
An AWS Security Blog Post said that it did not impact Amazon, AWS, or its customers because they had never been used in a
production environment
.
[6]
In February 2017, Amazon announced that s2n was now handling 100% of SSL traffic for
Amazon S3
.
[7]
Features
[
edit
]
TLS extensions
[
edit
]
Common TLS extensions supported by this software are
Server Name Indication
,
Application-Layer Protocol Negotiation
, and
Online Certificate Status Protocol
.
Cryptography
[
edit
]
s2n
supports the main
ciphers
in use today, such as
AES
in
CBC
and
GCM
modes,
3DES
and
RC4
. It also provides support for
perfect forward secrecy
through
Diffie?Hellman
or
Elliptic-curve Diffie?Hellman
ephemeral keys
.
Weaker ciphers and key exchange modes are disabled by default.
[4]
Language bindings
[
edit
]
The
language bindings
below were not developed by AWS:
[8]
See also
[
edit
]
References
[
edit
]
|
---|
Protocols and technologies
| |
---|
Public-key infrastructure
| |
---|
See also
| |
---|
History
| |
---|
Implementations
| |
---|
Notaries
| |
---|
Vulnerabilities
| Theory
| |
---|
Cipher
| |
---|
Protocol
| |
---|
Implementation
| |
---|
|
---|