The most popular and comprehensive Open Source ECM platform
Amazon TLS: Amazon Offers Simpler More-Secure Open-Source Replacement to OpenSSL
Amazon Web Services (AWS) has released an alternative cryptographic module for transmitting data across the Internet. They’re calling it “s2n“, short for “signal-to-noise”. s2n is an implementation of the Transport Layer Security (TLS) and could be a successor to OpenSSL (Open Secure Sockets Layer).
Last year a hack called Heartbleed exploited a critical vulnerability of OpenSSL, a cryptographic library used to secure communication between users and web services. OpenSSL has been used by Internet businesses like Google, Facebook, Instagram, Yahoo, Twitter and Amazon.
A key design criteria for s2n was that the code be short to make it comprehensible and auditable. At only 6000 lines of code, s2n is considerable shorter than the 70,000-line implementation of TLS by OpenSSL.
Stephen Schmidt, AWS chief security officer , said that “naturally with each line of code there is a risk of error, but the large size of OpenSSL also presents challenges for code audits, security reviews, performance, and efficiency. s2n is a library that has been designed to be small, fast, with simplicity as a priority. s2n avoids implementing rarely used options and extensions, and today is just more than 6,000 lines of code. As a result of this, we’ve found that it is easier to review s2n; we have already completed three external security evaluations and penetration tests on s2n, a practice we will be continuing. TLS is a standardized protocol and s2n already implements the functionality that we use, so this won’t require any changes in your own applications and everything will remain interoperable.”
Daniel Heacock, a consultant with c3/consulting, commented to TechTarget that “in the wake of all the security breaches over the last year, it makes sense that Amazon wants to take some ownership of the open-source security technology that the cloud so heavily relies upon. I’m really not sure about adoption, though, and I think it remains to be seen.”