Editing GnuTLS

{{Short description|Free software library implementing TLS}}
{{Infobox software
| name                   = GnuTLS
| logo                   = GNUTLS-logo.svg
| screenshot             =
| caption                =
| developer              = Nikos Mavrogiannopoulos, Simon Josefsson
| latest release version = {{wikidata|property|preferred|references|edit|Q1533305|P348|P548=Q2804309}}
| latest release date    = {{wikidata|qualifier|preferred|single|Q1533305|P348|P548=Q2804309|P577}}
| latest preview version = {{wikidata|property|preferred|references|edit|Q1533305|P348|P548=Q51930650}}
| latest preview date    = {{wikidata|qualifier|preferred|single|Q1533305|P348|P548=Q51930650|P577}}
| programming_language   = [[C (programming language)|C]], [[Assembly language|Assembly]]
| operating system       = [[Linux]], [[macOS]], [[Microsoft Windows|Windows]], [[Berkeley Software Distribution|BSD]]
| platform               = [[x86]], [[x86-64]], [[ARM architecture|ARM]]<ref>{{Cite web|title=Debian -- Details of package gnutls-bin in buster|url=https://packages.debian.org/stable/gnutls-bin|access-date=2020-06-27|website=packages.debian.org}}</ref>
| genre                  = [[Cryptography]] [[Library (computer science)|library]]
| license                = [[GNU Lesser General Public License|LGPL-2.1-or-later]]<ref>{{cite web |title=LICENSE |url=https://gitlab.com/gnutls/gnutls/blob/master/LICENSE |website=GitLab |access-date=5 September 2019}}</ref>
| website                = {{URL|https://www.gnutls.org}}
}}

'''GnuTLS''' ({{IPAc-en|ˈ|ɡ|n|uː|_|ˌ|t|iː|_|ˌ|ɛ|l|_|ˈ|ɛ|s}}, the '''GNU Transport Layer Security Library''') is a [[free software]] implementation of the [[Transport Layer Security|TLS, SSL]] and [[DTLS]] protocols. It offers an [[application programming interface]] (API) for applications to enable secure communication over the network [[transport layer]], as well as interfaces to access [[X.509]], [[PKCS 12|PKCS #12]], [[OpenPGP]] and other structures.

== Features ==
GnuTLS consists of a library that allows client applications to start secure sessions using the available protocols.
It also provides command-line tools, including an X.509 certificate manager, a test client and server, and random key and password generators.

GnuTLS has the following features:
* [[Transport Layer Security|TLS]] 1.3, TLS 1.2, TLS 1.1, TLS 1.0, and SSL 3.0 protocols
* [[Datagram Transport Layer Security|Datagram TLS]] (DTLS) 1.2, and DTLS 1.0, protocols
* [[TLS-SRP]]: [[Secure remote password protocol]] (SRP) for TLS authentication
* [[TLS-PSK]]: [[Pre-shared key]] (PSK) for TLS authentication
* [[X.509]] and [[OpenPGP]] [[Public key certificate|certificate]]<ref>{{IETF RFC|6091}}</ref> handling
* CPU assisted cryptography and cryptographic accelerator support ([[/dev/crypto]]), [[VIA PadLock]] and [[AES-NI]] instruction sets<ref>[http://www.gnutls.org/ The GnuTLS Transport Layer Security Library]</ref>
* Support for [[smart card]]s and for hardware security modules
* Storage of cryptographic keys in the system's [[Trusted Platform Module]] (TPM)

== History ==

=== Origin ===
GnuTLS was initially created around March<ref>{{Cite web |date=2000-03-07 |title=Initialized repository for GNU TLS (8aef5fff) · Commits · gnutls / GnuTLS · GitLab |url=https://gitlab.com/gnutls/gnutls/-/commit/8aef5fff2e54b67c694fa4ef9190cbedf1ff00c1 |access-date=2023-06-23 |website=GitLab |language=en}}</ref> to November<ref>{{Cite web |date=2000-11-15 |title=gnutls0-0-4 · Tags · gnutls / GnuTLS · GitLab |url=https://gitlab.com/gnutls/gnutls/-/tags/gnutls0-0-4 |access-date=2023-06-23 |website=GitLab |language=en}}</ref> 2000,  by Nikos Mavrogiannopoulos to allow applications of the [[GNU Project]] to use secure protocols such as [[Transport Layer Security|TLS]]. Although [[OpenSSL]] already existed, OpenSSL's license is not [[License compatibility|compatible]] with the GPL;<ref>{{cite web | url = http://people.gnome.org/~markmc/openssl-and-the-gpl.html | title = The OpenSSL License and The GPL | date = 2004-06-22 | author = Mark McLoughlin | access-date = 2011-04-06 | df = dmy-all | archive-date = 2016-04-11 | archive-url = https://web.archive.org/web/20160411112314/https://people.gnome.org/~markmc/openssl-and-the-gpl.html | url-status = dead }}</ref> thus software under the GPL, such as GNU software, could not use OpenSSL without making a [[GPL linking exception]].

=== License  ===
The GnuTLS library was [[Software license|licensed]] originally under the [[GNU Lesser General Public License]] v2, while included applications to use the [[GNU General Public License]].

In August 2011 the library was updated to the [[LGPLv3]].<ref>[http://upstream.rosalinux.ru/changelogs/gnutls/3.2.1/changelog.html Version 2.99.4 (released 2011-07-23)&#91;...&#93; ** libgnutls: license upgraded to LGPLv3]</ref> After it was noticed<ref>{{cite web|url=http://nmav.gnutls.org/2013/03/the-perils-of-lgplv3.html |title=The perils of LGPLv3|first=Nikos |last=Mavrogiannopoulos |publisher=gnutls.org |date=2013-03-26 |access-date=2015-11-18 |quote=''LGPLv3 is the latest version of the GNU Lesser General Public License. It follows the successful LGPLv2.1 license, and was released by Free Software Foundation as a counterpart to its GNU General Public License version 3. The goal of the GNU Lesser General Public Licenses is to provide software that can be used by both proprietary and free software. This goal has been successfully handled so far by LGPLv2.1, and there is a multitude of libraries using that license. Now we have LGPLv3 as the latest, and the question is how successful is LGPLv3 on this goal? In my opinion, very little. If we assume that its primary goal is to be used by free software, then it blatantly fails that.'' |df=dmy-all}}</ref> that there were new [[license compatibility]] problems introduced, especially with other [[free software]] with the license change, after discussions the [[Relicensing|license was downgraded]] again to LGPLv2.1 in March 2013.<ref>[http://www.gnutls.org/abi-tracker/changelog/gnutls/3.1.10/log.html 2013-03-14 Nikos Mavrogiannopoulos (nmav@gnutls.org) * COPYING.LESSER, README: gnutls 3.1.10 is LGPLv2.1]</ref>

=== Split from GNU ===
GnuTLS was created for the [[GNU Project]],<ref name=":0" /><ref name=":1" /> but in December 2012 its maintainer, Nikos Mavrogiannopoulos, dissociated the project from GNU after policy disputes with the [[Free Software Foundation]].<ref name=":0">[https://lwn.net/Articles/529522/ GnuTLS, copyright assignment, and GNU project governance] on lwn.net by Michael Kerrisk (December 20, 2012)</ref><ref name=":1">
{{cite web | url = https://lwn.net/Articles/529558/ | title = gnutls is moving 
| date = 2012-12-18 
| author = Nikos Mavrogiannopoulos 
| access-date = 2012-12-11 |df=dmy-all
}}</ref> [[Richard Stallman]] opposed this move and suggested [[Fork (software)|forking]] the project instead.<ref>{{cite mailing list|url=https://lists.gnu.org/archive/html/gnutls-devel/2012-12/msg00003.html|title=GNUTLS is not going anywhere|date=2012-12-11|first=Richard|last=Stallman|mailing-list=gnutls-devel|quote=you cannot take GNUTLS out of the GNU Project. |df=dmy-all}}</ref> Soon afterward, developer Paolo Bonzini ended his maintainership of GNU [[Sed]] and [[Grep]], expressing concerns similar to those of GnuTLS maintainer Mavrogiannopoulos.<ref>{{cite mailing list|url=https://lists.gnu.org/archive/html/bug-gnu-utils/2012-12/msg00011.html|title=GNU sed 4.2.2 released, and a rant from the maintainer|mailing-list=bug-gnu-utils|first=Paolo|last=Bonzini|date=2012-12-22 |df=dmy-all}}</ref>

== Deployment ==
{{More citations needed section|date=January 2015}}
Software packages using GnuTLS include(d):

* [[GNOME]]
* [[CenterIM]]
* [[Exim]]<ref name="programs 2010">{{cite web|url=https://www.gnu.org/software/gnutls/programs.html|title=GnuTLS - GNU Project - Free Software Foundation (FSF)|date=22 May 2010|publisher=[[Free Software Foundation]]|archive-url=https://web.archive.org/web/20100531072839/https://www.gnu.org/software/gnutls/programs.html |archive-date=31 May 2010|access-date=25 January 2015}}</ref>
* [[WeeChat]]
* [[Mutt (e-mail client)|Mutt]]
* [[Wireshark]]
* [[slrn]]
* [[Lynx (web browser)|Lynx]]<ref name="programs 2010"/>
* [[Common Unix Printing System|CUPS]]
* [[gnoMint]]<ref name="programs 2010"/>
* [[GNU Emacs]]
* [[Synology Inc.#Synology DiskStation Manager .28DSM.29|Synology DiskStation Manager]]
* [[OpenConnect]]<ref>{{cite web|url=http://www.infradead.org/openconnect/technical.html|title=OpenConnect VPN client technical details}}</ref>

== See also ==
{{Portal|Free and open-source software}}
* [[Comparison of TLS implementations]]
* [[wolfSSL]] (previously CyaSSL)
* [[mbed TLS]] (previously PolarSSL)
*[[List of free and open-source software packages]]
* [[Network Security Services]]
== References ==
{{reflist|30em}}

== External links ==
* {{Official website}}
* [https://web.archive.org/web/20070821065252/http://www.network-theory.co.uk/articles/mavroyanopoulus.html GNU Friends - An Interview with GNU TLS developer Nikos Mavroyanopoulos] – a 2003 interview
* [https://blogs.fsfe.org/fellowship-interviews/?p=98 Fellowship interview with Simon Josefsson] – a 2009 interview

{{GNU}}
{{Cryptographic software}}
{{TLS/SSL}}

[[Category:Cryptographic software]]
[[Category:GNU Project software]]
[[Category:Free security software]]
[[Category:Transport Layer Security implementation]]