In order to implement the new generation of Transport Layer Security, TLS 1.3, at Facebook, the company built a TLS library in C++ 14 called Fizz. Earlier this week, Facebook announced it was open sourcing that library.
TLS 1.3 added several new features to make Internet traffic more secure, such as encrypting handshake methods, redesigning how secret keys are derived, and a zero round-trip connection setup.
“We are excited to be open-sourcing Fizz to help speed up deployment of TLS 1.3 across the internet and help others make their apps and services faster and more secure,” Facebook wrote in a post.
According to Facebook, Fizz adds several implementation features such as support for asynchronous I/O by default. It also implements scatter/gather I/O which allows users to pass in chunked data, which Fizz will then encrypt in place, eliminating the need for extra copies of data.
In addition, it supports APIs that allow it to send data as soon as a TCP connection is established, reducing the latency of requests.
Fizz was built with security in mind. According to the company, the TLS state machine is complex and poses security challenges. In Fizz, the state machine is explicit, meaning that transitions are defined in a single place based on the messages that are received. Having everything defined in a single place makes it easier to address security issues, the company explained.
Fizz handles millions of TLS handshakes every second, while reducing both the latency and CPU utilization of services that perform trillions of requests per day, the company explained.
“Today, more than 50 percent of our internet traffic is secured with TLS 1.3, and that will continue to grow as browsers and apps add support for TLS 1.3. RFC 8446 will be published very soon, making TLS 1.3 an internet standard. Even before the RFC is published, we’re happy to show that TLS 1.3 has been successfully deployed at scale. With Fizz we’ve built a robust implementation of the next generation of TLS, and we’re excited to share it with the community so that it can be used in mobile apps, services, and load balancers. We hope the community will use Fizz and also contribute to its further evolution,” the company wrote in a post.