Welcome to GnuTLS project pages
- Overview
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols
and technologies around them. It provides a simple C language application programming interface (API)
to access the secure communications protocols as well as APIs to parse and
write X.509, PKCS #12, and other required structures.
The project strives to provide a secure communications back-end,
simple
to use and integrated with the rest of the base Linux
libraries. A back-end designed to work and be secure out of the box,
keeping the complexity of TLS and PKI out of application code.
- Features
- Support for TLS 1.3, 1.2, 1.1, 1.0 protocols, and (optionally) SSL 3.0
- Support for DTLS 1.2, and DTLS 1.0, protocols
- Support for certificate path validation, as well as DANE and trust on first use.
- Support for the Online Certificate Status Protocol (OCSP).
- Support for public key methods, including RSA and Elliptic curves, as well as password and key authentication methods such as SRP and PSK protocols.
- Support for all the strong encryption algorithms, including AES and Camellia.
- Support for CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
- Support for cryptographic accelerator drivers via /dev/crypto.
- Supports natively HSMs and cryptographic tokens, via PKCS #11 and the Trusted Platform Module (TPM).
- Runs on most Unix platforms and Windows.
- License
The core library licensed under
the GNU
Lesser General Public License version 2.1 (LGPLv2.1+). The
LGPL license is compatible with a wide range of free licenses,
and even permit you to use GnuTLS in non-free proprietary
programs.
For more information on GnuTLS features, see the
wikipedia article comparing different TLS implementations.
|
|