whatisgithub

What is s2n-tls?

aws/s2n-tls — explained in plain English

Analysis updated 2026-06-26

4,717CAudience · developerComplexity · 4/5LicenseSetup · moderate

In one sentence

An open-source C library from AWS that handles TLS and SSL encryption for network connections, designed to be small, auditable, and secure, used inside several AWS services and available with Rust bindings.

Mindmap

mindmap
  root((s2n-tls))
    What it does
      TLS encryption
      HTTPS support
      Secure connections
    Features
      TLS 1.0 to 1.3
      Small codebase
      No mutexes
    Platforms
      Linux distros
      macOS
      BSD systems
    Use cases
      Secure C apps
      AWS services
      Rust TLS bindings
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Add TLS encryption to a C application without depending on OpenSSL or a heavier TLS library.

USE CASE 2

Build a secure HTTPS server in C with a small, auditable codebase that has been reviewed by external security vendors.

USE CASE 3

Use the Rust bindings to add TLS support to a Rust application backed by the s2n-tls native library.

What is it built with?

CRust

How does it compare?

aws/s2n-tlsmicroshow/rxffmpegtroydhanson/uthash
Stars4,7174,7194,715
LanguageCCC
Setup difficultymoderatemoderateeasy
Complexity4/53/52/5
Audiencedeveloperdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 1h+

Requires a C build toolchain, integrating into an existing application means adapting the POSIX-style I/O interface to your event loop.

Use freely for any purpose including commercial projects, keep the license and copyright notices in any distributed copies.

So what is it?

s2n-tls is an open-source C library from AWS that implements TLS and SSL, the protocols that encrypt traffic between a client and a server. When you visit a website over HTTPS, TLS is what protects the connection. s2n-tls provides that same capability as a library that developers can build into their own applications. The name is short for "signal to noise", referring to encryption disguising meaningful data as what looks like random noise. The design priorities are simplicity, small code size, and security. The codebase is deliberately kept compact so it can be audited: AWS commissions external security reviews on an annual basis and has had two full code-level reviews by outside vendors. The library also goes through regular static analysis, fuzz testing, and penetration testing. There are no locks or mutexes inside the library, which avoids a class of concurrency bugs. On the technical side, s2n-tls supports TLS versions from 1.0 through 1.3 as well as the older SSLv3. It supports a range of encryption algorithms including AES-128, AES-256, and ChaCha20. Several older algorithms (SSLv3, RC4, 3DES, DHE) are disabled by default for security reasons but can be enabled if backward compatibility is required. The API for choosing which cipher suites and protocol versions to support is designed to be simple: you can either pick the current recommended defaults or pin to a specific versioned preference set. The I/O interface is modeled after the POSIX socket API, so developers familiar with standard network programming will find it straightforward. It supports blocking, non-blocking, and full-duplex modes. s2n-tls is tested across a range of Linux distributions (Ubuntu, Amazon Linux, NixOS), BSD systems (OpenBSD, FreeBSD), and macOS. Rust bindings are also available. It is released under the Apache 2.0 license and is the TLS library used inside several AWS services.

Copy-paste prompts

Prompt 1
Show me how to set up an s2n-tls server that accepts TLS 1.3 connections, with a certificate and private key loaded from files.
Prompt 2
Write a minimal C example using s2n-tls that establishes a TLS connection to a remote host and sends an HTTP GET request.
Prompt 3
How do I configure s2n-tls to disable SSLv3 and TLS 1.0 and only allow TLS 1.2 and 1.3 in production?
Prompt 4
Show me how to integrate s2n-tls into a non-blocking event loop using epoll in C.

Frequently asked questions

What is s2n-tls?

An open-source C library from AWS that handles TLS and SSL encryption for network connections, designed to be small, auditable, and secure, used inside several AWS services and available with Rust bindings.

What language is s2n-tls written in?

Mainly C. The stack also includes C, Rust.

What license does s2n-tls use?

Use freely for any purpose including commercial projects, keep the license and copyright notices in any distributed copies.

How hard is s2n-tls to set up?

Setup difficulty is rated moderate, with roughly 1h+ to a first successful run.

Who is s2n-tls for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.