mod_gnutls - GnuTLS module for the Apache HTTP server
mod_gnutls uses the GnuTLS library to provide SSL 3.0, TLS 1.0 and TLS 1.1
encryption for Apache HTTPD. It is similar to mod_ssl in purpose, but does
not use OpenSSL. A primary benefit of using this module is the ability to
configure multiple SSL certificates for a single IP-address/port combination
(useful for securing virtual hosts).
* Support for SSL 3.0, TLS 1.0 and TLS 1.1.
* Support for client certificates.
* Support for RFC 5081 OpenPGP certificate authentication.
* Support for Server Name Indication.
* Distributed SSL Session Cache via Memcached
* Local SSL Session Cache using DBM
* Sets enviromental vars for scripts (compatible with mod_ssl vars)
* Small and focused code base:
Lines of code in mod_gnutls: 3,593
Lines of code in mod_ssl: 15,324
by Django (2015-11-22):
Bugfix: Non-blocking reads in the input filter could lead to a busy
wait in the gnutls_io_input_read function, causing high load on
Keep-Alive connections waiting for data, until either more data
could be received or the connection was closed. The fix is to pass
EAGAIN/EINTR results up to the input filter so they can be handled
- Close TLS session if the input filter receives EOF (mostly relevant
for proper termination of proxy connections).
- Remove dependency on APR Memcache, which is replaced by the newer
version included in the APR Utility Library (libaprutil).
- Remove dependency on bc. It was used for floating point arithmetic
in the test suite, the calculations have been changed to use
integers and pure bash code.
by Django (2015-10-29):
- Improved handling of PKCS #11 modules: mod_gnutls now loads either
modules specified using GnuTLSP11Module, or the system defaults, but
not both. Thanks to Nikos Mavrogiannopoulos for the report and
- Initialize variables to safe defaults during client certificate
verification. Certain error code paths did not set them, but they
should never be hit due to config validation. This adds another line
- Enable C99 support via autoconf
- Test suite improvements. Most importantly, automake now handles
environment setup without any external make calls. Rules to build
the certificates are included from the old test makefile. Note that
the dependency on GNU make is not new (the test makefile always used
GNU make syntax), it just wasn't listed explicitly
by Django (2014-09-28):
- extra configfile for module and configuration