In the previous sections we have discussed the global initialization required for GnuTLS as well as the initialization required for each authentication method’s credentials (see Authentication). In this section we elaborate on the TLS or DTLS session initiation. Each session is initialized using gnutls_init which among others is used to specify the type of the connection (server or client), and the underlying protocol type, i.e., datagram (UDP) or reliable (TCP).
session: is a pointer to a
flags: indicate if this session is to be used for server or client.
This function initializes the provided session. Every
session must be initialized before use, and must be deinitialized
after used by calling
flags can be any combination of flags from
Note that since version 3.1.2 this function enables some common
TLS extensions such as session tickets and OCSP certificate status
request in client side by default. To prevent that use the
GNUTLS_E_SUCCESS on success, or an error code.
Connection end is a server.
Connection end is a client.
Connection is datagram oriented (DTLS). Since 3.0.0.
Connection should not block. Since 3.0.0.
Do not enable any TLS extensions by default (since 3.1.2). As TLS 1.2 and later require extensions this option is considered obsolete and should not be used.
Disable any replay protection in DTLS. This must only be used if replay protection is achieved using other means. Since 3.2.2.
In systems where SIGPIPE is delivered on send, it will be disabled. That flag has effect in systems which support the MSG_NOSIGNAL sockets flag (since 3.4.2).
Allow the peer to replace its certificate, or change its ID during a rehandshake. This change is often used in attacks and thus prohibited by default. Since 3.5.0.
Enable the TLS false start on client side if the negotiated ciphersuites allow it. This will enable sending data prior to the handshake being complete, and may introduce a risk of crypto failure when combined with certain key exchanged; for that GnuTLS may not enable that option in ciphersuites that are known to be not safe for false start. Since 3.5.0.
When in client side and only a single cert is specified, send that certificate irrespective of the issuers expected by the server. Since 3.5.0.
Flag to indicate that the session should not use resumption with session tickets.
Generate key share for the first group which is enabled. For example x25519. This option is the most performant for client (less CPU spent generating keys), but if the server doesn’t support the advertized option it may result to more roundtrips needed to discover the server’s choice.
Generate key shares for the top-2 different groups which are enabled. For example (ECDH + x25519). This is the default.
Generate key shares for the top-3 different groups which are enabled.
That is, as each group is associated with a key type (EC, finite field, x25519), generate
three keys using
GNUTLS_PK_ECDH_X25519 if all of them are enabled.
Enable post handshake authentication for server and client. When set and
a server requests authentication after handshake
GNUTLS_E_REAUTH_REQUEST will be returned
gnutls_record_recv() . A client should then call
gnutls_reauth() to re-authenticate.
Disable auto-rekeying under TLS1.3. If this option is not specified gnutls will force a rekey after 2^24 records have been sent.
Flag to indicate that the TLS 1.3 padding check will be done in a safe way which doesn’t leak the pad size based on GnuTLS processing time. This is of use to applications which hide the length of transferred data via the TLS1.3 padding mechanism and are already taking steps to hide the data processing time. This comes at a performance penalty.
Under TLS1.3 allow the server to return earlier than the full handshake finish; similarly to false start the handshake will be completed once data are received by the client, while the server is able to transmit sooner. This is not enabled by default as it could break certain existing server assumptions and use-cases. Since 3.6.4.
Allows raw public-keys to be negotiated during the handshake. Since 3.6.6.
Enable transparent re-authentication in client side when the server
requests to. That is, reauthentication is handled within
gnutls_record_recv() , and
GNUTLS_E_REAUTH_REQUEST are not returned. This must be
GNUTLS_POST_HANDSHAKE_AUTH for TLS1.3. Enabling this flag requires to restore
interrupted calls to
gnutls_record_recv() based on the output of
gnutls_record_recv() could be interrupted when sending when this flag is enabled.
Note this flag may not be used if you are using the same session for sending and receiving
in different threads.
Under TLS1.3 allow the server to receive early data sent as part of the initial ClientHello (0-RTT). This can also be used to explicitly indicate that the client will send early data. This is not enabled by default as early data has weaker security properties than other data. Since 3.6.5.
Under TLS1.3 disable auto-sending of session tickets during the handshake.
Under TLS1.3 suppress sending EndOfEarlyData message. Since 3.7.2.
Flag to indicate that the session should not use resumption with session tickets. This flag only has effect if TLS 1.2 is used.
Prevents client from including the "status_request" TLS extension in the client hello, thus disabling the receival of certificate status information. Since 3.8.0.
After the session initialization details on the allowed ciphersuites and protocol versions should be set using the priority functions such as gnutls_priority_set and gnutls_priority_set_direct. We elaborate on them in Priority Strings. The credentials used for the key exchange method, such as certificates or usernames and passwords should also be associated with the session current session using gnutls_credentials_set.
session: is a
type: is the type of the credentials
cred: the credentials to set
Sets the needed credentials for the specified type. E.g. username,
password - or public and private keys etc. The
cred parameter is
a structure that depends on the specified type and on the current
session (client or server).
In order to minimize memory usage, and share credentials between
several threads gnutls keeps a pointer to cred, and not the whole
cred structure. Thus you will have to keep the structure allocated
until you call
cred should be
gnutls_anon_client_credentials_t in case of a client. In case of
a server it should be
cred should be
in case of a client, and
gnutls_srp_server_credentials_t , in case
of a server.
cred should be
Returns: On success,
GNUTLS_E_SUCCESS (0) is returned,
otherwise a negative error code is returned.