s2n - an implementation of the TLS/SSL protocols from Amazon

  •        134

s2n is a C99 implementation of the TLS/SSL protocols that is designed to be simple, small, fast, and with security as a priority. s2n implements SSLv3, TLS1.0, TLS1.1, and TLS1.2. For encryption, s2n supports 128-bit and 256-bit AES, in the CBC and GCM modes, 3DES, and RC4. For forward secrecy, s2n supports both DHE and ECDHE.

https://github.com/awslabs/s2n

Tags
Implementation
License
Platform

   




Related Projects

OpenSSL - Toolkit for SSL and TLS


The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

Cryptlib - provides Encryption and Authentication Service


cryptlib is a powerful security toolkit that allows even inexperienced crypto programmers to easily add encryption and authentication services to their software. It provides support for S/MIME and PGP/OpenPGP secure enveloping, SSL/TLS and SSH secure sessions, CA services such as CMP, SCEP, RTCS, and OCSP, and other security operations such as secure timestamping.

Nogotofail - Network Security Testing Tool


Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.

PolarSSL library - Crypto and SSL made easy


Download PolarSSL PolarSSL is an SSL library written in ANSI C. PolarSSL makes it easy for developers to include cryptographic and SSL/TLS capabilities in their (embedded) products with as little hassle as possible. It is designed to be readable, documented, tested, loosely coupled and portable. It supports Symmetric encryption algorithms, hash algorithms, RSA with PKCS and X.509 certificate, SSL and TLS.

apache-mod_nss - mod_nss - strong cryptography support for Apache using SSL/TLS library NSS


mod_nss - strong cryptography support for Apache using SSL/TLS library NSS



ssl-config - SSL configuration logic, extracted from Play's WS (for use in Akka et al).


Goal and purpose of this library is to make Play's WS library as well as Akka HTTP "secure by default". Sadly, while Java's security has been steadily improving some settings are still left up to the user, and certain algorithms which should never be used in a serious prodution system are still accepted by the default settings of the SSL/TLS infrastructure. These things are possible to fix, by providing specialized implementations and/or defining additional settings for the Java runtime to use – this is exactly the purpose of SSL Config.Additional modules offer integration with Play WS (which by default utilises the Ning Async Http Client), Akka Http and any other library which may need support from this library.

conscrypt - Conscrypt is a Java Security Provider that implements parts of the Java Cryptography Extension and Java Secure Socket Extension


Conscrypt is a Java Security Provider (JSP) that implements parts of the Java Cryptography Extension (JCE) and Java Secure Socket Extension (JSSE). It uses BoringSSL to provide cryptographical primitives and Transport Layer Security (TLS) for Java applications on Android and OpenJDK.The core SSL engine has borrowed liberally from the Netty project and their work on netty-tcnative, giving Conscrypt similar performance.

Ejbca - PKI Certificate Authority software


EJBCA is an enterprise class PKI Certificate Authority software. It supports SSL/TLS, Smart card logon to Windows and/or Linux, Signing and encrypting email (SMIME), Mobile PKI, Secure mobile networks and lot more.

KeyBox - Web-based SSH console that centrally manages administrative access to systems


KeyBox is an open-source web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding.

ghostunnel - A simple SSL/TLS proxy with mutual authentication for securing non-TLS services


Ghostunnel is a simple TLS proxy with mutual authentication support for securing non-TLS backend applications.Ghostunnel supports two modes, client mode and server mode. Ghostunnel in server mode runs in front of a backend server and accepts TLS-secured connections, which are then proxied to the (insecure) backend. A backend can be a TCP domain/port or a UNIX domain socket. Ghostunnel in client mode accepts (insecure) connections through a TCP or UNIX domain socket and proxies them to a TLS-secured service. In other words, ghostunnel is a replacement for stunnel.

openssl_before_vendor_branches


The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

LuaDist-openssl


Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a general purpose cryptography library.

clinker - SSL and TLS security checker for Firefox


SSL and TLS security checker for Firefox

evinje-EduTLS


SSL/TLS is the most common and widely used secure protocol in Internet. It is a package of more than 30 cryptographic primitives and protocols. For students studying information security it is of a crucial importance to have a good understanding of how the different parts are working. The aim of the project will be to develop an educational implementation of SSL/TLS that could be used when teaching information security. The basic idea is to create a simple protocol that encrypts communication be

distcache, Distributed session caching


Distributed session caching tools and APIs, primarily for SSL/TLS servers though perhaps useful for other (non-SSL/TLS) circumstances. Also includes a self-contained network abstraction library (libnal), and the sslswamp SSL/TLS benchmark/test utility.

opencrypto-tls - TLS/SSL Library (written by C#)


TLS/SSL Library (written by C#)

ocaml-conduit - Resolve URIs into communication channels for Async or Lwt


The `conduit` library takes care of establishing and listening for TCP and SSL/TLS connections for the Lwt and Async libraries.The reason this library exists is to provide a degree of abstractionfrom the precise SSL library used, since there are a variety of waysto bind to a library (e.g. the C FFI, or the Ctypes library), as wellas well as which library is used (just OpenSSL for now).By default, OpenSSL is used as the preferred connection library, butyou can force the use of the pure OCaml TLS

mitmproxy - Intercept HTTP traffic for penetration testing


mitmproxy is an interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. mitmproxy is an interactive, SSL-capable intercepting proxy with a console interface. mitmdump is the command-line version of mitmproxy. Think tcpdump for HTTP. mitmweb is a web-based interface for mitmproxy.

Tcpcrypt - Encrypting the Internet


Tcpcrypt is a protocol that attempts to encrypt (almost) all of your network traffic. Unlike other security mechanisms, Tcpcrypt works out of the box: it requires no configuration, no changes to applications, and your network connections will continue to work even if the remote end does not support Tcpcrypt, in which case connections will gracefully fall back to standard clear-text TCP.

keyless - CloudFlare's Keyless SSL Server Reference Implementation


The CloudFlare Keyless SSL client communicates to the server via a binaryprotocol over a mutually authenticated TLS 1.2 tunnel. Messages are in binaryformat and identified by a unique ID.Messages consist of a fixed length header, and a variable length body. Thebody of the message consists of a sequence of items in TLV (tag, length,value) messages.All messages with major version 1 will conform to the followingformat. The minor version is currently set to 0 and is reserved forcommunicating poli