This is a static archive of our old Q&A Site. Please post any new questions and answers at

Can we change license to GPL v3 to allow linking to libgnutls?


As the title requests, is there any reason to not change to GPLv3? As Gerald has commented on in the past (found on this site thanks to Google), and as discussed in various other places ( ) the license for dependencies used for decrypting SSL traffic has moved to GPLv3 and as a result it is no longer permissible to link to those libraries from something using GPLv2, or something (I am not a lawyer). Are there any reasons to stick with GPLv2 at this point? My understanding of the newer license is that it is a bit more forceful in its rules around really, truly being free, but there are countless articles online talking about that and the FSF has some helpful guides worth reviewing for those interested.

Thanks, AB

asked 14 Feb '13, 09:00

dajoker's gravatar image

accept rate: 0%

edited 14 Feb '13, 09:42

grahamb's gravatar image

grahamb ♦

One Answer:


GnuTLS is LGPLv3+ due to a dependency on GMP. There have been discussions about dual-licensing GMP as LGPLv3+ / GPLv2+ in the past but as far as I know no action has been taken. I don't know how the other Wireshark developers feel, but I think that:

  • Being forced to change our license by a library that we don't directly use is a bunch of crap. I'd prefer that the Wireshark developer community direct our licensing decisions, not GMP.
  • If we're going to change the license so we can link with GnuTLS, why not change it so that we can link with other SSL libraries (the obvious one being OpenSSL)?

Update: GnuTLS switched back to LGPLv2.1+ in version 3.1.10.

answered 14 Feb '13, 09:26

Gerald%20Combs's gravatar image

Gerald Combs ♦♦
accept rate: 24%

edited 07 Apr '13, 12:22


Thank-you for the quick response. I agree, needing to change a license because of something you do not even use (GMP in this case) would be frustrating. Perhaps I should have focused more on the end goal rather than one possible solution to the problem, and perhaps your second bullet point moves toward that goal: How do we get SSL decryption working for Linux in the long run?

I do not have any particularly strong ties to GnuTLS vs. OpenSSL. The Apache license works well for me in many cases and this "Apache-style" license used by OpenSSL would be just fine by me too (not that I count).

(14 Feb '13, 09:52) dajoker