Amazon has announced a new TLS implementation. From the ZDnet article:
Rather than try to cover all of SSL/TLS's full range of extensions, s2n, with its mere 6,000 lines of code, focuses only on encryption. This means that Amazon is not trying to replace OpenSSL. Schmidt wrote that "Amazon remains committed to supporting [OpenSSL] through our involvement in the Linux Foundation's Core Infrastructure Initiative."
Instead, s2n replaces the functionality of only one of OpenSSL's two main libraries: Libssl, which implements TLS. There is no s2n equivalent to libcrypto, OpenSSL's general-purpose cryptography library. Thus, s2n can take the place of "libssl," but not "libcrypto."
takyon: For comparison, about 70,000 lines of code in OpenSSL are involved in processing TLS.
(Score: 2) by frojack on Thursday July 02 2015, @03:58AM
You do have to wonder how much of those 70,000 lines are handling corner cases that have been shoveled into OpenSSL that are not needed by most applications. I'm tempted to break out a verse from the Mikado and suggest that for the most part "They never would be missed".
No, you are mistaken. I've always had this sig.
(Score: 4, Interesting) by TheRaven on Thursday July 02 2015, @07:40AM
The APIs for s2n look a lot more sane than OpenSSL (tri-state return is a horrible invention), but still have room for improvement.
sudo mod me up