igor - Fotolia

Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What is the business case for the s2n TLS implementation?

Amazon Web Services purports its s2n TLS protocol creation is simpler, easier to manage and more secure than standard TLS. Expert Dan Sullivan explains.

Amazon Web Services announced that its new open source s2n implementation of the TLS protocol is more secure than standard TLS. How does s2n work and what is the use case for it in the enterprise?

Signal to Noise or s2n is an implementation of the Transport Layer Security (TLS) protocol, which is the successor protocol of SSL. TLS uses asymmetric cryptography to authenticate devices, determine a suitable symmetric encryption key for both devices, and encrypt payload data between devices.

Perhaps the most widely used implementation of TLS is OpenSSL, which gained notoriety for the Heartbleed vulnerability last year. Heartbleed allowed attackers to read the memory of devices using vulnerable versions of OpenSSL, including memory that was storing secret keys. Leading security expert and researcher Bruce Schneier called Heartbleed "catastrophic," and said "[o]n the scale of 1 to 10, this is an 11."

One of the reasons it is difficult to detect bugs and vulnerabilities in applications is the sheer volume of code that must be reviewed and analyzed. OpenSSL consists of hundreds of thousands of lines of code. One of the reasons s2n can claim to be more secure is that its implementation is much smaller, on the scale of 6,000 lines of code.

Of course, the smaller code base also means it offers fewer features. S2n implements TLS, while OpenSSL also contains support for cryptographic services, such as generating certificate-signing requests for digital certificate vendors and self-signed certificates.

With a relatively small code base, AWS is able to process more thorough and multiple security reviews, as well as vulnerability scans than would be impossible if the code base is much larger -- that is, with the same amount of resources anyway.

In the enterprise, s2n can serve the same purpose as the libssl parts of OpenSSL. The AWS implementation of TLS does not have features that correspond to OpenSSL's cryptographic library, libcrypto. Enterprises may also consider using s2n for authenticating devices and encrypting traffic over TLS. However, they may also want to continue using other features of OpenSSL, such as those that support generating self-signed certificates and certificate-signing requests.

Ask the Expert:
SearchCloudSecurity expert Dan Sullivan is ready to answer your application security questions -- submit them now. (All questions are anonymous.)

Next Steps

Go beyond SSL with TLS encryption

Learn more about using TLS encryption and TLS 1.3

This was last published in November 2015

Dig Deeper on Cloud Data Storage, Encryption and Data Protection Best Practices

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

3 comments

Send me notifications when other members comment.

Please create a username to comment.

Do you think s2n will help improve TLS security?
Cancel
Yes for encryption and cloud services
Cancel
Transport layer security implementation higher lines of code than TLS standard
Cancel

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly.com

Close