GnuTLS (, the GNU Transport Layer Security Library) is a

free software Free software or libre software is computer software distributed under terms that allow users to run the software for any purpose as well as to study, change, and distribute it and any adapted versions. Free software is a matter of liberty, ...

implementation of the TLS, SSL and DTLS protocols. It offers an application programming interface (API) for applications to enable secure communication over the network

transport layer In computer networking, the transport layer is a conceptual division of methods in the layered architecture of protocols in the network stack in the Internet protocol suite and the OSI model. The protocols of this layer provide end-to-end ...

, as well as interfaces to access X.509, PKCS #12,

OpenPGP Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partiti ...

and other structures.

Features

GnuTLS consists of a library that allows client applications to start secure sessions using the available protocols. It also provides command-line tools, including an X.509 certificate manager, a test client and server, and random key and password generators. GnuTLS has the following features: *

TLS TLS may refer to: Computing * Transport Layer Security, a cryptographic protocol for secure computer network communication * Thread level speculation, an optimisation on multiprocessor CPUs * Thread-local storage, a mechanism for allocating vari ...

1.3, TLS 1.2, TLS 1.1, TLS 1.0, and SSL 3.0 protocols * Datagram TLS (DTLS) 1.2, and DTLS 1.0, protocols * TLS-SRP: Secure remote password protocol (SRP) for TLS authentication * TLS-PSK:

Pre-shared key In cryptography, a pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. Key To build a key from shared secret, the key derivation function is typically u ...

(PSK) for TLS authentication * X.509 and

certificate Certificate may refer to: * Birth certificate * Marriage certificate * Death certificate * Gift certificate * Certificate of authenticity, a document or seal certifying the authenticity of something * Certificate of deposit, or CD, a financial pro ...

handling * CPU assisted cryptography and cryptographic accelerator support ( /dev/crypto), VIA PadLock and

AES-NI An Advanced Encryption Standard instruction set is now integrated into many processors. The purpose of the instruction set is to improve the speed and security of applications performing encryption and decryption using Advanced Encryption Standard ...

instruction sets * Support for

smart card A smart card, chip card, or integrated circuit card (ICC or IC card) is a physical electronic authentication device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) c ...

s and for hardware security modules * Storage of cryptographic keys in the system's

Trusted Platform Module Trusted Platform Module (TPM, also known as ISO/IEC 11889) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a ch ...

(TPM)

History

Origin

GnuTLS was initially created around March 2003 by Nikos Mavrogiannopoulos to allow applications of the

GNU Project The GNU Project () is a free software, mass collaboration project announced by Richard Stallman on September 27, 1983. Its goal is to give computer users freedom and control in their use of their computers and Computer hardware, computing devi ...

to use secure protocols such as

. Although

OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HT ...

already existed, OpenSSL's license is not compatible with the GPL; thus software under the GPL, such as GNU software, could not use OpenSSL without making a

GPL linking exception A GPL linking exception modifies the GNU General Public License (GPL) in a way that enables software projects which provide library code to be " linked to" the programs that use them, without applying the full terms of the GPL to the using program. ...

License

The GnuTLS library was licensed originally under the

GNU Lesser General Public License The GNU Lesser General Public License (LGPL) is a free-software license published by the Free Software Foundation (FSF). The license allows developers and companies to use and integrate a software component released under the LGPL into their own ...

v2, while included applications use the

GNU General Public License The GNU General Public License (GNU GPL or simply GPL) is a series of widely used free software licenses that guarantee end user In product development, an end user (sometimes end-user) is a person who ultimately uses or is intended to ulti ...

. In August 2011 the library was updated to the LGPLv3. After it was noticed that there were new

license compatibility License compatibility is a legal framework that allows for pieces of software with different software licenses to be distributed together. The need for such a framework arises because the different licenses can contain contradictory requirement ...

problems introduced, especially with other

with the license change, after discussions the license was downgraded again to LGPLv2.1 in March 2013.

Split from GNU

GnuTLS was created for the

, but in December 2012 its maintainer, Nikos Mavrogiannopoulos, dissociated the project from GNU after policy disputes with the

Free Software Foundation The Free Software Foundation (FSF) is a 501(c)(3) non-profit organization founded by Richard Stallman on October 4, 1985, to support the free software movement, with the organization's preference for software being distributed under copyleft ("s ...

Richard Stallman Richard Matthew Stallman (; born March 16, 1953), also known by his initials, rms, is an American free software movement activist and programmer. He campaigns for software to be distributed in such a manner that its users have the freedom to u ...

opposed this move and suggested forking the project instead. Soon afterward, developer Paolo Bonzini ended his maintainership of GNU Sed and

Grep grep is a command-line utility for searching plain-text data sets for lines that match a regular expression. Its name comes from the ed command ''g/re/p'' (''globally search for a regular expression and print matching lines''), which has the sa ...

, expressing concerns similar to those of GnuTLS maintainer Mavrogiannopoulos.

Deployment

Software packages using GnuTLS include(d): * GNOME *

CenterIM __NOTOC__ Centericq is a text mode menu- and window-driven instant messaging interface that supports the ICQ, Yahoo!, AIM, MSN, IRC, XMPP, LiveJournal, and Gadu-Gadu protocols. Overview Centericq allows you to send, receive, and forward messa ...

* Exim * WeeChat *

Mutt A mutt is a mongrel (a dog of unknown ancestry). Mutt may also refer to: People * Mutt, a derogatory term for mixed-race people Nickname * Larry Black (sprinter) (1951-2006), American sprinter * Mutt Carey (1886–1948), New Orleans jazz trumpe ...

* Wireshark *

slrn slrn is a console based news client for multiple operating systems, developed by John E. Davis and others. It was originally developed in 1994 for Unix-like operating systems and VMS, and now also supports Microsoft Windows. It supports scori ...

Lynx A lynx is a type of wild cat. Lynx may also refer to: Astronomy * Lynx (constellation) * Lynx (Chinese astronomy) * Lynx X-ray Observatory, a NASA-funded mission concept for a next-generation X-ray space observatory Places Canada * Lynx, Ontar ...

* CUPS * gnoMint *

GNU Emacs GNU Emacs is a free software text editor. It was created by GNU Project founder Richard Stallman, based on the Emacs editor developed for Unix operating systems. GNU Emacs has been a central component of the GNU project and a flagship proje ...

* Synology DiskStation Manager * OpenConnect

References

External links

*
GNU Friends - An Interview with GNU TLS developer Nikos Mavroyanopoulos
– a 2003 interview
Fellowship interview with Simon Josefsson
– a 2009 interview {{TLS/SSL Cryptographic software GNU Project software Free security software Transport Layer Security implementation