Home Debian How To Install Curl With GnuTLS Backend In Debian

How To Install Curl With GnuTLS Backend In Debian

By sk
Published: Updated: 202 views

When you install curl using the default package manager in Linux distributions like Debian, it typically comes pre-compiled with OpenSSL as the TLS backend. Because almost every curl distributor/packager builds Curl with OpenSSL backend. Changing to a different TLS backend isn't as straightforward as simply selecting a different option, but it is possible . In this Step-by-Step tutorial, we will see how to install curl with GnuTLS backend in Debian.

Before getting into the topic, let me give a you brief introduction to the TLS backend and the list of supported TLS backends by Curl.

What is a TLS backend?

When you compile curl from source, it needs a way to handle secure connections (HTTPS). This is done through a TLS backend. TLS (Transport Layer Security) is essential for secure communication over networks.

Curl supports multiple TLS libraries or backends. Here's the list of supported backends:

1. AmiSSL

AmiSSL is an SSL/TLS implementation for AmigaOS systems. It's not commonly used unless you're developing for Amiga platforms. To compile Curl with AmiSSL, you can use --with-amissl option.

2. BearSSL

BearSSL is a smaller, more focused SSL/TLS library. It's designed to be lightweight and suitable for embedded systems. To install Curl with BearSSL, use --with-bearssl option.

3. GnuTLS

GnuTLS is a secure communications library implementing the SSL, TLS, and DTLS protocols. It's a popular open-source alternative to OpenSSL. To install Curl with GnuTLS, you can use --with-gnutls option.

4. Mbed TLS

Mbed TLS (formerly known as PolarSSL) is an open source, portable, easy to use, readable and flexible SSL library. It's often used in embedded systems and IoT devices. To install Curl with Mbed TLS, use --with-mbedtls.

5. OpenSSL

OpenSSL is one of the most widely used TLS libraries. This option also works for BoringSSL (Google's fork of OpenSSL) and LibreSSL (OpenBSD's fork of OpenSSL). You can use --with-openssl to install Curl with OpenSSL.

6. Rustls

Rustls is a modern TLS library written in Rust. It aims to provide a safer and more efficient implementation. To install Curl with Rustls, use --with-rustls.

7. Schannel

Schannel is the Security Support Provider (SSP) for Windows operating systems. It's used when building curl for Windows platforms. To install Curl with Schannel, use --with-schannel.

8. Secure Transport

Secure Transport is Apple's TLS implementation. This option is used when building curl for macOS or iOS. We can install Curl with Secure Transport backend using --with-secure-transport option.

9. wolfSSL

wolfSSL (formerly CyaSSL) is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments. To install Curl with wolfSSL, use --with-wolfssl.

Choosing the Right TLS Backend

  • OpenSSL (--with-openssl): This is typically the most common and widely supported choice. It provides a robust feature set and is well-tested in various environments.
  • GnuTLS (--with-gnutls): Another solid choice, especially if you prefer to avoid OpenSSL due to its license or other considerations. GnuTLS is known for its focus on security and is used by many Linux distributions.
  • Other Backends: Choose these if you have specific requirements or preferences based on platform compatibility, licensing, or performance considerations.

Example Usage

To compile curl with a specific TLS backend, you would typically use the ./configure script with the appropriate --with-<backend> option. For example:

./configure --with-openssl

This command configures curl to use OpenSSL as the TLS backend. Replace openssl with your preferred backend option from the list above.

Install Curl from Source with GnuTLS using GNU Stow

Debian actually provides two versions of libcurl: one built with OpenSSL and another with GnuTLS. The curl command-line tool usually links against the OpenSSL version by default, but you can use the GnuTLS version instead.

Let us check the Curl version using command in Debian 12:

$ curl -V 

Sample Output:

curl 8.8.0 (x86_64-pc-linux-gnu) libcurl/8.8.0 OpenSSL/3.0.13 zlib/1.2.13 brotli/1.0.9 zstd/1.5.4  
libidn2/2.3.3 libpsl/0.21.2 libssh2/1.10.0 nghttp2/1.52.0 librtmp/2.3 OpenLDAP/2.5.13
Release-Date: 2024-05-22, security patched: 8.8.0-1~bpo12+1
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3
pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz
NTLM PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd
Curl with OpenSSL Backend
Curl with OpenSSL Backend

As you see in the above above output, my Debian 12 system has latest Curl 8.8.0 with OpenSSL backend.

Now let us see how to compile Curl from source with GnuTLS using GNU Stow. For those wondering, GNU Stow is one of the recommended way to install latest software from source in Debian and other Linux distributions.

1. Prerequisites

Ensure you have the necessary tools and dependencies installed:

sudo apt update
sudo apt install build-essential libgnutls28-dev stow

2. Download Latest Curl Tarfile and Extract It

Download the latest Curl from the Curl GitHub Repository:

wget https://github.com/curl/curl/releases/download/curl-8_8_0/curl-8.8.0.tar.gz

Extract the curl source code:

tar -xzvf curl-8.8.0.tar.gz

This command will extract the contents of the tar file in a directory named curl-8.8.0. Cd into the directory:

cd curl-8.8.0

3. Configure the Build with Prefix

Configure the build to use GnuTLS backend using command:

./configure --with-gnutls --prefix=/usr/local/stow/curl-8.8.0

If the /usr/loca/stow directory doesn't exist, just create it using command:

sudo mkdir -p /usr/local/stow

Again, rerun the ./configure command.

4. Compile and Install Curl using Stow

Run the following command to compile and install Curl using GNU Stow

sudo make install

Cd into the /usr/loca/stow directory and create the necessary symlinks:

cd /usr/local/stow
sudo stow curl-8.8.0

6. Verify Curl Installation

Restart your current session and verify that curl is using GnuTLS:

curl --version

You should see GnuTLS as the new TLS backend.

curl 8.8.0 (x86_64-pc-linux-gnu) libcurl/8.8.0 GnuTLS/3.7.9 zlib/1.2.13 brotli/1.0.9 zstd/1.5.4 libidn2/2.3.3  
Release-Date: 2024-05-22
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns mqtt pop3 pop3s rtsp smb smbs smt
p smtps telnet tftp
Features: alt-svc AsynchDNS brotli HSTS HTTPS-proxy IDN IPv6 Largefile libz NTLM SSL threadsafe TLS-SRP UnixSo
ckets zstd
Curl with GnuTLS Backend
Curl with GnuTLS Backend

As you see in the above output, Curl is configured with GnuTLS v3.7.9.


In this Step-by-Step tutorial, we discussed the list of available TLS backends and howto install Curl with GnuTLS backend from source using GNU Stow in Debian and its derivatives.

If you're not aware already, Debian's Curl is about to get HTTP3 support. For more details, refer the following link:

Related Read:

You May Also Like

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More