1gnutls-cli(1) General Commands Manual gnutls-cli(1)
2
3
4
6 gnutls-cli - GnuTLS test client
7
9 gnutls-cli [options] hostname
10
12 Simple client program to set up a TLS connection to some other com‐
13 puter. It sets up a TLS connection and forwards data from the standard
14 input to the secured socket and vice versa.
15
17 Program control options
18 -d, --debug LEVEL
19 Specify the debug level. Default is 1.
20
21 -h, --help
22 Prints a short reminder of the command line options.
23
24 -l, --list
25 Print a list of the supported algorithms and modes.
26
27 -r, --resume
28 Connect, establish a session. Connect again and resume this
29 session.
30
31 -s, --starttls
32 Connect, establish a plain session and start TLS when EOF or a
33 SIGALRM is received.
34
35 -v, --version
36 Prints the program's version number.
37
38 -V, --verbose
39 More verbose output.
40
41
42 TLS/SSL control options
43 --priority PRIORITY STRING
44 TLS algorithms and protocols to enable. You can use predefined
45 sets of ciphersuites such as:
46
47 PERFORMANCE all the "secure" ciphersuites are enabled, limited
48 to 128 bit ciphers and sorted by terms of speed performance.
49
50 NORMAL option enables all "secure" ciphersuites. The 256-bit
51 ciphers are included as a fallback only. The ciphers are sorted
52 by security margin.
53
54 SECURE128 flag enables all "secure" ciphersuites with ciphers up
55 to 128 bits, sorted by security margin.
56
57 SECURE256 flag enables all "secure" ciphersuites including the
58 256 bit ciphers, sorted by security margin.
59
60 EXPORT all the ciphersuites are enabled, including the low-secu‐
61 rity 40 bit ciphers.
62
63 NONE nothing is enabled. This disables even protocols and com‐
64 pression methods.
65
66 Check the GnuTLS manual on section "Priority strings" for more
67 information on allowed keywords.
68
69 Examples:
70
71 "NORMAL"
72
73 "NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-
74 NULL"
75
76 "NORMAL:-ARCFOUR-128" means normal ciphers except for ARC‐
77 FOUR-128.
78
79 "SECURE:-VERS-SSL3.0:+COMP-DEFLATE" means that only secure
80 ciphers are enabled, SSL3.0 is disabled, and libz compression
81 enabled.
82
83 "NONE:+VERS-TLS-ALL:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-
84 RSA-SHA1"
85
86 "NORMAL:%COMPAT" is the most compatible mode
87
88
89 --crlf Send CR LF instead of LF.
90
91 -f, --fingerprint
92 Send the openpgp fingerprint, instead of the key.
93
94 -p, --port integer
95 The port to connect to.
96
97 --ciphers cipher1 cipher2...
98 Ciphers to enable (use gnutls-cli --list to show the supported
99 ciphers).
100
101 --protocols protocol1 protocol2...
102 Protocols to enable (use gnutls-cli --list to show the supported
103 protocols).
104
105 --comp comp1 comp2...
106 Compression methods to enable (use gnutls-cli --list to show the
107 supported methods).
108
109 --macs mac1 mac2...
110 MACs to enable (use gnutls-cli --list to show the supported
111 MACs).
112
113 --kx kx1 kx2...
114 Key exchange methods to enable (use gnutls-cli --list to show
115 the supported methods).
116
117 --ctypes certType1 certType2...
118 Certificate types to enable (use gnutls-cli --list to show the
119 supported types).
120
121 --recordsize integer
122 The maximum record size to advertize.
123
124 --disable-extensions
125 Disable all the TLS extensions.
126
127 --print-cert
128 Print the certificate in PEM format.
129
130 --insecure
131 Don't abort program if server certificates can't be validated.
132
133
134 Certificate options
135 --pgpcertfile FILE
136 PGP Public Key (certificate) file to use.
137
138 --pgpkeyfile FILE
139 PGP Key file to use.
140
141 --pgpkeyring FILE
142 PGP Key ring file to use.
143
144 --pgptrustdb FILE
145 PGP trustdb file to use.
146
147 --pgpsubkey HEX|auto2
148 PGP subkey to use.
149
150 --srppasswd PASSWD
151 SRP password to use.
152
153 --srpusername NAME
154 SRP username to use.
155
156 --x509cafile FILE
157 Certificate file to use. This option accepts PKCS #11 URLs such
158 as "pkcs11:token=xxx"
159
160 --x509certfile FILE
161 X.509 Certificate file to use, or a PKCS #11 URL.
162
163 --x509fmtder
164 Use DER format for certificates
165
166 --x509keyfile FILE
167 X.509 key file or PKCS #11 URL to use.
168
169 --x509crlfile FILE
170 X.509 CRL file to use.
171
172 --pskusername NAME
173 PSK username to use.
174
175 --pskkey KEY
176 PSK key (in hex) to use.
177
178 --opaque-prf-input DATA
179 Use Opaque PRF Input DATA.
180
181
183 gnutls-cli-debug(1), gnutls-serv(1)
184
186 Nikos Mavrogiannopoulos <nmav@gnutls.org> and others; see
187 /usr/share/doc/gnutls-bin/AUTHORS for a complete list.
188
189 This manual page was written by Ivo Timmermans <ivo@debian.org>, for
190 the Debian GNU/Linux system (but may be used by others).
191
192
193
194 December 1st 2003 gnutls-cli(1)