Amazon Web Services has just released a new bookcase open source (open source library) that implements TLS encryption using much less code than the existing OpenSSL library.
The developers named it s2n after “signal to noise,” and includes just over 6.000 lines of C code.
In comparison, let's say that OpenSSL consists of more than 500.000 code lines, and 70.000 around them compose TLS encryption.
"Of course with every line of code there is a risk of error, but large-sized code also presents more challenges of auditing, security inspections, performance and efficiency," said AWS chief security officer Stephen Schmidt in the s2n announcement post on the company's blog.
With the development of a new TLS application from scratch in a simpler library that leaves out "extensions and options that are rarely used," AWS hopes that it will be easier to find vulnerabilities in the code.
Schmidt said AWS had run three s2n security and intrusion tests from outside partners and plans to continue this practice.
The security of the OpenSSL Project is closely monitored by the 2014, when it was revealed that the Heartbleed bug allowed hackers to intercept supposedly secure communications.
Immediately after the revelation of Heartbleed vulnerability, several other critical issues were identified in OpenSSL, and some developers reported that the library is so large and complex that they do not know where to start.
The s2n library is not the replacement of OpenSSL. It only runs the TLS protocol and not the algorithms that handle the actual encryption. Schmidt said Amazon will continue to support the development of the OpenSSL cryptography library through the Foundation's core infrastructure initiative.
Over the next few months, however, Amazon plans to use s2n instead of OpenSSL to encrypt TLS across various AWS services.
Amazon Web Services has released s2n with Open Source Apache 2.0 and the code is available at GitHub.