Welcome to GnuTLS project pages

  • Overview

    GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, and other required structures.

    The project strives to provide a secure communications back-end, simple to use and integrated with the rest of the base Linux libraries. A back-end designed to work and be secure out of the box, keeping the complexity of TLS and PKI out of application code.

  • Features
    • Support for TLS 1.3, 1.2, 1.1, 1.0 protocols, and (optionally) SSL 3.0
    • Support for DTLS 1.2, and DTLS 1.0, protocols
    • Support for certificate path validation, as well as DANE and trust on first use.
    • Support for the Online Certificate Status Protocol (OCSP).
    • Support for public key methods, including RSA and Elliptic curves, as well as password and key authentication methods such as SRP and PSK protocols.
    • Support for all the strong encryption algorithms, including AES and Camellia.
    • Support for CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
    • Support for cryptographic accelerator drivers via /dev/crypto.
    • Supports natively HSMs and cryptographic tokens, via PKCS #11 and the Trusted Platform Module (TPM).
    • Runs on most Unix platforms and Windows.
  • License

    The core library licensed under the GNU Lesser General Public License version 2.1 (LGPLv2.1+). The LGPL license is compatible with a wide range of free licenses, and even permit you to use GnuTLS in non-free proprietary programs.

For more information on GnuTLS features, see the wikipedia article comparing different TLS implementations.

News flashes  

Released GnuTLS 3.8.4 a bug-fix and enhancement release on the 3.8.x branch.

Added the GNUTLS-SA-2024-01-23 and GNUTLS-SA-2023-12-04 security advisories.


Released GnuTLS 3.8.3 a bug-fix and security release on the 3.8.x branch.

Added the security advisories: GNUTLS-SA-2024-01-09 and GNUTLS-SA-2024-01-14.


Released GnuTLS 3.8.2 a bug-fix and enhancement release on the 3.8.x branch.

Added the GNUTLS-SA-2023-10-23 security advisory.


GnuTLS participated in the Google Summer of Code (GSoC) program and our contributors have successfully completed their projects: Enabling HTTP/3 support in Wget2 and Add support for Encrypted Client Hello (ECH)