^{Shamelessly ripped from the GnuTLS project pages.}

Overview

GnuTLS is a secure communications library implementing the SSL, TLS, and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and other required structures. It is aimed to be portable and efficient with focus on security and interoperability.

Features

• Support for TLS 1.2, TLS 1.1, TLS 1.0, and SSL 3.0 protocols
• Support for DTLS 1.2, and DTLS 1.0, protocols
• Support for certificate path validation, as well as DANE and trust on first use.
• Support for the Online Certificate Status Protocol (OCSP).
• Support for multiple certificate types including X.509 and OpenPGP certificates.
• Support for public key methods, including RSA and Elliptic curves, as well as password and key authentication methods such as SRP and PSK protocols.
• Support for all the strong encryption algorithms, including AES and Camellia.
• Support for CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
• Support for cryptographic accelerator drivers via /dev/crypto.
• Supports natively HSMs and cryptographic tokens, via PKCS #11 and the Trusted Platform Module (TPM).
• Runs on most Unix platforms and Windows.

License

The core library licensed under the GNU Lesser General Public License version 2.1 (LGPLv2.1+). The LGPL license is compatible with a wide range of free licenses, and even permit you to use GnuTLS in non-free proprietary programs.

Documentation

You can obtain the GnuTLS manual at lulu.com or download any of the electronic formats.

For more information on GnuTLS features, see the Wikipedia article comparing different TLS implementations.