cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Amazon announced a TLS abstraction library called s2n

From: Alessandro Ghedini <alessandro_at_ghedini.me>
Date: Tue, 30 Jun 2015 23:03:10 +0200

On mar, giu 30, 2015 at 10:46:12 +0200, Marc Hörsken wrote:
> Hello everyone,
>
> just a quick heads up that Amazon announced a TLS abstraction library called s2n:
> http://blogs.aws.amazon.com/security/post/TxCKZM94ST1S6Y/Introducing-s2n-a-New-Open-Source-TLS-Implementation <http://blogs.aws.amazon.com/security/post/TxCKZM94ST1S6Y/Introducing-s2n-a-New-Open-Source-TLS-Implementation>
> https://github.com/awslabs/s2n <https://github.com/awslabs/s2n>
>
> The TLS implementation is contained within s2n, but for the base crypto stuff it links to several crypto libraries, like OpenSSL, LibreSSL, BoringSSL, and the Apple Common Crypto framework.
>
> This reminds me a lot about our vtls efforts, even though those were at a slightly different level of abstraction. For example s2n also supports server-side TLS and has it’s own TLS implementation instead of using that of the underlying crypto library.
>
> Windows CryptoAPI or Windows Cryptography API: Next Generation (CNG) support is currently missing.
>
> Maybe curl or vtls can make use of those s2n efforts baked/supported by Amazon? I think that supporting s2n as an additional TLS backend could be a first step.
>
> What do you think?

s2n doesn't support certificate validation yet [0], so I'd say this is a bit
premature.

Cheers

[0] https://github.com/awslabs/s2n/blob/master/docs/USAGE-GUIDE.md#client-mode

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2015-06-30