s2n - an implementation of the TLS/SSL protocols from Amazon

  •        200

s2n is a C99 implementation of the TLS/SSL protocols that is designed to be simple, small, fast, and with security as a priority. s2n implements SSLv3, TLS1.0, TLS1.1, and TLS1.2. For encryption, s2n supports 128-bit and 256-bit AES, in the CBC and GCM modes, 3DES, and RC4. For forward secrecy, s2n supports both DHE and ECDHE.

https://github.com/awslabs/s2n

Tags
Implementation
License
Platform

   




Related Projects

OpenSSL - Toolkit for SSL and TLS


The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

Cryptlib - provides Encryption and Authentication Service


cryptlib is a powerful security toolkit that allows even inexperienced crypto programmers to easily add encryption and authentication services to their software. It provides support for S/MIME and PGP/OpenPGP secure enveloping, SSL/TLS and SSH secure sessions, CA services such as CMP, SCEP, RTCS, and OCSP, and other security operations such as secure timestamping.

Nogotofail - Network Security Testing Tool


Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.

PolarSSL library - Crypto and SSL made easy


Download PolarSSL PolarSSL is an SSL library written in ANSI C. PolarSSL makes it easy for developers to include cryptographic and SSL/TLS capabilities in their (embedded) products with as little hassle as possible. It is designed to be readable, documented, tested, loosely coupled and portable. It supports Symmetric encryption algorithms, hash algorithms, RSA with PKCS and X.509 certificate, SSL and TLS.

Conscrypt - Java Security Provider that implements parts of the Java Cryptography Extension and Java Secure Socket Extension


Conscrypt is a Java Security Provider (JSP) that implements parts of the Java Cryptography Extension (JCE) and Java Secure Socket Extension (JSSE). It uses BoringSSL to provide cryptographical primitives and Transport Layer Security (TLS) for Java applications on Android and OpenJDK.The core SSL engine has borrowed liberally from the Netty project and their work on netty-tcnative, giving Conscrypt similar performance.


Botan - Crypto library for C++


Botan (Japanese for peony) is a cryptography library written in C++11. Botan's goal is to be the best option for cryptography in new C++ code by offering the tools necessary to implement a range of practical systems, such as TLS/DTLS, PKIX certificate handling, PKCS#11 and TPM hardware support, password hashing, and post quantum crypto schemes. In addition to the C++, botan has a C89 API specifically designed to be easy to call from other languages. A Python binding using ctypes is included, and several other language bindings are available.

hs-tls - TLS/SSL implementation in haskell


This library provides native Haskell TLS and SSL protocol implementation for server and client. This provides a high-level implementation of a sensitive security protocol, eliminating a common set of security issues through the use of the advanced type system, high level constructions and common Haskell features.

Ejbca - PKI Certificate Authority software


EJBCA is an enterprise class PKI Certificate Authority software. It supports SSL/TLS, Smart card logon to Windows and/or Linux, Signing and encrypting email (SMIME), Mobile PKI, Secure mobile networks and lot more.

KeyBox - Web-based SSH console that centrally manages administrative access to systems


KeyBox is an open-source web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding.

ghostunnel - A simple SSL/TLS proxy with mutual authentication for securing non-TLS services


Ghostunnel is a simple TLS proxy with mutual authentication support for securing non-TLS backend applications.Ghostunnel supports two modes, client mode and server mode. Ghostunnel in server mode runs in front of a backend server and accepts TLS-secured connections, which are then proxied to the (insecure) backend. A backend can be a TCP domain/port or a UNIX domain socket. Ghostunnel in client mode accepts (insecure) connections through a TCP or UNIX domain socket and proxies them to a TLS-secured service. In other words, ghostunnel is a replacement for stunnel.

Paramiko - The leading native Python SSHv2 protocol library.


"Paramiko" is a combination of the Esperanto words for "paranoid" and "friend". It's a module for Python 2.7/3.4+ that implements the SSH2 protocol for secure (encrypted and authenticated) connections to remote machines. Unlike SSL (aka TLS), SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced Telnet and rsh for secure access to remote shells, but the protocol also includes the ability to open arbitrary channels to remote services across the encrypted tunnel (this is how SFTP works, for example).

distcache, Distributed session caching


Distributed session caching tools and APIs, primarily for SSL/TLS servers though perhaps useful for other (non-SSL/TLS) circumstances. Also includes a self-contained network abstraction library (libnal), and the sslswamp SSL/TLS benchmark/test utility.

NetCipher - Network Security and Proxy Library for Android


NetCipher is a library for Android that provides multiple means to improve network security in mobile applications. It provides best practices TLS settings using the standard Android HTTP methods, HttpURLConnection and Apache HTTP Client, provides simple Tor integration, makes it easy to configure proxies for HTTP connections and WebView instances. IT MUST BE NOTED, that you can use this library without using Orbot/Tor, but obviously we think using strong TLS/SSL connections over Tor is just about the best thing in the world.

Tcpcrypt - Encrypting the Internet


Tcpcrypt is a protocol that attempts to encrypt (almost) all of your network traffic. Unlike other security mechanisms, Tcpcrypt works out of the box: it requires no configuration, no changes to applications, and your network connections will continue to work even if the remote end does not support Tcpcrypt, in which case connections will gracefully fall back to standard clear-text TCP.

mitmproxy - Intercept HTTP traffic for penetration testing


mitmproxy is an interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. mitmproxy is an interactive, SSL-capable intercepting proxy with a console interface. mitmdump is the command-line version of mitmproxy. Think tcpdump for HTTP. mitmweb is a web-based interface for mitmproxy.

MIHCrypto - OpenSSL wrapper for Objective-C [cryptography]


OpenSSL is the most powerful SSL and TLS library available which wraps a full cryptographic library. The library is written in pure C and due to its endless size and not-so-well-designed C interface it is very hard for beginners to step into it. The aim of the MIHCrypto library is to provide an object-oriented interface which allows developers to write simple and clean code by still using the power of the OpenSSL libCrypto library. OpenSSL is a very large library so (yet) not the whole library is wrapped by MIHCrypto. Since I am developing the library because personal needs focus of the functionallity is on modern cryptographic apporaches, but everybody is welcome to contribute other parts to the library.

cipherscan - A very simple way to find out which SSL ciphersuites are supported by a target.


Cipherscan tests the ordering of the SSL/TLS ciphers on a given target, for all major versions of SSL and TLS. It also extracts some certificates informations, TLS options, OCSP stapling and more. Cipherscan is a wrapper above the openssl s_client command line.Cipherscan is meant to run on all flavors of unix. It ships with its own built of OpenSSL for Linux/64 and Darwin/64. On other platform, it will use the openssl version provided by the operating system (which may have limited ciphers support), or your own version provided in the -o command line flag.

FluentFTP - An FTP and FTPS client for


FluentFTP is a fully managed FTP and FTPS library for .NET & .NET Standard, optimized for speed. It provides extensive FTP commands, File uploads/downloads, SSL/TLS connections, Automatic directory listing parsing, File hashing/checksums, File permissions/CHMOD, FTP proxies, UTF-8 support, Async/await support and more.It is written entirely in C#, with no external dependencies. FluentFTP is released under the permissive MIT License, so it can be used in both proprietary and free/open source applications.

lemur - Repository for the Lemur Certificate Manager


Lemur manages TLS certificate creation. While not able to issue certificates itself, Lemur acts as a broker between CAs and environments providing a central portal for developers to issue TLS certificates with 'sane' defaults.It works on CPython 3.5. We deploy on Ubuntu and develop on OS X.

Search Guard - Rock solid Elasticsearch security on all levels


Search Guard is an Elasticsearch plugin that offers encryption, authentication, and authorization. It builds on Search Guard SSL and provides pluggable authentication and authorization modules in addition. Search Guard is fully compatible with Kibana, Logstash and Beats.