Amazon's New SSL/TLS Implementation In 6,000 Lines of Code

bmearns writes: Amazon has announced a new library called "s2n," an open source implementation of SSL/TLS, the cryptographic security protocols behind HTTPS, SSH, SFTP, secure SMTP, and many others. Weighing in at about 6k lines of code, it's just a little more than 1% the size of OpenSSL, which is really good news in terms of security auditing and testing. OpenSSL isn't going away, and Amazon has made clear that they will continue to support it. Notably, s2n does not provide all the additional cryptographic functions that OpenSSL provides in libcrypto, it only provides the SSL/TLS functions. Further more, it implements a relatively small subset of SSL/TLS features compared to OpenSSL.

SSH / SFTP are /not/ powered by SSL/TLS

[TerraFrost]

The story summary got it wrong - SSH uses it's own distinct protocol to establish an encrypted connection and SFTP is a subsystem of SSH.

Very much unfinished

[Lumpio-]

Did anybody notice that it doesn't, for example, do client mode at all yet? Or it does, but it doesn't implement cert validation at all which makes it useless as a client at the moment and therefore client mode is disabled. That along with delegating all the actual crypto to other libraries means the entire thing doesn't actually *do* much. No wonder it's only 6kLOC.

Just a wrapper around OpenSSL functions

[punman]

Summary is misleading at best. A brief inspection of the source code reveals this is still using OpenSSL's crypto functions. So you're not getting 6k lines of source code to replace OpenSSL, as the summary implies. You're getting 6k worth of wrapper code that still uses OpenSSL and needs to be linked against OpenSSL libraries.