Welcome to GnuTLS project pages

  • Overview

    GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and other required structures. It is aimed to be portable and efficient with focus on security and interoperability.

  • Features
    • Support for TLS 1.2, TLS 1.1, TLS 1.0, SSL 3.0 and Datagram TLS protocols
    • Support for certificate path validation, as well as DANE and trust on first use.
    • Support for the Online Certificate Status Protocol (OCSP).
    • Support for multiple certificate types including X.509 and OpenPGP certificates.
    • Support for public key methods, including RSA and Elliptic curves, as well as password and key authentication methods such as SRP and PSK protocols.
    • Support for all the strong encryption algorithms, including AES and Camellia.
    • Support for CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
    • Support for cryptographic accelerator drivers via /dev/crypto.
    • Supports natively cryptographic tokens such as smart-cards, via PKCS #11 and the Trusted Platform Module (TPM).
    • Runs on most Unix platforms and Windows.
  • License

    The core library licensed under the GNU Lesser General Public License version 3 (LGPLv3+). The LGPL license is compatible with a wide range of free licenses, and even permit you to use GnuTLS in non-free proprietary programs.

For more information on GnuTLS features, see the wikipedia article comparing different TLS implementations.

News flashes  
2012-12-10 The GnuTLS project has moved its infrastructure.
2012-11-25 The GnuTLS paperback manual for was updated for version 3.1.5.
2012-11-24 GnuTLS 3.1.5 was released. This release adds support for UCS-2 encoded DNs, improvements in smart card key generation and few bug-fixes.
2012-11-10 GnuTLS 3.1.4 was released. This release includes support for the DTLS-SRTP, updates on the DANE library, and several simplifications on the existing API.