Add TLS encryption to a C application without depending on OpenSSL or a heavier TLS library.
Build a secure HTTPS server in C with a small, auditable codebase that has been reviewed by external security vendors.
Use the Rust bindings to add TLS support to a Rust application backed by the s2n-tls native library.
| aws/s2n-tls | microshow/rxffmpeg | troydhanson/uthash | |
|---|---|---|---|
| Stars | 4,717 | 4,719 | 4,715 |
| Language | C | C | C |
| Setup difficulty | moderate | moderate | easy |
| Complexity | 4/5 | 3/5 | 2/5 |
| Audience | developer | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires a C build toolchain, integrating into an existing application means adapting the POSIX-style I/O interface to your event loop.
s2n-tls is an open-source C library from AWS that implements TLS and SSL, the protocols that encrypt traffic between a client and a server. When you visit a website over HTTPS, TLS is what protects the connection. s2n-tls provides that same capability as a library that developers can build into their own applications. The name is short for "signal to noise", referring to encryption disguising meaningful data as what looks like random noise. The design priorities are simplicity, small code size, and security. The codebase is deliberately kept compact so it can be audited: AWS commissions external security reviews on an annual basis and has had two full code-level reviews by outside vendors. The library also goes through regular static analysis, fuzz testing, and penetration testing. There are no locks or mutexes inside the library, which avoids a class of concurrency bugs. On the technical side, s2n-tls supports TLS versions from 1.0 through 1.3 as well as the older SSLv3. It supports a range of encryption algorithms including AES-128, AES-256, and ChaCha20. Several older algorithms (SSLv3, RC4, 3DES, DHE) are disabled by default for security reasons but can be enabled if backward compatibility is required. The API for choosing which cipher suites and protocol versions to support is designed to be simple: you can either pick the current recommended defaults or pin to a specific versioned preference set. The I/O interface is modeled after the POSIX socket API, so developers familiar with standard network programming will find it straightforward. It supports blocking, non-blocking, and full-duplex modes. s2n-tls is tested across a range of Linux distributions (Ubuntu, Amazon Linux, NixOS), BSD systems (OpenBSD, FreeBSD), and macOS. Rust bindings are also available. It is released under the Apache 2.0 license and is the TLS library used inside several AWS services.
An open-source C library from AWS that handles TLS and SSL encryption for network connections, designed to be small, auditable, and secure, used inside several AWS services and available with Rust bindings.
Mainly C. The stack also includes C, Rust.
Use freely for any purpose including commercial projects, keep the license and copyright notices in any distributed copies.
Setup difficulty is rated moderate, with roughly 1h+ to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.