from small one page howto to huge articles all in one place
poll results
Last additions:
May 25th. 2007:
April, 26th. 2006:
| You are here: manpages
gnutls\-cli
Section: User Commands (1)
Updated: December 1st 2003
Index
Return to Main Contents
NAME
gnutls-cli - GnuTLS test client
SYNOPSIS
gnutls-cli [options] hostname
DESCRIPTION
Simple client program to set up a TLS connection to some other
computer. It sets up a TLS connection and forwards data from the
standard input to the secured socket and vice versa.
OPTIONS
Program control options
- -d, --debug LEVEL
-
Specify the debug level. Default is 1.
- -h, --help
-
Prints a short reminder of the command line options.
- -l, --list
-
Print a list of the supported algorithms and modes.
- -r, --resume
-
Connect, establish a session. Connect again and resume this session.
- -s, --starttls
-
Connect, establish a plain session and start TLS when EOF or a SIGALRM
is received.
- -v, --version
-
Prints the program's version number.
- -V, --verbose
-
More verbose output.
TLS/SSL control options
- --priority PRIORITY STRING
-
TLS algorithms and protocols to enable.
Unless the first keyword is "NONE" the defaults are:
-
Protocols: TLS1.1, TLS1.0, and SSL3.0.
-
Compression: NULL.
-
Certificate types: X.509, OpenPGP.
-
Signature algorithms: RSA-SHA1, RSA-MD2, RSA-MD5, RSA-SHA256, RSA-SHA512,
DSA-SHA1.
-
You can also use predefined sets of ciphersuites such as:
-
PERFORMANCE
all the "secure" ciphersuites are enabled, limited to 128 bit
ciphers and sorted by terms of speed performance.
-
NORMAL
option enables all "secure" ciphersuites. The 256-bit ciphers
are included as a fallback only. The ciphers are sorted by security
margin.
-
SECURE128
flag enables all "secure" ciphersuites with ciphers up to
128 bits, sorted by security margin.
-
SECURE256
flag enables all "secure" ciphersuites including the 256 bit
ciphers, sorted by security margin.
-
EXPORT
all the ciphersuites are enabled, including the
low-security 40 bit ciphers.
-
NONE
nothing is enabled. This disables even protocols and
compression methods.
-
-
Special keywords:
-
"!" or "-" appended with an algorithm will remove this algorithm.
-
"+" appended with an algorithm will add this algorithm.
-
"%COMPAT" will enable compatibility features for a server.
-
"%SSL3_RECORD_VERSION" force SSL3.0 record version in the first client
hello. This is to avoid buggy servers from terminating connection.
-
"%UNSAFE_RENEGOTIATION" Permits (re-)handshakes even unsafe ones.
-
"%PARTIAL_RENEGOTIATION" Prevents renegotiation with clients and servers not
supporting the safe renegotiation extension. (default)
-
"%SAFE_RENEGOTIATION" will enable safe renegotiation. This is the most
secure and recommended option for clients. However this will prevent from
connecting to legacy servers.
-
To avoid collisions in order to specify a compression algorithm in
this string you have to prefix it with "COMP-", protocol versions
with "VERS-" and certificate types with "CTYPE-". All other
algorithms don't need a prefix.
-
Examples:
-
"NORMAL"
-
"NORMAL:%COMPAT"
-
"NORMAL:!AES-128-CBC"
-
"NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"
- --crlf
-
Send CR LF instead of LF.
- -f, --fingerprint
-
Send the openpgp fingerprint, instead of the key.
- -p, --port integer
-
The port to connect to.
- --ciphers cipher1 cipher2...
-
Ciphers to enable (use gnutls-cli --list to show the
supported ciphers).
- --protocols protocol1 protocol2...
-
Protocols to enable (use gnutls-cli --list to show the
supported protocols).
- --comp comp1 comp2...
-
Compression methods to enable (use gnutls-cli --list to
show the supported methods).
- --macs mac1 mac2...
-
MACs to enable (use gnutls-cli --list to show the
supported MACs).
- --kx kx1 kx2...
-
Key exchange methods to enable (use gnutls-cli --list to
show the supported methods).
- --ctypes certType1 certType2...
-
Certificate types to enable (use gnutls-cli --list to show
the supported types).
- --recordsize integer
-
The maximum record size to advertize.
- --disable-extensions
-
Disable all the TLS extensions.
- --print-cert
-
Print the certificate in PEM format.
- --insecure
-
Don't abort program if server certificates can't be validated.
Certificate options
- --pgpcertfile FILE
-
PGP Public Key (certificate) file to use.
- --pgpkeyfile FILE
-
PGP Key file to use.
- --pgpkeyring FILE
-
PGP Key ring file to use.
- --pgptrustdb FILE
-
PGP trustdb file to use.
- --pgpsubkey HEX|auto2
-
PGP subkey to use.
- --srppasswd PASSWD
-
SRP password to use.
- --srpusername NAME
-
SRP username to use.
- --x509cafile FILE
-
Certificate file to use.
- --x509certfile FILE
-
X.509 Certificate file to use.
- --x509fmtder
-
Use DER format for certificates
- --x509keyfile FILE
-
X.509 key file to use.
- --x509crlfile FILE
-
X.509 CRL file to use.
- --pskusername NAME
-
PSK username to use.
- --pskkey KEY
-
PSK key (in hex) to use.
- --opaque-prf-input DATA
-
Use Opaque PRF Input DATA.
SEE ALSO
gnutls-cli-debug(1),
gnutls-serv(1)
AUTHOR
Nikos Mavroyanopoulos <nmav@gnutls.org> and others; see
/usr/share/doc/gnutls-bin/AUTHORS for a complete list.
This manual page was written by Ivo Timmermans <ivo@debian.org>, for
the Debian GNU/Linux system (but may be used by others).
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- OPTIONS
-
- Program control options
-
- TLS/SSL control options
-
- Certificate options
-
- SEE ALSO
-
- AUTHOR
-
Please read "Why adblockers are badwww.cars2fast4u.de
|
Other free services .
.
| 
|
|
- Running on 
-
:
: 
