Steven Collison
Steven Collison
## Problem For hardware that supports AES acceleration, AES-GCM is the preferred bulk encryption algorithm in TLS. This is primarily due to performance. For hardware that does not have AES...
This cipher, though it uses RSA key exchange is allowed under the standard[1] that these security policies conform to. RSA key exchange is not ideal, however some clients may not...
The goal of the API(s2n_config_generate_local_ticket_crypto_key) is to make it simpler for applications that want to generate a session ticket key that will be used locally on the host(not shared among...
## **Problem:** Per https://www.openssl.org/source/ , there is an alpha release available for Openssl 3.0. s2n supports builds with Openssl 1.1.1 and Openssl 1.0.2 which are supported until 2023 and 2019...
BoringSSL maintains a suite of protocol tests for their TLS library [1]. We may be able to integrate and run these tests via a "shim" test runner that is provided...
This change adds the 'C' command character to allow a user to drop the current session and reconnect to the server. It has the same behavior as the `-reconnect` option...
### Problem: s2n is deployed in environments where the clients and servers it interacts with may be running using the rust ecosystem with [rustls](https://github.com/rustls/rustls) as the TLS library. Implementation updates...
### Problem: s2n is deployed in environments where the clients and servers it interacts with may be running on Windows using the [schannel](https://learn.microsoft.com/en-us/windows-server/security/tls/tls-ssl-schannel-ssp-overview) TLS library. Implementation updates to either schannel...
The goal of this fuzzing mode would ensure we fail in a reasonable way when the underlying malloc/realloc fails. One way to approach this would be to use LD_PRELOAD. Similar...
Currently, we're using separate fields for the auth type used in client/server mode. From https://github.com/awslabs/s2n/pull/436 there was a suggestion that we should use a certificate verification flag for both client...