[
Top
]
[
Contents
]
[
Index
]
[
?
]
Table of Contents
1. Preface
2. Introduction to GnuTLS
2.1 Downloading and installing
2.2 Overview
3. Introduction to
TLS
and
DTLS
3.1 TLS layers
3.2 The transport layer
3.3 The TLS record protocol
3.3.1 Encryption algorithms used in the record layer
3.3.2 Compression algorithms used in the record layer
3.3.3 Weaknesses and countermeasures
3.3.4 On record padding
3.4 The TLS alert protocol
3.5 The TLS handshake protocol
3.5.1 TLS ciphersuites
3.5.2 Authentication
3.5.3 Client authentication
3.5.4 Resuming sessions
3.6 TLS extensions
3.6.1 Maximum fragment length negotiation
3.6.2 Server name indication
3.6.3 Session tickets
3.6.4 Safe renegotiation
3.7 How to use
TLS
in application protocols
3.7.1 Separate ports
3.7.2 Upward negotiation
3.8 On SSL 2 and older protocols
4. Certificate authentication
4.1
X.509
certificates
4.1.1
X.509
certificate structure
4.1.2 X.509 distinguished names
4.1.3 Verifying
X.509
certificate paths
4.1.4 Verifying a certificate in the context of TLS session
4.2
OpenPGP
certificates
4.2.1
OpenPGP
certificate structure
4.2.2 Verifying an
OpenPGP
certificate
4.2.3 Verifying a certificate in the context of a TLS session
4.3 Digital signatures
4.3.1 Trading security for interoperability
5. Shared-key and anonymous authentication
5.1 SRP authentication
5.1.1 Authentication using
SRP
5.1.2 Invoking srptool
5.2 PSK authentication
5.2.1 Authentication using
PSK
5.2.2 Invoking psktool
5.3 Anonymous authentication
6. More on certificate authentication
6.1
PKCS
#10 certificate requests
6.2 PKIX certificate revocation lists
6.3 Managing encrypted keys
6.4 The certtool application
6.5 Smart cards and HSMs
6.5.1 Initialization
6.5.2 Reading objects
6.5.3 Writing objects
6.5.4 Using a
PKCS
#11 token with TLS
6.5.5 The p11tool application
6.6 Abstract key types
6.6.1 Public keys
6.6.2 Private keys
6.6.3 Operations
7. How to use
GnuTLS
in applications
7.1 Introduction
7.1.1 General idea
7.1.2 Error handling
7.1.3 Debugging and auditing
7.1.4 Thread safety
7.1.5 Callback functions
7.2 Preparation
7.2.1 Headers
7.2.2 Initialization
7.2.3 Version check
7.2.4 Building the source
7.3 Session initialization
7.4 Associating the credentials
7.4.1 Certificates
7.4.2 SRP
7.4.3 PSK
7.4.4 Anonymous
7.5 Setting up the transport layer
7.5.1 Asynchronous operation
7.5.2 DTLS sessions
7.6 TLS handshake
7.7 Data transfer and termination
7.8 Handling alerts
7.9 Priority strings
7.10 Advanced and other topics
7.10.1 Session resumption
7.10.2 Parameter generation
7.10.3 Keying material exporters
7.10.4 Channel bindings
7.10.5 Interoperability
7.10.6 Compatibility with the OpenSSL library
7.11 Using the cryptographic library
7.11.1 Symmetric cryptography
7.11.2 Hash and HMAC functions
7.11.3 Random number generation
7.12 Selecting cryptographic key sizes
8. GnuTLS application examples
8.1 Client examples
8.1.1 Simple client example with anonymous authentication
8.1.2 Simple client example with
X.509
certificate support
8.1.3 Simple datagram
TLS
client example
8.1.4 Obtaining session information
8.1.5 Using a callback to select the certificate to use
8.1.6 Verifying a certificate
8.1.7 Using a smart card with TLS
8.1.8 Client with resume capability example
8.1.9 Simple client example with
SRP
authentication
8.1.10 Simple client example using the C++ API
8.1.11 Helper functions for TCP connections
8.1.12 Helper functions for UDP connections
8.2 Server examples
8.2.1 Echo server with
X.509
authentication
8.2.2 Echo server with
OpenPGP
authentication
8.2.3 Echo server with
SRP
authentication
8.2.4 Echo server with anonymous authentication
8.2.5 DTLS echo server with
X.509
authentication
8.3 Miscellaneous examples
8.3.1 Checking for an alert
8.3.2
X.509
certificate parsing example
8.3.3 Listing the ciphersuites in a priority string
9. Other included programs
9.1 The gnutls-cli tool
9.2 The gnutls-serv tool
9.3 The gnutls-cli-debug tool
10. Internal Architecture of GnuTLS
10.1 The TLS Protocol
10.2 TLS Handshake Protocol
10.3 TLS Authentication Methods
10.4 TLS Extension Handling
10.5 Cryptographic Backend
A. Support
A.1 Getting Help
A.2 Commercial Support
A.3 Bug Reports
A.4 Contributing
B. Error Codes and Descriptions
C. API reference
C.1 Core TLS API
C.2 Datagram TLS API
C.3
X.509
certificate API
C.4
OpenPGP
API
C.5 PKCS 12 API
C.6 Hardware token via PKCS 11 API
C.7 Abstract key API
C.8 Cryptographic API
C.9 Compatibility API
D. Supported Ciphersuites
E. Copying Information
Bibliography
Function and Data Index
Concept Index
[
Top
]
[
Contents
]
[
Index
]
[
?
]
This document was generated by
nmav
on
January 14, 2012
using
texi2html 1.82
.