s2n-tls, originally nameds2n, is anopen-sourceC99 implementation of theTransport Layer Security (TLS) protocol developed byAmazon Web Services (AWS) and initially released in 2015. The goal was to make the code—about 6,000lines long—easier toreview than that ofOpenSSL—with 500,000 lines, 70,000 of which are involved in processing TLS.[2][3]
s2n was first released in June 2015 onGitHub.[4] AWS said that the name "s2n" stands forsignal to noise as a nod "to the almost magical act ofencryption—disguising meaningful signals, like your critical data, as seemingly random noise".[2] In 2022 AWS renamed it from s2n to s2n-tls.[5] It has been the subject of several external reviews as well aspenetration testing.[6] Galois, Inc. has conductedformal verification of components of s2n-tls.[7][8]
In 2015, independent security researchers described a variant of theLucky Thirteen attack against s2n, even though s2n included countermeasures intended to prevent timing attacks.[9] In response, Amazon's s2n team said it would removeCBC-modecipher suites and take code fromBoringSSL to replace its own CBC-mode decryption.[10] The AWS Security Blog said that the attack could not have been exploited against Amazon, AWS, or its customers, including because the cited versions of s2n had not been used in aproduction environment.[11]
In February 2017, Amazon announced that s2n was now handling 100% of SSL traffic forAmazon S3.[12]
Common TLS extensions supported by this software areServer Name Indication,Application-Layer Protocol Negotiation, andOnline Certificate Status Protocol.
s2n-tls supports the mainciphers in use today, such asAES inCBC andGCM modes,3DES, andRC4. It also provides support forperfect forward secrecy throughDiffie–Hellman orElliptic-curve Diffie–Hellmanephemeral keys.
Weaker ciphers and key exchange modes are disabled by default.[6]
Thelanguage bindings below were not developed by AWS:[13]
