This is gnutls.info, produced by makeinfo version 6.8 from gnutls.texi. This manual is last updated 22 February 2022 for version 3.7.6 of GnuTLS. Copyright (C) 2001-2022 Free Software Foundation, Inc.\\ Copyright (C) 2001-2022 Nikos Mavrogiannopoulos Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". INFO-DIR-SECTION Software libraries START-INFO-DIR-ENTRY * GnuTLS: (gnutls). GNU Transport Layer Security Library. END-INFO-DIR-ENTRY INFO-DIR-SECTION System Administration START-INFO-DIR-ENTRY * certtool: (gnutls)certtool Invocation. Manipulate certificates and keys. * gnutls-serv: (gnutls)gnutls-serv Invocation. GnuTLS test server. * gnutls-cli: (gnutls)gnutls-cli Invocation. GnuTLS test client. * gnutls-cli-debug: (gnutls)gnutls-cli-debug Invocation. GnuTLS debug client. * psktool: (gnutls)psktool Invocation. Simple TLS-Pre-Shared-Keys manager. * srptool: (gnutls)srptool Invocation. Simple SRP password tool. END-INFO-DIR-ENTRY  File: gnutls.info, Node: Concept Index, Prev: Function and Data Index, Up: Top Concept Index ************* [index] * Menu: * abstract types: Abstract key types. (line 6) * alert protocol: The TLS Alert Protocol. (line 6) * ALPN: Application Layer Protocol Negotiation (ALPN). (line 6) * anonymous authentication: Anonymous authentication. (line 6) * API reference: API reference. (line 6) * Application Layer Protocol Negotiation: Application Layer Protocol Negotiation (ALPN). (line 6) * Application-specific keys: Application-specific keys. (line 6) * authentication methods: Authentication methods. (line 6) * bad_record_mac: On Record Padding. (line 6) * callback functions: Callback functions. (line 6) * certificate authentication: Certificate authentication. (line 6) * certificate authentication <1>: More on certificate authentication. (line 6) * certificate requests: PKCS 10 certificate requests. (line 6) * certificate revocation lists: PKIX certificate revocation lists. (line 6) * certificate status: OCSP certificate status checking. (line 6) * certificate status <1>: OCSP stapling. (line 6) * Certificate status request: OCSP status request. (line 6) * Certificate verification: Advanced certificate verification. (line 6) * certification: Certification. (line 6) * certtool: certtool Invocation. (line 6) * certtool help: certtool Invocation. (line 17) * channel bindings: Channel Bindings. (line 6) * ciphersuites: Supported ciphersuites. (line 6) * client certificate authentication: Client Authentication. (line 6) * CMS: Cryptographic Message Syntax / PKCS7. (line 6) * compression algorithms: Compression algorithms and the record layer. (line 6) * contributing: Contributing. (line 6) * credentials: Virtual hosts and credentials. (line 6) * CRL: PKIX certificate revocation lists. (line 6) * cryptographic message syntax: Cryptographic Message Syntax / PKCS7. (line 6) * DANE: Verifying a certificate using DANE. (line 6) * DANE <1>: Certificate verification. (line 6) * danetool: danetool Invocation. (line 6) * danetool help: danetool Invocation. (line 11) * deriving keys: Deriving keys for other applications/protocols. (line 6) * digital signatures: Digital signatures. (line 6) * DNSSEC: Verifying a certificate using DANE. (line 6) * DNSSEC <1>: Certificate verification. (line 6) * download: Downloading and installing. (line 6) * Encrypted keys: Managing encrypted keys. (line 6) * error codes: Error codes. (line 6) * example programs: GnuTLS application examples. (line 6) * examples: GnuTLS application examples. (line 6) * exporting keying material: Deriving keys for other applications/protocols. (line 6) * False Start: False Start. (line 6) * FDL, GNU Free Documentation License: Copying Information. (line 6) * file signing: Cryptographic Message Syntax / PKCS7. (line 6) * fork: Sessions and fork. (line 6) * generating parameters: Parameter generation. (line 6) * giovec_t: Common types. (line 6) * gnutls-cli: gnutls-cli Invocation. (line 6) * gnutls-cli help: gnutls-cli Invocation. (line 13) * gnutls-cli-debug: gnutls-cli-debug Invocation. (line 6) * gnutls-cli-debug help: gnutls-cli-debug Invocation. (line 16) * gnutls-serv: gnutls-serv Invocation. (line 6) * gnutls-serv help: gnutls-serv Invocation. (line 11) * gnutls_datum_t: Common types. (line 6) * hacking: Contributing. (line 6) * handshake protocol: The TLS Handshake Protocol. (line 6) * hardware security modules: Smart cards and HSMs. (line 6) * hardware tokens: Smart cards and HSMs. (line 6) * hash functions: Hash and MAC functions. (line 6) * heartbeat: HeartBeat. (line 6) * HMAC functions: Hash and MAC functions. (line 6) * installation: Downloading and installing. (line 6) * installation <1>: Installing for a software distribution. (line 6) * internal architecture: Internal architecture of GnuTLS. (line 6) * isolated mode: Running in a sandbox. (line 6) * key extraction: Deriving keys for other applications/protocols. (line 6) * Key pinning: Verifying a certificate using trust on first use authentication. (line 6) * Key pinning <1>: Certificate verification. (line 6) * key sizes: Selecting cryptographic key sizes. (line 6) * keying material exporters: Deriving keys for other applications/protocols. (line 6) * MAC functions: Hash and MAC functions. (line 6) * maximum fragment length: Maximum fragment length negotiation. (line 6) * OCSP: OCSP certificate status checking. (line 6) * OCSP Functions: OCSP API. (line 6) * OCSP stapling: OCSP stapling. (line 6) * OCSP status request: OCSP status request. (line 6) * ocsptool: ocsptool Invocation. (line 6) * ocsptool help: ocsptool Invocation. (line 18) * Online Certificate Status Protocol: OCSP certificate status checking. (line 6) * Online Certificate Status Protocol <1>: OCSP stapling. (line 6) * OpenPGP certificates: OpenPGP certificates. (line 6) * OpenSSL: Compatibility with the OpenSSL library. (line 6) * OpenSSL encrypted keys: Managing encrypted keys. (line 242) * overriding algorithms: Overriding algorithms. (line 6) * p11tool: p11tool Invocation. (line 6) * p11tool help: p11tool Invocation. (line 21) * parameter generation: Parameter generation. (line 6) * PCT: On SSL 2 and older protocols. (line 37) * PKCS #10: PKCS 10 certificate requests. (line 6) * PKCS #11 tokens: Smart cards and HSMs. (line 6) * PKCS #12: Managing encrypted keys. (line 136) * PKCS #7: Cryptographic Message Syntax / PKCS7. (line 6) * PKCS #8: Managing encrypted keys. (line 86) * post-handshake authentication: TLS 1.3 re-authentication and re-key. (line 6) * Priority strings: Priority Strings. (line 6) * PSK authentication: Authentication using PSK. (line 6) * psktool: psktool Invocation. (line 6) * psktool help: psktool Invocation. (line 12) * public key algorithms: Public key algorithms. (line 6) * public key algorithms <1>: Cryptographic Message Syntax / PKCS7. (line 6) * random numbers: Random number generation. (line 6) * Raw public-keys: Raw public-keys. (line 6) * re-authentication: TLS 1.2 re-authentication. (line 6) * re-authentication <1>: TLS 1.3 re-authentication and re-key. (line 6) * re-key: TLS 1.3 re-authentication and re-key. (line 6) * re-negotiation: TLS 1.2 re-authentication. (line 6) * re-negotiation <1>: TLS 1.3 re-authentication and re-key. (line 6) * record padding: On Record Padding. (line 6) * record protocol: The TLS record protocol. (line 6) * renegotiation: Safe renegotiation. (line 6) * reporting bugs: Bug Reports. (line 6) * resuming sessions: Resuming Sessions. (line 6) * resuming sessions <1>: Session resumption. (line 6) * safe renegotiation: Safe renegotiation. (line 6) * seccomp: Running in a sandbox. (line 6) * Secure RTP: SRTP. (line 6) * server name indication: Server name indication. (line 6) * session resumption: Resuming Sessions. (line 6) * session resumption <1>: Session resumption. (line 6) * session tickets: Session tickets. (line 6) * Smart card example: Client using a smart card with TLS. (line 6) * smart cards: Smart cards and HSMs. (line 6) * SRP authentication: Authentication using SRP. (line 6) * srptool: srptool Invocation. (line 6) * srptool help: srptool Invocation. (line 19) * SRTP: SRTP. (line 6) * SSH-style authentication: Verifying a certificate using trust on first use authentication. (line 6) * SSH-style authentication <1>: Certificate verification. (line 6) * SSL 2: On SSL 2 and older protocols. (line 6) * Supplemental data: Extensions and Supplemental Data. (line 6) * symmetric algorithms: Symmetric algorithms. (line 6) * symmetric cryptography: Symmetric algorithms. (line 6) * symmetric encryption algorithms: Encryption algorithms used in the record layer. (line 6) * System-specific keys: Application-specific keys. (line 5) * System-wide configuration: System-wide configuration of the library. (line 6) * thread safety: Thread safety. (line 6) * tickets: Session tickets. (line 6) * TLS extensions: TLS Extensions. (line 6) * TLS extensions <1>: Maximum fragment length negotiation. (line 6) * TLS extensions <2>: Server name indication. (line 6) * TLS extensions <3>: Session tickets. (line 6) * TLS extensions <4>: HeartBeat. (line 6) * TLS False Start: False Start. (line 6) * TLS layers: TLS layers. (line 6) * TPM: Trusted Platform Module. (line 6) * tpmtool: tpmtool Invocation. (line 6) * tpmtool help: tpmtool Invocation. (line 11) * transport layer: The transport layer. (line 6) * transport protocol: The transport layer. (line 6) * Trust on first use: Verifying a certificate using trust on first use authentication. (line 6) * Trust on first use <1>: Certificate verification. (line 6) * trusted platform module: Trusted Platform Module. (line 6) * upgrading: Upgrading from previous versions. (line 6) * verifying certificate paths: Verifying X.509 certificate paths. (line 6) * verifying certificate paths <1>: Verifying a certificate in the context of TLS session. (line 6) * verifying certificate paths <2>: Verifying a certificate using trust on first use authentication. (line 6) * verifying certificate paths <3>: Verifying a certificate using DANE. (line 6) * verifying certificate with pkcs11: Verification using PKCS11. (line 6) * virtual hosts: Virtual hosts and credentials. (line 6) * X.509 certificate name: X.509 certificate names. (line 6) * X.509 certificates: X.509 certificates. (line 6) * X.509 distinguished name: X.509 distinguished names. (line 6) * X.509 extensions: X.509 extensions. (line 6) * X.509 Functions: X509 certificate API. (line 6)