[gnutls-help] Using GnuTLS with an HSM

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Jul 16 10:19:43 CEST 2013

On 07/15/2013 10:22 PM, Horst Freiburger wrote:
> Hi!
> I'am quiet new to TLS an GnuTLS. I want to use GnuTLS in a 
> client-server-project. I successfully have a TLS connection between the client 
> and the server using GnuTLS. Because of the use of an HSM i have a few 
> requirements to GnuTLS and i'am not sure if GnuTLS ist able to fullfil my 
> requirements.
> 1. Before sending "Client Hello" the HSM is generating a random number. This 
> random number should be used in the "Client Hello"-message.

Hello Horst,
 That one yes. There is gnutls_handshake_set_random().

> 2. After receiving "Server Key Exchange" from the Client should give the Public 
> Key of the Server to the HSM. The HSM generates the pre-masters secret.

On which ciphersuite do you refer to, and which side? For example on
server side and the RSA ciphersuite what your HSM does makes no sense.

I've never seen this type of HSM. HSMs typically protect the long-term
key of the server (or client), and for that provide operations on the
key without exposing them. What does your HSM protect?


More information about the Gnutls-help mailing list