The code of s2n is about 6,000 lines long, compared to the 500,000 lines of OpenSSL. It has already been the subject of several external reviews as well as penetration testing. It makes a strong focus on usability and simplicity.
s2n support the main ciphers in use today, such as AES in CBC and GCM modes, 3DES and RC4. It also provides support for perfect forward secrecy through Diffie–Hellman or Elliptic curve Diffie–Hellman ephemeral keys.
The weaker ciphers and key exchange modes are disabled by default.
- Stephen Schmidt, Introducing s2n, a New Open Source TLS Implementation, on the Amazon Security Blog
- s2n : an implementation of the TLS/SSL protocols, on GitHub