GnuTLS
Developer(s) | Nikos Mavrogiannopoulos, Simon Josefsson | ||||
---|---|---|---|---|---|
Stable release |
| ||||
Repository |
| ||||
Written in | C | ||||
Type | Security library | ||||
License | LGPLv2.1+ | ||||
Website | www.gnutls.org |
GnuTLS (/ˈɡnuː ˌtiː ˌɛl ˈɛs/, the GNU Transport Layer Security Library) is a free software implementation of the TLS, SSL and DTLS protocols. It offers an application programming interface (API) for applications to enable secure communication over the network transport layer, as well as interfaces to access X.509, PKCS #12, OpenPGP and other structures.
Contents
1 Features
2 History
2.1 Origin
2.2 License
2.3 Split from the GNU/FSF
3 Deployment
4 See also
5 References
6 External links
Features
GnuTLS consists of a library that allows client applications to start secure sessions using the available protocols.
It also provides command-line tools, including an X.509 certificate manager, a test client and server, and random key and password generators. As of 2011[update] administrators can configure Apache web server to use GnuTLS so as to support TLS 1.2.[2]
GnuTLS has the following features:
TLS 1.3, 1.2, TLS 1.1, TLS 1.0, and SSL 3.0 protocols
Datagram TLS (DTLS) 1.2, and DTLS 1.0, protocols
TLS-SRP: Secure remote password protocol (SRP) for TLS authentication
TLS-PSK: Pre-shared key (PSK) for TLS authentication
X.509 and OpenPGP certificate[3] handling- CPU assisted cryptography and cryptographic accelerator support (/dev/crypto), VIA PadLock and AES-NI instruction sets[4]
- Support for smart cards and for hardware security modules
- Storage of cryptographic keys in the system's Trusted Platform Module (TPM)
History
Origin
GnuTLS was initially created around March 2003[5] by Nikos Mavrogiannopoulos to allow applications of the GNU Project to use secure protocols such as TLS. Although OpenSSL already existed, OpenSSL's license is not compatible with the GPL;[6] thus software under the GPL, such as GNU software, could not use OpenSSL without making a GPL linking exception.
License
The GnuTLS library was licensed originally under the GNU Lesser General Public License v2, while included applications use the GNU General Public License.
In August 2011 the library was updated to the LGPLv3.[7] After it was noticed[8] that there were new license compatibility problems introduced, especially with other free software with the license change, after discussions the license was downgraded again to LGPLv2.1 in March 2013.[9]
Split from the GNU/FSF
Originally created for the GNU Project, its maintainer disassociated it from GNU in December 2012 after disputes with the Free Software Foundation over certain policies.[10][11]Richard Stallman objected this move and suggested forking of the project, which was ignored.[12] This step was followed by the GNU Sed maintainer Paolo Bonzini on end of December 2012 who put down his maintainership.[13]
Deployment
Software packages using GnuTLS include(d):
- GNOME
- CenterIM
Exim[14]
- Weechat
- Mutt
- Wireshark
- slrn
Lynx[14]
- CUPS
gnoMint[14]
- Emacs
- Synology DiskStation Manager
OpenConnect[15]
See also
- Comparison of TLS implementations
wolfSSL (previously CyaSSL)
mbed TLS (previously PolarSSL)- Network Security Services
References
^ ab "GnuTLS". Retrieved 17 July 2018..mw-parser-output cite.citation{font-style:inherit}.mw-parser-output .citation q{quotes:"""""""'""'"}.mw-parser-output .citation .cs1-lock-free a{background:url("//upload.wikimedia.org/wikipedia/commons/thumb/6/65/Lock-green.svg/9px-Lock-green.svg.png")no-repeat;background-position:right .1em center}.mw-parser-output .citation .cs1-lock-limited a,.mw-parser-output .citation .cs1-lock-registration a{background:url("//upload.wikimedia.org/wikipedia/commons/thumb/d/d6/Lock-gray-alt-2.svg/9px-Lock-gray-alt-2.svg.png")no-repeat;background-position:right .1em center}.mw-parser-output .citation .cs1-lock-subscription a{background:url("//upload.wikimedia.org/wikipedia/commons/thumb/a/aa/Lock-red-alt-2.svg/9px-Lock-red-alt-2.svg.png")no-repeat;background-position:right .1em center}.mw-parser-output .cs1-subscription,.mw-parser-output .cs1-registration{color:#555}.mw-parser-output .cs1-subscription span,.mw-parser-output .cs1-registration span{border-bottom:1px dotted;cursor:help}.mw-parser-output .cs1-ws-icon a{background:url("//upload.wikimedia.org/wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/12px-Wikisource-logo.svg.png")no-repeat;background-position:right .1em center}.mw-parser-output code.cs1-code{color:inherit;background:inherit;border:inherit;padding:inherit}.mw-parser-output .cs1-hidden-error{display:none;font-size:100%}.mw-parser-output .cs1-visible-error{font-size:100%}.mw-parser-output .cs1-maint{display:none;color:#33aa33;margin-left:0.3em}.mw-parser-output .cs1-subscription,.mw-parser-output .cs1-registration,.mw-parser-output .cs1-format{font-size:95%}.mw-parser-output .cs1-kern-left,.mw-parser-output .cs1-kern-wl-left{padding-left:0.2em}.mw-parser-output .cs1-kern-right,.mw-parser-output .cs1-kern-wl-right{padding-right:0.2em}
^ The GNU Transport Layer Security Library
^
RFC 6091
^ The GnuTLS Transport Layer Security Library
^ Changelog 0.0.5
^ Mark McLoughlin (2004-06-22). "The OpenSSL License and The GPL". Retrieved 2011-04-06.
^ Version 2.99.4 (released 2011-07-23)[...] ** libgnutls: license upgraded to LGPLv3
^ Mavrogiannopoulos, Nikos (2013-03-26). "The perils of LGPLv3". gnutls.org. Retrieved 2015-11-18.LGPLv3 is the latest version of the GNU Lesser General Public License. It follows the successful LGPLv2.1 license, and was released by Free Software Foundation as a counterpart to its GNU General Public License version 3. The goal of the GNU Lesser General Public Licenses is to provide software that can be used by both proprietary and free software. This goal has been successfully handled so far by LGPLv2.1, and there is a multitude of libraries using that license. Now we have LGPLv3 as the latest, and the question is how successful is LGPLv3 on this goal? In my opinion, very little. If we assume that its primary goal is to be used by free software, then it blatantly fails that.
^ 2013-03-14 Nikos Mavrogiannopoulos (nmav@gnutls.org) * COPYING.LESSER, README: gnutls 3.1.10 is LGPLv2.1
^ GnuTLS, copyright assignment, and GNU project governance on lwn.net by Michael Kerrisk (December 20, 2012)
^
Nikos Mavrogiannopoulos (2012-12-18). "gnutls is moving". Retrieved 2012-12-11.
^ GNUTLS is not going anywhere on lists.gnu.org "you cannot take GNUTLS out of the GNU Project." (11 Dec 2012)
^ Subject: GNU sed 4.2.2 released, and a rant from the maintainer Archived January 7, 2016, at the Wayback Machine on gmane.comp.lang.smalltalk.gnu.general by Paolo Bonzini (on 2012-12-22)
^ abc "GnuTLS - GNU Project - Free Software Foundation (FSF)". Free Software Foundation. 22 May 2010. Archived from the original on 31 May 2010. Retrieved 25 January 2015.
^ "OpenConnect VPN client technical details".
External links
Official website
GNU Friends - An Interview with GNU TLS developer Nikos Mavroyanopoulos – a 2003 interview
Fellowship interview with Simon Josefsson – a 2009 interview