Support for trusted_ca_keys extension during TLS handshake

Nikos Mavrogiannopoulos nmav at
Wed Oct 31 11:39:26 CET 2012

On Tue, Oct 30, 2012 at 4:45 PM, David Fuhrmann
<david.fuhrmann at> wrote:
> Hello,
> Currently, I am searching for a TLS library that already supports the
> trusted_ca_keys extension inside the extended client hello message as
> described here:

GnuTLS doesn't support this extension. You can check the capabilities
of various implementations at:

The particular extension that you're looking for isn't listed meaning
it may not be implemented by anyone.

> As it is quite difficult to find any information about an implementation for
> that over google search, I want to ask you if this extension is already (or
> soon) be supported by GnuTLS? If not, does anybody know another
> implementation / library which already supports this extension?

It is not in our plans to implement since it doesn't look particularly
useful/interesting. If you submit a patch however it may be included.
What is your use case for this extension?


More information about the Gnutls-devel mailing list