GnuTLS

Template:Short description {{#invoke:Infobox|infobox}}Template:Template other{{#invoke:Check for unknown parameters | check | showblankpositional=1 | unknown = Template:Main other | preview = Page using Template:Infobox software with unknown parameter "_VALUE_"|ignoreblank=y | AsOf | author | background | bodystyle | caption | collapsetext | collapsible | developer | discontinued | engine | engines | genre | included with | language | language count | language footnote | latest preview date | latest preview version | latest release date | latest release version | latest_preview_date | latest_preview_version | latest_release_date | latest_release_version | licence | license | logo | logo alt | logo caption | logo upright | logo size | logo title | logo_alt | logo_caption | logo_upright | logo_size | logo_title | middleware | module | name | operating system | operating_system | other_names | platform | programming language | programming_language | released | replaced_by | replaces | repo | screenshot | screenshot alt | screenshot upright | screenshot size | screenshot title | screenshot_alt | screenshot_upright | screenshot_size | screenshot_title | service_name | size | standard | title | ver layout | website | qid }}Template:Main other

GnuTLS (Template:IPAc-en, the GNU Transport Layer Security Library) is a free software implementation of the TLS, SSL and DTLS protocols. It offers an application programming interface (API) for applications to enable secure communication over the network transport layer, as well as interfaces to access X.509, PKCS #12, OpenPGP and other structures.

FeaturesEdit

GnuTLS consists of a library that allows client applications to start secure sessions using the available protocols. It also provides command-line tools, including an X.509 certificate manager, a test client and server, and random key and password generators.

GnuTLS has the following features:

• TLS 1.3, TLS 1.2, TLS 1.1, TLS 1.0, and SSL 3.0 protocols
• Datagram TLS (DTLS) 1.2, and DTLS 1.0, protocols
• TLS-SRP: Secure remote password protocol (SRP) for TLS authentication
• TLS-PSK: Pre-shared key (PSK) for TLS authentication
• X.509 and OpenPGP certificate<ref>Template:IETF RFC</ref> handling
• CPU assisted cryptography and cryptographic accelerator support (/dev/crypto), VIA PadLock and AES-NI instruction sets<ref>The GnuTLS Transport Layer Security Library</ref>
• Support for smart cards and for hardware security modules
• Storage of cryptographic keys in the system's Trusted Platform Module (TPM)

HistoryEdit

OriginEdit

GnuTLS was initially created around March<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> to November<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> 2000, by Nikos Mavrogiannopoulos to allow applications of the GNU Project to use secure protocols such as TLS. Although OpenSSL already existed, OpenSSL's license is not compatible with the GPL;<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> thus software under the GPL, such as GNU software, could not use OpenSSL without making a GPL linking exception.

LicenseEdit

The GnuTLS library was licensed originally under the GNU Lesser General Public License v2, while included applications to use the GNU General Public License.

In August 2011 the library was updated to the LGPLv3.<ref>Version 2.99.4 (released 2011-07-23)[...] ** libgnutls: license upgraded to LGPLv3</ref> After it was noticed<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> that there were new license compatibility problems introduced, especially with other free software with the license change, after discussions the license was downgraded again to LGPLv2.1 in March 2013.<ref>2013-03-14 Nikos Mavrogiannopoulos ([email protected]) * COPYING.LESSER, README: gnutls 3.1.10 is LGPLv2.1</ref>

Split from GNUEdit

GnuTLS was created for the GNU Project,<ref name=":0" /><ref name=":1" /> but in December 2012 its maintainer, Nikos Mavrogiannopoulos, dissociated the project from GNU after policy disputes with the Free Software Foundation.<ref name=":0">GnuTLS, copyright assignment, and GNU project governance on lwn.net by Michael Kerrisk (December 20, 2012)</ref><ref name=":1"> {{#invoke:citation/CS1|citation |CitationClass=web }}</ref> Richard Stallman opposed this move and suggested forking the project instead.<ref>Template:Cite mailing list</ref> Soon afterward, developer Paolo Bonzini ended his maintainership of GNU Sed and Grep, expressing concerns similar to those of GnuTLS maintainer Mavrogiannopoulos.<ref>Template:Cite mailing list</ref>

DeploymentEdit

Template:More citations needed section Software packages using GnuTLS include(d):

• GNOME
• CenterIM
• Exim<ref name="programs 2010">{{#invoke:citation/CS1|citation

|CitationClass=web }}</ref>

• WeeChat
• Mutt
• Wireshark
• slrn
• Lynx<ref name="programs 2010"/>
• CUPS
• gnoMint<ref name="programs 2010"/>
• GNU Emacs
• Synology DiskStation Manager
• OpenConnect<ref>{{#invoke:citation/CS1|citation

|CitationClass=web }}</ref>

See alsoEdit

Template:Portal

• Comparison of TLS implementations
• wolfSSL (previously CyaSSL)
• mbed TLS (previously PolarSSL)
• List of free and open-source software packages
• Network Security Services

ReferencesEdit

Template:Reflist

External linksEdit

• Template:Official website
• GNU Friends - An Interview with GNU TLS developer Nikos Mavroyanopoulos – a 2003 interview
• Fellowship interview with Simon Josefsson – a 2009 interview

Template:GNU Template:Cryptographic software Template:TLS/SSL