1gnutls-cli-debug(1) User Commands gnutls-cli-debug(1)
2
6 gnutls-cli-debug - GnuTLS debug client
7
9 gnutls-cli-debug [-flags] [-flag [value]] [--option-name[[=| ]value]]
10 Operands and options may be intermixed. They will be reordered.
12
15 TLS debug client. It sets up multiple TLS connections to a server and
16 queries its capabilities. It was created to assist in debugging GnuTLS,
17 but it might be useful to extract a TLS server's capabilities. It con‐
18 nects to a TLS server, performs tests and print the server's capabili‐
19 ties. If called with the `-V' parameter more checks will be performed.
20 Can be used to check for servers with special needs or bugs.
21
23 -d number, --debug=number
24 Enable debugging. This option takes an integer number as its
25 argument. The value of number is constrained to being:
26 in the range 0 through 9999
27 Specifies the debug level.
29 -V, --verbose
31 More verbose output. This option may appear an unlimited number
32 of times.
33 -p number, --port=number
36 The port to connect to. This option takes an integer number as
37 its argument. The value of number is constrained to being:
38 in the range 0 through 65536
39 --app-proto
42 This is an alias for the --starttls-proto option.
43 --starttls-proto=string
45 The application protocol to be used to obtain the server's cer‐
46 tificate (https, ftp, smtp, imap, ldap, xmpp, lmtp, pop3, nntp,
47 sieve, postgres).
48 Specify the application layer protocol for STARTTLS. If the pro‐
50 tocol is supported, gnutls-cli will proceed to the TLS negotia‐
51 tion.
52 -h, --help
54 Display usage information and exit.
55 -!, --more-help
57 Pass the extended usage information through a pager.
58 -v [{v|c|n --version [{v|c|n}]}]
60 Output version of program and exit. The default mode is `v', a
61 simple version. The `c' mode will print copyright information
62 and `n' will print the full copyright notice.
63
65 $ gnutls-cli-debug localhost
66 GnuTLS debug client 3.5.0
67 Checking localhost:443
68 for SSL 3.0 (RFC6101) support... yes
69 whether we need to disable TLS 1.2... no
70 whether we need to disable TLS 1.1... no
71 whether we need to disable TLS 1.0... no
72 whether %NO_EXTENSIONS is required... no
73 whether %COMPAT is required... no
74 for TLS 1.0 (RFC2246) support... yes
75 for TLS 1.1 (RFC4346) support... yes
76 for TLS 1.2 (RFC5246) support... yes
77 fallback from TLS 1.6 to... TLS1.2
78 for RFC7507 inappropriate fallback... yes
79 for HTTPS server name... Local
80 for certificate chain order... sorted
81 for safe renegotiation (RFC5746) support... yes
82 for Safe renegotiation support (SCSV)... no
83 for encrypt-then-MAC (RFC7366) support... no
84 for ext master secret (RFC7627) support... no
85 for heartbeat (RFC6520) support... no
86 for version rollback bug in RSA PMS... dunno
87 for version rollback bug in Client Hello... no
88 whether the server ignores the RSA PMS version... yes
89 whether small records (512 bytes) are tolerated on handshake... yes
90 whether cipher suites not in SSL 3.0 spec are accepted... yes
91 whether a bogus TLS record version in the client hello is accepted... yes
92 whether the server understands TLS closure alerts... partially
93 whether the server supports session resumption... yes
94 for anonymous authentication support... no
95 for ephemeral Diffie-Hellman support... no
96 for ephemeral EC Diffie-Hellman support... yes
97 ephemeral EC Diffie-Hellman group info... SECP256R1
98 for AES-128-GCM cipher (RFC5288) support... yes
99 for AES-128-CCM cipher (RFC6655) support... no
100 for AES-128-CCM-8 cipher (RFC6655) support... no
101 for AES-128-CBC cipher (RFC3268) support... yes
102 for CAMELLIA-128-GCM cipher (RFC6367) support... no
103 for CAMELLIA-128-CBC cipher (RFC5932) support... no
104 for 3DES-CBC cipher (RFC2246) support... yes
105 for ARCFOUR 128 cipher (RFC2246) support... yes
106 for MD5 MAC support... yes
107 for SHA1 MAC support... yes
108 for SHA256 MAC support... yes
109 for ZLIB compression support... no
110 for max record size (RFC6066) support... no
111 for OCSP status response (RFC6066) support... no
112 for OpenPGP authentication (RFC6091) support... no
113 You could also use the client to debug services with starttls capabil‐
115 ity.
116 $ gnutls-cli-debug --starttls-proto smtp --port 25 localhost
117
120 One of the following exit values will be returned:
121 0 (EXIT_SUCCESS)
123 Successful program execution.
124 1 (EXIT_FAILURE)
126 The operation failed or the command syntax was not valid.
127 70 (EX_SOFTWARE)
129 libopts had an internal operational error. Please report it to
130 autogen-users@lists.sourceforge.net. Thank you.
131
133 gnutls-cli(1), gnutls-serv(1)
134
136 Nikos Mavrogiannopoulos, Simon Josefsson and others; see
137 /usr/share/doc/gnutls/AUTHORS for a complete list.
138
140 Copyright (C) 2000-@YEAR@ Free Software Foundation, and others all
141 rights reserved. This program is released under the terms of the GNU
142 General Public License, version 3 or later.
143
145 Please send bug reports to: @PACKAGE_BUGREPORT@
146
148 This manual page was AutoGen-erated from the gnutls-cli-debug option
149 definitions.
150@VERSION@ 19 Feb 2018 gnutls-cli-debug(1)