1gnutls-cli(1)               General Commands Manual              gnutls-cli(1)
2
3
4

NAME

6       gnutls-cli - GnuTLS test client
7

SYNOPSIS

9       gnutls-cli [options] hostname
10

DESCRIPTION

12       Simple  client  program  to  set up a TLS connection to some other com‐
13       puter.  It sets up a TLS connection and forwards data from the standard
14       input to the secured socket and vice versa.
15

OPTIONS

17   Program control options
18       -d, --debug LEVEL
19              Specify the debug level. Default is 1.
20
21       -h, --help
22              Prints a short reminder of the command line options.
23
24       -l, --list
25              Print a list of the supported algorithms and modes.
26
27       -r, --resume
28              Connect,  establish  a  session.   Connect again and resume this
29              session.
30
31       -s, --starttls
32              Connect, establish a plain session and start TLS when EOF  or  a
33              SIGALRM is received.
34
35       -v, --version
36              Prints the program's version number.
37
38       -V, --verbose
39              More verbose output.
40
41
42   TLS/SSL control options
43       --priority PRIORITY STRING
44              TLS  algorithms and protocols to enable.  You can use predefined
45              sets of ciphersuites such as:
46
47              PERFORMANCE all the "secure" ciphersuites are  enabled,  limited
48              to 128 bit ciphers and sorted by terms of speed performance.
49
50              NORMAL  option  enables  all  "secure" ciphersuites. The 256-bit
51              ciphers are included as a fallback only. The ciphers are  sorted
52              by security margin.
53
54              SECURE128 flag enables all "secure" ciphersuites with ciphers up
55              to 128 bits, sorted by security margin.
56
57              SECURE256 flag enables all "secure" ciphersuites  including  the
58              256 bit ciphers, sorted by security margin.
59
60              EXPORT all the ciphersuites are enabled, including the low-secu‐
61              rity 40 bit ciphers.
62
63              NONE nothing is enabled. This disables even protocols  and  com‐
64              pression methods.
65
66              Check  the  GnuTLS manual on section "Priority strings" for more
67              information on allowed keywords.
68
69              Examples:
70
71              "NORMAL"
72
73              "NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-
74              NULL"
75
76              "NORMAL:-ARCFOUR-128"  means  normal  ciphers  except  for  ARC‐
77              FOUR-128.
78
79              "SECURE:-VERS-SSL3.0:+COMP-DEFLATE"  means  that   only   secure
80              ciphers  are  enabled,  SSL3.0 is disabled, and libz compression
81              enabled.
82
83               "NONE:+VERS-TLS-ALL:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-
84              RSA-SHA1"
85
86              "NORMAL:%COMPAT" is the most compatible mode
87
88
89       --crlf Send CR LF instead of LF.
90
91       -f, --fingerprint
92              Send the openpgp fingerprint, instead of the key.
93
94       -p, --port integer
95              The port to connect to.
96
97       --ciphers cipher1 cipher2...
98              Ciphers  to  enable (use gnutls-cli --list to show the supported
99              ciphers).
100
101       --protocols protocol1 protocol2...
102              Protocols to enable (use gnutls-cli --list to show the supported
103              protocols).
104
105       --comp comp1 comp2...
106              Compression methods to enable (use gnutls-cli --list to show the
107              supported methods).
108
109       --macs mac1 mac2...
110              MACs to enable (use gnutls-cli  --list  to  show  the  supported
111              MACs).
112
113       --kx kx1 kx2...
114              Key  exchange  methods  to enable (use gnutls-cli --list to show
115              the supported methods).
116
117       --ctypes certType1 certType2...
118              Certificate types to enable (use gnutls-cli --list to  show  the
119              supported types).
120
121       --recordsize integer
122              The maximum record size to advertize.
123
124       --disable-extensions
125              Disable all the TLS extensions.
126
127       --print-cert
128              Print the certificate in PEM format.
129
130       --insecure
131              Don't abort program if server certificates can't be validated.
132
133
134   Certificate options
135       --pgpcertfile FILE
136              PGP Public Key (certificate) file to use.
137
138       --pgpkeyfile FILE
139              PGP Key file to use.
140
141       --pgpkeyring FILE
142              PGP Key ring file to use.
143
144       --pgptrustdb FILE
145              PGP trustdb file to use.
146
147       --pgpsubkey HEX|auto2
148              PGP subkey to use.
149
150       --srppasswd PASSWD
151              SRP password to use.
152
153       --srpusername NAME
154              SRP username to use.
155
156       --x509cafile FILE
157              Certificate  file to use. This option accepts PKCS #11 URLs such
158              as "pkcs11:token=xxx"
159
160       --x509certfile FILE
161              X.509 Certificate file to use, or a PKCS #11 URL.
162
163       --x509fmtder
164              Use DER format for certificates
165
166       --x509keyfile FILE
167              X.509 key file or PKCS #11 URL to use.
168
169       --x509crlfile FILE
170              X.509 CRL file to use.
171
172       --pskusername NAME
173              PSK username to use.
174
175       --pskkey KEY
176              PSK key (in hex) to use.
177
178       --opaque-prf-input DATA
179              Use Opaque PRF Input DATA.
180
181

SEE ALSO

183       gnutls-cli-debug(1), gnutls-serv(1)
184

AUTHOR

186       Nikos   Mavrogiannopoulos    <nmav@gnutls.org>    and    others;    see
187       /usr/share/doc/gnutls-bin/AUTHORS for a complete list.
188
189       This  manual  page  was written by Ivo Timmermans <ivo@debian.org>, for
190       the Debian GNU/Linux system (but may be used by others).
191
192
193
194                               December 1st 2003                 gnutls-cli(1)