GnuTLS (, the GNU Transport Layer Security Library) is a

free software Free software or libre software is computer software distributed under terms that allow users to run the software for any purpose as well as to study, change, and distribute it and any adapted versions. Free software is a matter of liberty, no ...

implementation of the TLS, SSL and

DTLS Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol i ...

protocols. It offers an application programming interface (API) for applications to enable secure communication over the network

transport layer In computer networking, the transport layer is a conceptual division of methods in the layered architecture of protocols in the network stack in the Internet protocol suite and the OSI model. The protocols of this layer provide end-to-end ...

, as well as interfaces to access

X.509 In cryptography, X.509 is an International Telecommunication Union (ITU) standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secu ...

, PKCS #12,

OpenPGP Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partiti ...

and other structures.

Features

GnuTLS consists of a library that allows client applications to start secure sessions using the available protocols. It also provides command-line tools, including an X.509 certificate manager, a test client and server, and random key and password generators. GnuTLS has the following features: * TLS 1.3, TLS 1.2, TLS 1.1, TLS 1.0, and SSL 3.0 protocols * Datagram TLS (DTLS) 1.2, and DTLS 1.0, protocols *

TLS-SRP Transport Layer Security Secure Remote Password (TLS-SRP) ciphersuites are a set of cryptographic protocols that provide secure communication based on passwords, using an SRP password-authenticated key exchange. There are two classes of TLS-SRP ...

: Secure remote password protocol (SRP) for TLS authentication * TLS-PSK: Pre-shared key (PSK) for TLS authentication *

and

certificate handling * CPU assisted cryptography and cryptographic accelerator support (

/dev/crypto The OpenBSD Cryptographic Framework (OCF) is a service virtualization layer for the uniform management of cryptographic hardware by an operating system. It is part of the OpenBSD Project, having been included in the operating system since OpenBSD ...

VIA PadLock VIA PadLock is a central processing unit (CPU) instruction set extension to the x86 microprocessor instruction set architecture (ISA) found on processors produced by VIA Technologies and Zhaoxin. Introduced in 2003 with the VIA Centaur CPUs, the ...

and

AES-NI An Advanced Encryption Standard instruction set is now integrated into many processors. The purpose of the instruction set is to improve the speed and security of applications performing encryption and decryption using Advanced Encryption Standard ...

instruction sets * Support for smart cards and for hardware security modules * Storage of cryptographic keys in the system's

Trusted Platform Module Trusted Platform Module (TPM, also known as ISO/IEC 11889) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a ...

(TPM)

History

Origin

GnuTLS was initially created around March 2003 by Nikos Mavrogiannopoulos to allow applications of the

GNU Project The GNU Project () is a free software, mass collaboration project announced by Richard Stallman on September 27, 1983. Its goal is to give computer users freedom and control in their use of their computers and computing devices by collaborat ...

to use secure protocols such as TLS. Although OpenSSL already existed, OpenSSL's license is not

compatible Compatibility may refer to: Computing * Backward compatibility, in which newer devices can understand data generated by older devices * Compatibility card, an expansion card for hardware emulation of another device * Compatibility layer, compo ...

with the GPL; thus software under the GPL, such as GNU software, could not use OpenSSL without making a

GPL linking exception A GPL linking exception modifies the GNU General Public License (GPL) in a way that enables software projects which provide library code to be " linked to" the programs that use them, without applying the full terms of the GPL to the using program. ...

License

The GnuTLS library was

licensed A license (or licence) is an official permission or permit to do, use, or own something (as well as the document of that permission or permit). A license is granted by a party (licensor) to another party (licensee) as an element of an agreeme ...

originally under the

GNU Lesser General Public License The GNU Lesser General Public License (LGPL) is a free-software license published by the Free Software Foundation (FSF). The license allows developers and companies to use and integrate a software component released under the LGPL into their own ...

v2, while included applications use the

GNU General Public License The GNU General Public License (GNU GPL or simply GPL) is a series of widely used free software licenses that guarantee end users the four freedoms to run, study, share, and modify the software. The license was the first copyleft for general ...

. In August 2011 the library was updated to the LGPLv3. After it was noticed that there were new

license compatibility License compatibility is a legal framework that allows for pieces of software with different software licenses to be distributed together. The need for such a framework arises because the different licenses can contain contradictory requirement ...

problems introduced, especially with other

with the license change, after discussions the license was downgraded again to LGPLv2.1 in March 2013.

Split from GNU

GnuTLS was created for the

, but in December 2012 its maintainer, Nikos Mavrogiannopoulos, dissociated the project from GNU after policy disputes with the

Free Software Foundation The Free Software Foundation (FSF) is a 501(c)(3) non-profit organization founded by Richard Stallman on October 4, 1985, to support the free software movement, with the organization's preference for software being distributed under copyleft (" ...

Richard Stallman Richard Matthew Stallman (; born March 16, 1953), also known by his initials, rms, is an American free software movement activist and programmer. He campaigns for software to be distributed in such a manner that its users have the freedom to ...

opposed this move and suggested forking the project instead. Soon afterward, developer Paolo Bonzini ended his maintainership of GNU

Sed sed ("stream editor") is a Unix utility that parses and transforms text, using a simple, compact programming language. It was developed from 1973 to 1974 by Lee E. McMahon of Bell Labs, and is available today for most operating systems. sed w ...

and

Grep grep is a command-line utility for searching plain-text data sets for lines that match a regular expression. Its name comes from the ed command ''g/re/p'' (''globally search for a regular expression and print matching lines''), which has the sa ...

, expressing concerns similar to those of GnuTLS maintainer Mavrogiannopoulos.

Deployment

Software packages using GnuTLS include(d): * GNOME * CenterIM *

Exim Exim is a mail transfer agent (MTA) used on Unix-like operating systems. Exim is free software distributed under the terms of the GNU General Public License, and it aims to be a general and flexible mailer with extensive facilities for checking ...

* WeeChat * Mutt *

Wireshark Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 d ...

slrn slrn is a console based news client for multiple operating systems, developed by John E. Davis and others. It was originally developed in 1994 for Unix-like operating systems and VMS, and now also supports Microsoft Windows. It supports scoring ...

* Lynx *

CUPS CUPS (formerly an acronym for Common UNIX Printing System) is a modular printing system for Unix-like computer operating systems which allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs ...

gnoMint gnoMint is a free software tool for managing X.509 Certification authority, certification authorities (CAs). Its purpose is to offer an easy to use interface for creating certification authorities and all related elements including X.509 digital ...

GNU Emacs GNU Emacs is a free software text editor. It was created by GNU Project founder Richard Stallman, based on the Emacs editor developed for Unix operating systems. GNU Emacs has been a central component of the GNU project and a flagship project of ...

* Synology DiskStation Manager *

OpenConnect OpenConnect is an open-source software application for connecting to virtual private networks (VPN), which implement secure point-to-point connections. It was originally written as an open-source replacement for Cisco's proprietary AnyConnect ...

References

External links

*
GNU Friends - An Interview with GNU TLS developer Nikos Mavroyanopoulos
– a 2003 interview
Fellowship interview with Simon Josefsson
– a 2009 interview {{TLS/SSL Cryptographic software GNU Project software Free security software Transport Layer Security implementation