Those responsible for Amazon Web Services – The set of cloud computing services of e-commerce giant – announced the launch of a new security tool called S2n. It is a new implementation of TLS encryption protocol (formerly called OpenSSL).
AWS uses TLS in all its AWS APIs and is also available to customers of various services such as the Elastic Load Balancing (ELB), AWS Elastic Beanstalk, Amazon CloudFront, Amazon S3, Amazon RDS, and Amazon SES.
The TLS protocol, including any optional extensions, has become very complex. OpenSSL, the reference implementation, contains over 500 thousand lines of code with at least 70 thousand of them involved to process TLS. Of course every line of code is a risk of error, but the large size also presents challenges for code audits, security reviews, performance and efficiency.
In order to simplify the implementation of TLS and as part of AWS support for secure encryption, comes this new Open Source implementation of the TLS protocol, S2n, a library designed to be small, fast, keeping simplicity as a priority.
To do this, S2n avoids options and extensions rarely used, and today weighs little more than 6,000 lines of code. Amazon has completed three external security assessments and penetration tests on S2n, a practice that will continue before integration in the coming months in AWS services.
TLS is a standard protocol and S2n and implements the functionality so that you do not need any changes in their own applications and everything will remain interoperable. Amazon stressed that S2n is not intended as a substitute for OpenSSL, with which remain committed to support through their participation in the Linux Foundation.