GnuTLS
Encyclopedia
GnuTLS the GNU
Transport Layer Security Library, is a free software
implementation of the SSL and TLS
protocols. Its purpose is to offer an application programming interface
(API) for applications to enable secure communication protocols over their network transport layer.
GnuTLS has the following features:
; included applications are licensed under the GNU General Public License
.
GnuTLS was initially created to allow applications of the GNU project
to use secure protocols such as TLS
. Although OpenSSL
already existed, OpenSSL's license is not compatible with the GPL; thus software under the GPL, such as GNU software, could not use OpenSSL without making a GPL linking exception
.
The list of software packages using GnuTLS includes GNOME
, CenterIM, Exim
, Weechat
, Mutt
, Slrn
, Lynx
, CUPS
and gnoMint
.
GNU
GNU is a Unix-like computer operating system developed by the GNU project, ultimately aiming to be a "complete Unix-compatible software system"...
Transport Layer Security Library, is a free software
Free software
Free software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with restrictions that only ensure that further recipients can also do...
implementation of the SSL and TLS
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
protocols. Its purpose is to offer an application programming interface
Application programming interface
An application programming interface is a source code based specification intended to be used as an interface by software components to communicate with each other...
(API) for applications to enable secure communication protocols over their network transport layer.
Features
GnuTLS consists of a library that allows client applications to start secure sessions using the available protocols, as well as of a few command line tools, including an X.509 certificate manager, test client and server, random key and password generators. Apache can now be configured to use GnuTLS so as to support TLS 1.2.GnuTLS has the following features:
- SSL 3.0, TLS 1.0, TLS 1.1 protocols and the current TLS 1.2 protocol
- Secure remote password protocolSecure remote password protocolThe Secure Remote Password protocol is a password-authenticated key agreement protocol.- Overview :The SRP protocol has a number of desirable properties: it allows a user to authenticate themselves to a server, it is resistant to dictionary attacks mounted by an eavesdropper, and it does not...
(SRP) for TLS authentication - Pre-shared keyPre-shared keyIn cryptography, a pre-shared key or PSK is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. To build a key from shared secret, the key derivation function should be used. Such systems almost always use symmetric key...
(PSK) for TLS authentication - TLS Extension mechanism
- TLS Compression
- X.509X.509In cryptography, X.509 is an ITU-T standard for a public key infrastructure and Privilege Management Infrastructure . X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation...
and OpenPGP certificatePublic key certificateIn cryptography, a public key certificate is an electronic document which uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth...
handling
License and motivation
The GnuTLS library is licensed under the GNU Lesser General Public LicenseGNU Lesser General Public License
The GNU Lesser General Public License or LGPL is a free software license published by the Free Software Foundation . It was designed as a compromise between the strong-copyleft GNU General Public License or GPL and permissive licenses such as the BSD licenses and the MIT License...
; included applications are licensed under the GNU General Public License
GNU General Public License
The GNU General Public License is the most widely used free software license, originally written by Richard Stallman for the GNU Project....
.
GnuTLS was initially created to allow applications of the GNU project
GNU Project
The GNU Project is a free software, mass collaboration project, announced on September 27, 1983, by Richard Stallman at MIT. It initiated GNU operating system development in January, 1984...
to use secure protocols such as TLS
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
. Although OpenSSL
OpenSSL
OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions...
already existed, OpenSSL's license is not compatible with the GPL; thus software under the GPL, such as GNU software, could not use OpenSSL without making a GPL linking exception
GPL linking exception
A GPL linking exception modifies the GNU General Public License to create a new, modified license. Such modified licenses enable software projects which provide library code, to be "linked to" the programs that use them, without applying the full terms of the GPL to the using program...
.
The list of software packages using GnuTLS includes GNOME
GNOME
GNOME is a desktop environment and graphical user interface that runs on top of a computer operating system. It is composed entirely of free and open source software...
, CenterIM, Exim
Exim
Exim is a mail transfer agent used on Unix-like operating systems. Exim is free software distributed under the terms of the GNU General Public License, and it aims to be a general and flexible mailer with extensive facilities for checking incoming e-mail....
, Weechat
WeeChat
WeeChat is a console IRC client, which is designed to be light and fast. It is released under the terms of the GNU General Public License 3 and has been developed since 2003. GTK+ and Qt interfaces are planned for the future....
, Mutt
Mutt (e-mail client)
Mutt is a text-based email client for Unix-like systems. It was originally written by Michael Elkins in 1995 and released under the GNU General Public License version 2 or any later version....
, Slrn
Slrn
slrn is an open source text-based news client. It was originally developed for Unix-like operating systems, but is now available for many other operating systems, including Microsoft Windows....
, Lynx
Lynx (web browser)
Lynx is a text-based web browser for use on cursor-addressable character cell terminals and is very configurable.-Usage:Browsing in Lynx consists of highlighting the chosen link using cursor keys, or having all links on a page numbered and entering the chosen link's number. Current versions support...
, CUPS
Common Unix Printing System
CUPS is a modular printing system for Unix-like computer operating systems which allows a computer to act as a print server...
and gnoMint
GnoMint
gnoMint is a free tool for managing X.509 certification authorities.Its purpose is to offer an easy to use interface for creating certification authorities and all related elements including X.509 digital certificates, certificate signing requests and certificate revocation lists.-Features:gnoMint...
.
See also
- CyaSSLCyaSSLCyaSSL is a small, portable, embedded SSL programming library targeted for use by embedded systems developers. It is an open source, implementation of SSL built in the C language. It includes SSL client libraries and an SSL server implementation as well as support for multiple API's, including...
- OpenSSLOpenSSLOpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions...
- PolarSSLPolarSSLPolarSSL is a dual licensed implementation of the SSL and TLS protocols. PolarSSL is almost entirely based on XySSL, which was written and copyrighted by French "white hat hacker" Christophe Devine. XySSL was first released on November 1, 2006 under GPL and BSD licenses...
- Network Security ServicesNetwork Security ServicesIn computing, Network Security Services comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications. NSS provides a complete open-source implementation of crypto libraries supporting SSL and S/MIME...
- Comparison of TLS ImplementationsComparison of TLS ImplementationsThe Transport Layer Security protocol provide the ability to secure communications across networks. There are several TLS implementations which are free and open source software and sometimes choosing between the available implementations can be tough...
- Transport Layer SecurityTransport Layer SecurityTransport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
External links
- GnuTLS project pages
- GnuTLS manual
- mod_gnutls: An Apache Web Server module implementing the GnuTLS library
- A 2003 interview with GNU TLS primary author Nikos Mavrogiannopoulos
- A 2009 interview with GnuTLS maintainer Simon Josefsson