[Overview]
[News]
[Download]
[Commercial Support]
[Mailing lists]
[Documentation]
An online HTTPS server running GnuTLS is available:
The server is hosted and maintained by Simon Josefsson Datakonsult. If you want to use it as an attack target for trying to find security problems in GnuTLS, please contact me first.
The server do ask for, and accepts, a client certificate, but some browsers won't send it unless the server mentions the particular CA. Right now, the server loads some CA certificates for this purpose. If you want other CA's added, let me know!
The GnuTLS manual explain how you can set up your own test server.
The server supports these mechanisms:
| Certificate types: | X.509, OPENPGP |
| Protocols: | TLS1.2, TLS1.1, TLS1.0, SSL3.0 |
| Ciphers: | AES-256-CBC, AES-128-CBC, 3DES-CBC, CAMELLIA-128, CAMELLIA-256, ARCFOUR, ARCFOUR-40 |
| MACs: | SHA512, SHA384, SHA256, SHA1, RMD160, MD5 |
| Key exchange algorithms: | RSA, RSA-EXPORT, DHE-DSS, DHE-RSA, DHE-PSK, PSK, SRP, SRP-RSA, SRP-DSS, ANON-DH |
| Compression methods: | DEFLATE, LZO, NULL |
| Extensions: | Max record size, Cert Type (OpenPGP), Server Name, SRP, TLS/IA, Opaque PRF Input |
For X.509 authentication the following CA and trust information are used:
| x509-ca.pem | GnuTLS test server CA | x509-ca.crt |
| x509-ca-key.pem | Private RSA key of the CA. | |
| x509-trust.pem | GnuTLS test server CA trust list | |
| x509-other-ca.pem | List of other CA certificates |
For X.509 authentication the server uses the following credential:
| x509-server.pem | GnuTLS server certificate. | x509-server.crt |
| x509-server-key.pem | Private RSA key of the server. | |
| x509-server-dsa.pem | GnuTLS server certificate (DSA). | x509-server-dsa.crt |
| x509-server-key-dsa.pem | Private DSA key of the server. |
For X.509 authentication your client may use the following credentials:
| x509-client.pem | GnuTLS client certificate. | x509-client.crt |
| x509-client-key.pem | Private RSA key of the client. | |
| x509-client-key.p12 | Client in PKCS#12 format (password 'foo'). |
For OpenPGP authentication the following credentials are used:
| openpgp-server.txt | GnuTLS test server OpenPGP key | openpgp-server.bin |
| openpgp-server-key.txt | Private key of the OpenPGP key. | openpgp-server-key.bin |
For SRP authentication the following credentials are used:
| srp-tpasswd.conf | GnuTLS test server SRP password configuration file | |
| srp-passwd.txt | Password file (user 'jas' password 'foo') |
For PSK authentication the following credentials are used:
| psk-passwd.txt | GnuTLS test server PSK symmetric key file |
For Opaque PRF Input support you need to use the same extension type that we do, pending the IANA registration. We use number 42.
If you want to run your own server, install GnuTLS and download the credentials. Then invoke the server as follows:
gnutls-serv --http --x509cafile x509-trust.pem --x509keyfile x509-server-key.pem --x509certfile x509-server.pem --x509dsakeyfile x509-server-key-dsa.pem --x509dsacertfile x509-server-dsa.pem --pgpkeyfile openpgp-server-key.txt --pgpcertfile openpgp-server.txt --srppasswdconf srp-tpasswd.conf --srppasswd srp-passwd.txt --pskpasswd psk-passwd.txt --opaque-prf-input gnutls |
Please send FSF & GNU inquiries to
<gnu@gnu.org>.
There are also other ways to contact
the FSF.
Please send broken links and other corrections or suggestions to
<bug-gnutls@gnu.org>.
Copyright © 2009 Free Software Foundation, Inc.
Verbatim copying and distribution of this entire article are permitted worldwide, without royalty, in any medium, provided this notice, and the copyright notice, are preserved.
Updated: $Date: 2009/11/06 15:46:55 $