gnutls-cli

Section: User Commands (1) Updated: December 1st 2003 Local index Up

NAME

gnutls-cli - GNU TLS test client

SYNOPSIS

gnutls-cli [options] hostname

DESCRIPTION

Simple client program to set up a TLS connection to some other computer. It sets up a TLS connection and forwards data from the standard input to the secured socket and vice versa.

OPTIONS

Program control options

-d, --debug LEVEL: Specify the debug level. Default is 1.
-h, --help: Prints a short reminder of the command line options.
-l, --list: Print a list of the supported algorithms and modes.
-r, --resume: Connect, establish a session. Connect again and resume this session.
-s, --starttls: Connect, establish a plain session and start TLS when EOF or a SIGALRM is received.
-v, --version: Prints the program's version number.
-V, --verbose: More verbose output.

TLS/SSL control options

--priority PRIORITY STRING: TLS algorithms and protocols to enable. Unless the first keyword is "NONE" the defaults are:
: Protocols: TLS1.1, TLS1.0, and SSL3.0.
: Compression: NULL.
: Certificate types: X.509, OpenPGP.
: You can also use predefined sets of ciphersuites such as:
: PERFORMANCE all the "secure" ciphersuites are enabled, limited to 128 bit ciphers and sorted by terms of speed performance.
: NORMAL option enables all "secure" ciphersuites. The 256-bit ciphers are included as a fallback only. The ciphers are sorted by security margin.
: SECURE128 flag enables all "secure" ciphersuites with ciphers up to 128 bits, sorted by security margin.
: SECURE256 flag enables all "secure" ciphersuites including the 256 bit ciphers, sorted by security margin.
: EXPORT all the ciphersuites are enabled, including the low-security 40 bit ciphers.
: NONE nothing is enabled. This disables even protocols and compression methods.

: Special keywords:
: "!" or "-" appended with an algorithm will remove this algorithm.
: "+" appended with an algorithm will add this algorithm.
: "%COMPAT" will enable compatibility features for a server.
: "%SSL3_RECORD_VERSION" force SSL3.0 record version in the first client hello. This is to avoid buggy servers from terminating connection.
: To avoid collisions in order to specify a compression algorithm in this string you have to prefix it with "COMP-", protocol versions with "VERS-" and certificate types with "CTYPE-". All other algorithms don't need a prefix.
: Examples:
: "NORMAL"
: "NORMAL:%COMPAT"
: "NORMAL:!AES-128-CBC"
: "NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"
--crlf: Send CR LF instead of LF.
-f, --fingerprint: Send the openpgp fingerprint, instead of the key.
-p, --port integer: The port to connect to.
--ciphers cipher1 cipher2...: Ciphers to enable (use gnutls-cli --list to show the supported ciphers).
--protocols protocol1 protocol2...: Protocols to enable (use gnutls-cli --list to show the supported protocols).
--comp comp1 comp2...: Compression methods to enable (use gnutls-cli --list to show the supported methods).
--macs mac1 mac2...: MACs to enable (use gnutls-cli --list to show the supported MACs).
--kx kx1 kx2...: Key exchange methods to enable (use gnutls-cli --list to show the supported methods).
--ctypes certType1 certType2...: Certificate types to enable (use gnutls-cli --list to show the supported types).
--recordsize integer: The maximum record size to advertize.
--disable-extensions: Disable all the TLS extensions.
--print-cert: Print the certificate in PEM format.
--insecure: Don't abort program if server certificates can't be validated.

Certificate options

--pgpcertfile FILE: PGP Public Key (certificate) file to use.
--pgpkeyfile FILE: PGP Key file to use.
--pgpkeyring FILE: PGP Key ring file to use.
--pgptrustdb FILE: PGP trustdb file to use.
--pgpsubkey HEX|auto2: PGP subkey to use.
--srppasswd PASSWD: SRP password to use.
--srpusername NAME: SRP username to use.
--x509cafile FILE: Certificate file to use.
--x509certfile FILE: X.509 Certificate file to use.
--x509fmtder: Use DER format for certificates
--x509keyfile FILE: X.509 key file to use.
--x509crlfile FILE: X.509 CRL file to use.
--pskusername NAME: PSK username to use.
--pskkey KEY: PSK key (in hex) to use.
--opaque-prf-input DATA: Use Opaque PRF Input DATA.

AUTHOR

Nikos Mavroyanopoulos <nmav@gnutls.org> and others; see /usr/share/doc/gnutls-bin/AUTHORS for a complete list.

This manual page was written by Ivo Timmermans <ivo@debian.org>, for the Debian GNU/Linux system (but may be used by others).

SEE ALSO

AUTHOR

This document was created by man2html, using the manual pages.
Time: 21:13:29 GMT, April 16, 2011