[Overview]
[News]
[Download]
[Commercial Support]
[Mailing lists]
[Documentation]
An online HTTPS server running GnuTLS is available:
The server is hosted and maintained by Simon Josefsson Datakonsult. If you want to use it as an attack target for trying to find security problems in GnuTLS, please contact me first.
The server do ask for, and accepts, a client certificate, but some browsers won't send it unless the server mentions the particular CA. Right now, the server loads some CA certificates for this purpose. If you want other CA's added, let me know!
The GnuTLS manual explain how you can set up your own test server.
The server supports these mechanisms:
| Certificate types: | X.509, OPENPGP |
| Protocols: | TLS1.2, TLS1.1, TLS1.0, SSL3.0 |
| Ciphers: | AES-256-CBC, AES-128-CBC, 3DES-CBC, CAMELLIA-128, CAMELLIA-256, ARCFOUR, ARCFOUR-40 |
| MACs: | SHA512, SHA384, SHA256, SHA1, RMD160, MD5 |
| Key exchange algorithms: | RSA, RSA-EXPORT, DHE-DSS, DHE-RSA, DHE-PSK, PSK, SRP, SRP-RSA, SRP-DSS, ANON-DH |
| Compression methods: | DEFLATE, LZO, NULL |
| Extensions: | Max record size, Cert Type (OpenPGP), Server Name, SRP, TLS/IA, Opaque PRF Input |
For X.509 authentication the following CA and trust information are used:
| x509-ca.pem | GnuTLS test server CA | x509-ca.crt |
| x509-ca-key.pem | Private RSA key of the CA. | |
| x509-trust.pem | GnuTLS test server CA trust list | |
| x509-other-ca.pem | List of other CA certificates |
For X.509 authentication the server uses the following credential:
| x509-server.pem | GnuTLS server certificate. | x509-server.crt |
| x509-server-key.pem | Private RSA key of the server. | |
| x509-server-dsa.pem | GnuTLS server certificate (DSA). | x509-server-dsa.crt |
| x509-server-key-dsa.pem | Private DSA key of the server. |
For X.509 authentication your client may use the following credentials:
| x509-client.pem | GnuTLS client certificate. | x509-client.crt |
| x509-client-key.pem | Private RSA key of the client. | |
| x509-client-key.p12 | Client in PKCS#12 format (password 'foo'). |
For OpenPGP authentication the following credentials are used:
| openpgp-server.txt | GnuTLS test server OpenPGP key | openpgp-server.bin |
| openpgp-server-key.txt | Private key of the OpenPGP key. | openpgp-server-key.bin |
For SRP authentication the following credentials are used:
| srp-tpasswd.conf | GnuTLS test server SRP password configuration file | |
| srp-passwd.txt | Password file (user 'jas' password 'foo') |
For PSK authentication the following credentials are used:
| psk-passwd.txt | GnuTLS test server PSK symmetric key file |
For Opaque PRF Input support you need to use the same extension type that we do, pending the IANA registration. We use number 42.
If you want to run your own server, install GnuTLS and download the credentials. Then invoke the server as follows:
gnutls-serv --http --x509cafile x509-trust.pem --x509keyfile x509-server-key.pem --x509certfile x509-server.pem --x509dsakeyfile x509-server-key-dsa.pem --x509dsacertfile x509-server-dsa.pem --pgpkeyfile openpgp-server-key.txt --pgpcertfile openpgp-server.txt --srppasswdconf srp-tpasswd.conf --srppasswd srp-passwd.txt --pskpasswd psk-passwd.txt --opaque-prf-input gnutls |
Please send inquiries about GNU and the FSF to
Free Software Foundation Voice: +1-617-542-5942
59 Temple Place - Suite 330 Fax: +1-617-542-2652
Boston MA 02111-1307 USA E-Mail: gnu@gnu.org
Please send broken links and other web page corrections (or suggestions) to
The GNU Webmasters
webmasters@gnu.org
Please see the Translations README for information on coordinating and submitting translations.
Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
MA 02111, USA
Verbatim copying and distribution of this entire article are
permitted worldwide without royalty in any medium provided
this notice is preserved.
Updated: $Date: 2007/10/17 14:37:55 $ $Author: jas $