1OPENSSL-S_CLIENT(1ossl)             OpenSSL            OPENSSL-S_CLIENT(1ossl)
2
3
4

NAME

6       openssl-s_client - SSL/TLS client program
7

SYNOPSIS

9       openssl s_client [-help] [-ssl_config section] [-connect host:port]
10       [-host hostname] [-port port] [-bind host:port] [-proxy host:port]
11       [-proxy_user userid] [-proxy_pass arg] [-unix path] [-4] [-6]
12       [-servername name] [-noservername] [-verify depth]
13       [-verify_return_error] [-verify_quiet] [-verifyCAfile filename]
14       [-verifyCApath dir] [-verifyCAstore uri] [-cert filename] [-certform
15       DER|PEM|P12] [-cert_chain filename] [-build_chain] [-CRL filename]
16       [-CRLform DER|PEM] [-crl_download] [-key filename|uri] [-keyform
17       DER|PEM|P12|ENGINE] [-pass arg] [-chainCAfile filename] [-chainCApath
18       directory] [-chainCAstore uri] [-requestCAfile filename]
19       [-dane_tlsa_domain domain] [-dane_tlsa_rrdata rrdata]
20       [-dane_ee_no_namechecks] [-reconnect] [-showcerts] [-prexit] [-debug]
21       [-trace] [-nocommands] [-security_debug] [-security_debug_verbose]
22       [-msg] [-timeout] [-mtu size] [-no_etm] [-keymatexport label]
23       [-keymatexportlen len] [-msgfile filename] [-nbio_test] [-state]
24       [-nbio] [-crlf] [-ign_eof] [-no_ign_eof] [-psk_identity identity] [-psk
25       key] [-psk_session file] [-quiet] [-sctp] [-sctp_label_bug]
26       [-fallback_scsv] [-async] [-maxfraglen len] [-max_send_frag]
27       [-split_send_frag] [-max_pipelines] [-read_buf]
28       [-ignore_unexpected_eof] [-bugs] [-comp] [-no_comp] [-brief]
29       [-legacy_server_connect] [-no_legacy_server_connect]
30       [-allow_no_dhe_kex] [-sigalgs sigalglist] [-curves curvelist] [-cipher
31       cipherlist] [-ciphersuites val] [-serverpref] [-starttls protocol]
32       [-name hostname] [-xmpphost hostname] [-name hostname] [-tlsextdebug]
33       [-no_ticket] [-sess_out filename] [-serverinfo types] [-sess_in
34       filename] [-serverinfo types] [-status] [-alpn protocols]
35       [-nextprotoneg protocols] [-ct] [-noct] [-ctlogfile] [-keylogfile file]
36       [-early_data file] [-enable_pha] [-use_srtp value] [-srpuser value]
37       [-srppass value] [-srp_lateuser] [-srp_moregroups] [-srp_strength
38       number] [-nameopt option] [-no_ssl3] [-no_tls1] [-no_tls1_1]
39       [-no_tls1_2] [-no_tls1_3] [-ssl3] [-tls1] [-tls1_1] [-tls1_2] [-tls1_3]
40       [-dtls] [-dtls1] [-dtls1_2] [-xkey infile] [-xcert file] [-xchain file]
41       [-xchain_build file] [-xcertform DER|PEM]> [-xkeyform DER|PEM]>
42       [-CAfile file] [-no-CAfile] [-CApath dir] [-no-CApath] [-CAstore uri]
43       [-no-CAstore] [-bugs] [-no_comp] [-comp] [-no_ticket] [-serverpref]
44       [-client_renegotiation] [-legacy_renegotiation] [-no_renegotiation]
45       [-no_resumption_on_reneg] [-legacy_server_connect]
46       [-no_legacy_server_connect] [-no_etm] [-allow_no_dhe_kex]
47       [-prioritize_chacha] [-strict] [-sigalgs algs] [-client_sigalgs algs]
48       [-groups groups] [-curves curves] [-named_curve curve] [-cipher
49       ciphers] [-ciphersuites 1.3ciphers] [-min_protocol minprot]
50       [-max_protocol maxprot] [-record_padding padding]
51       [-debug_broken_protocol] [-no_middlebox] [-rand files] [-writerand
52       file] [-provider name] [-provider-path path] [-propquery propq]
53       [-engine id] [-ssl_client_engine id] [-allow_proxy_certs] [-attime
54       timestamp] [-no_check_time] [-check_ss_sig] [-crl_check]
55       [-crl_check_all] [-explicit_policy] [-extended_crl] [-ignore_critical]
56       [-inhibit_any] [-inhibit_map] [-partial_chain] [-policy arg]
57       [-policy_check] [-policy_print] [-purpose purpose] [-suiteB_128]
58       [-suiteB_128_only] [-suiteB_192] [-trusted_first] [-no_alt_chains]
59       [-use_deltas] [-auth_level num] [-verify_depth num] [-verify_email
60       email] [-verify_hostname hostname] [-verify_ip ip] [-verify_name name]
61       [-x509_strict] [-issuer_checks] [host:port]
62

DESCRIPTION

64       This command implements a generic SSL/TLS client which connects to a
65       remote host using SSL/TLS. It is a very useful diagnostic tool for SSL
66       servers.
67

OPTIONS

69       In addition to the options below, this command also supports the common
70       and client only options documented in the "Supported Command Line
71       Commands" section of the SSL_CONF_cmd(3) manual page.
72
73       -help
74           Print out a usage message.
75
76       -ssl_config section
77           Use the specified section of the configuration file to configure
78           the SSL_CTX object.
79
80       -connect host:port
81           This specifies the host and optional port to connect to. It is
82           possible to select the host and port using the optional target
83           positional argument instead.  If neither this nor the target
84           positional argument are specified then an attempt is made to
85           connect to the local host on port 4433.
86
87       -host hostname
88           Host to connect to; use -connect instead.
89
90       -port port
91           Connect to the specified port; use -connect instead.
92
93       -bind host:port
94           This specifies the host address and or port to bind as the source
95           for the connection.  For Unix-domain sockets the port is ignored
96           and the host is used as the source socket address.
97
98       -proxy host:port
99           When used with the -connect flag, the program uses the host and
100           port specified with this flag and issues an HTTP CONNECT command to
101           connect to the desired server.
102
103       -proxy_user userid
104           When used with the -proxy flag, the program will attempt to
105           authenticate with the specified proxy using basic (base64)
106           authentication.  NB: Basic authentication is insecure; the
107           credentials are sent to the proxy in easily reversible base64
108           encoding before any TLS/SSL session is established.  Therefore,
109           these credentials are easily recovered by anyone able to
110           sniff/trace the network. Use with caution.
111
112       -proxy_pass arg
113           The proxy password source, used with the -proxy_user flag.  For
114           more information about the format of arg see
115           openssl-passphrase-options(1).
116
117       -unix path
118           Connect over the specified Unix-domain socket.
119
120       -4  Use IPv4 only.
121
122       -6  Use IPv6 only.
123
124       -servername name
125           Set the TLS SNI (Server Name Indication) extension in the
126           ClientHello message to the given value.  If -servername is not
127           provided, the TLS SNI extension will be populated with the name
128           given to -connect if it follows a DNS name format. If -connect is
129           not provided either, the SNI is set to "localhost".  This is the
130           default since OpenSSL 1.1.1.
131
132           Even though SNI should normally be a DNS name and not an IP
133           address, if -servername is provided then that name will be sent,
134           regardless of whether it is a DNS name or not.
135
136           This option cannot be used in conjunction with -noservername.
137
138       -noservername
139           Suppresses sending of the SNI (Server Name Indication) extension in
140           the ClientHello message. Cannot be used in conjunction with the
141           -servername or -dane_tlsa_domain options.
142
143       -cert filename
144           The client certificate to use, if one is requested by the server.
145           The default is not to use a certificate.
146
147           The chain for the client certificate may be specified using
148           -cert_chain.
149
150       -certform DER|PEM|P12
151           The client certificate file format to use; unspecified by default.
152           See openssl-format-options(1) for details.
153
154       -cert_chain
155           A file or URI of untrusted certificates to use when attempting to
156           build the certificate chain related to the certificate specified
157           via the -cert option.  The input can be in PEM, DER, or PKCS#12
158           format.
159
160       -build_chain
161           Specify whether the application should build the client certificate
162           chain to be provided to the server.
163
164       -CRL filename
165           CRL file to use to check the server's certificate.
166
167       -CRLform DER|PEM
168           The CRL file format; unspecified by default.  See
169           openssl-format-options(1) for details.
170
171       -crl_download
172           Download CRL from distribution points in the certificate.
173
174       -key filename|uri
175           The client private key to use.  If not specified then the
176           certificate file will be used to read also the key.
177
178       -keyform DER|PEM|P12|ENGINE
179           The key format; unspecified by default.  See
180           openssl-format-options(1) for details.
181
182       -pass arg
183           the private key and certificate file password source.  For more
184           information about the format of arg see
185           openssl-passphrase-options(1).
186
187       -verify depth
188           The verify depth to use. This specifies the maximum length of the
189           server certificate chain and turns on server certificate
190           verification.  Currently the verify operation continues after
191           errors so all the problems with a certificate chain can be seen. As
192           a side effect the connection will never fail due to a server
193           certificate verify failure.
194
195       -verify_return_error
196           Return verification errors instead of continuing. This will
197           typically abort the handshake with a fatal error.
198
199       -verify_quiet
200           Limit verify output to only errors.
201
202       -verifyCAfile filename
203           A file in PEM format containing trusted certificates to use for
204           verifying the server's certificate.
205
206       -verifyCApath dir
207           A directory containing trusted certificates to use for verifying
208           the server's certificate.  This directory must be in "hash format",
209           see openssl-verify(1) for more information.
210
211       -verifyCAstore uri
212           The URI of a store containing trusted certificates to use for
213           verifying the server's certificate.
214
215       -chainCAfile file
216           A file in PEM format containing trusted certificates to use when
217           attempting to build the client certificate chain.
218
219       -chainCApath directory
220           A directory containing trusted certificates to use for building the
221           client certificate chain provided to the server.  This directory
222           must be in "hash format", see openssl-verify(1) for more
223           information.
224
225       -chainCAstore uri
226           The URI of a store containing trusted certificates to use when
227           attempting to build the client certificate chain.  The URI may
228           indicate a single certificate, as well as a collection of them.
229           With URIs in the "file:" scheme, this acts as -chainCAfile or
230           -chainCApath, depending on if the URI indicates a directory or a
231           single file.  See ossl_store-file(7) for more information on the
232           "file:" scheme.
233
234       -requestCAfile file
235           A file containing a list of certificates whose subject names will
236           be sent to the server in the certificate_authorities extension.
237           Only supported for TLS 1.3
238
239       -dane_tlsa_domain domain
240           Enable RFC6698/RFC7671 DANE TLSA authentication and specify the
241           TLSA base domain which becomes the default SNI hint and the primary
242           reference identifier for hostname checks.  This must be used in
243           combination with at least one instance of the -dane_tlsa_rrdata
244           option below.
245
246           When DANE authentication succeeds, the diagnostic output will
247           include the lowest (closest to 0) depth at which a TLSA record
248           authenticated a chain certificate.  When that TLSA record is a "2 1
249           0" trust anchor public key that signed (rather than matched) the
250           top-most certificate of the chain, the result is reported as "TA
251           public key verified".  Otherwise, either the TLSA record "matched
252           TA certificate" at a positive depth or else "matched EE
253           certificate" at depth 0.
254
255       -dane_tlsa_rrdata rrdata
256           Use one or more times to specify the RRDATA fields of the DANE TLSA
257           RRset associated with the target service.  The rrdata value is
258           specified in "presentation form", that is four whitespace separated
259           fields that specify the usage, selector, matching type and
260           associated data, with the last of these encoded in hexadecimal.
261           Optional whitespace is ignored in the associated data field.  For
262           example:
263
264             $ openssl s_client -brief -starttls smtp \
265               -connect smtp.example.com:25 \
266               -dane_tlsa_domain smtp.example.com \
267               -dane_tlsa_rrdata "2 1 1
268                 B111DD8A1C2091A89BD4FD60C57F0716CCE50FEEFF8137CDBEE0326E 02CF362B" \
269               -dane_tlsa_rrdata "2 1 1
270                 60B87575447DCBA2A36B7D11AC09FB24A9DB406FEE12D2CC90180517 616E8A18"
271             ...
272             Verification: OK
273             Verified peername: smtp.example.com
274             DANE TLSA 2 1 1 ...ee12d2cc90180517616e8a18 matched TA certificate at depth 1
275             ...
276
277       -dane_ee_no_namechecks
278           This disables server name checks when authenticating via DANE-EE(3)
279           TLSA records.  For some applications, primarily web browsers, it is
280           not safe to disable name checks due to "unknown key share" attacks,
281           in which a malicious server can convince a client that a connection
282           to a victim server is instead a secure connection to the malicious
283           server.  The malicious server may then be able to violate cross-
284           origin scripting restrictions.  Thus, despite the text of RFC7671,
285           name checks are by default enabled for DANE-EE(3) TLSA records, and
286           can be disabled in applications where it is safe to do so.  In
287           particular, SMTP and XMPP clients should set this option as SRV and
288           MX records already make it possible for a remote domain to redirect
289           client connections to any server of its choice, and in any case
290           SMTP and XMPP clients do not execute scripts downloaded from remote
291           servers.
292
293       -reconnect
294           Reconnects to the same server 5 times using the same session ID,
295           this can be used as a test that session caching is working.
296
297       -showcerts
298           Displays the server certificate list as sent by the server: it only
299           consists of certificates the server has sent (in the order the
300           server has sent them). It is not a verified chain.
301
302       -prexit
303           Print session information when the program exits. This will always
304           attempt to print out information even if the connection fails.
305           Normally information will only be printed out once if the
306           connection succeeds. This option is useful because the cipher in
307           use may be renegotiated or the connection may fail because a client
308           certificate is required or is requested only after an attempt is
309           made to access a certain URL. Note: the output produced by this
310           option is not always accurate because a connection might never have
311           been established.
312
313       -state
314           Prints out the SSL session states.
315
316       -debug
317           Print extensive debugging information including a hex dump of all
318           traffic.
319
320       -nocommands
321           Do not use interactive command letters.
322
323       -security_debug
324           Enable security debug messages.
325
326       -security_debug_verbose
327           Output more security debug output.
328
329       -msg
330           Show protocol messages.
331
332       -timeout
333           Enable send/receive timeout on DTLS connections.
334
335       -mtu size
336           Set MTU of the link layer to the specified size.
337
338       -no_etm
339           Disable Encrypt-then-MAC negotiation.
340
341       -keymatexport label
342           Export keying material using the specified label.
343
344       -keymatexportlen len
345           Export the specified number of bytes of keying material; default is
346           20.
347
348           Show all protocol messages with hex dump.
349
350       -trace
351           Show verbose trace output of protocol messages.
352
353       -msgfile filename
354           File to send output of -msg or -trace to, default standard output.
355
356       -nbio_test
357           Tests nonblocking I/O
358
359       -nbio
360           Turns on nonblocking I/O
361
362       -crlf
363           This option translated a line feed from the terminal into CR+LF as
364           required by some servers.
365
366       -ign_eof
367           Inhibit shutting down the connection when end of file is reached in
368           the input.
369
370       -quiet
371           Inhibit printing of session and certificate information.  This
372           implicitly turns on -ign_eof as well.
373
374       -no_ign_eof
375           Shut down the connection when end of file is reached in the input.
376           Can be used to override the implicit -ign_eof after -quiet.
377
378       -psk_identity identity
379           Use the PSK identity identity when using a PSK cipher suite.  The
380           default value is "Client_identity" (without the quotes).
381
382       -psk key
383           Use the PSK key key when using a PSK cipher suite. The key is given
384           as a hexadecimal number without leading 0x, for example -psk
385           1a2b3c4d.  This option must be provided in order to use a PSK
386           cipher.
387
388       -psk_session file
389           Use the pem encoded SSL_SESSION data stored in file as the basis of
390           a PSK.  Note that this will only work if TLSv1.3 is negotiated.
391
392       -sctp
393           Use SCTP for the transport protocol instead of UDP in DTLS. Must be
394           used in conjunction with -dtls, -dtls1 or -dtls1_2. This option is
395           only available where OpenSSL has support for SCTP enabled.
396
397       -sctp_label_bug
398           Use the incorrect behaviour of older OpenSSL implementations when
399           computing endpoint-pair shared secrets for DTLS/SCTP. This allows
400           communication with older broken implementations but breaks
401           interoperability with correct implementations. Must be used in
402           conjunction with -sctp. This option is only available where OpenSSL
403           has support for SCTP enabled.
404
405       -fallback_scsv
406           Send TLS_FALLBACK_SCSV in the ClientHello.
407
408       -async
409           Switch on asynchronous mode. Cryptographic operations will be
410           performed asynchronously. This will only have an effect if an
411           asynchronous capable engine is also used via the -engine option.
412           For test purposes the dummy async engine (dasync) can be used (if
413           available).
414
415       -maxfraglen len
416           Enable Maximum Fragment Length Negotiation; allowed values are 512,
417           1024, 2048, and 4096.
418
419       -max_send_frag int
420           The maximum size of data fragment to send.  See
421           SSL_CTX_set_max_send_fragment(3) for further information.
422
423       -split_send_frag int
424           The size used to split data for encrypt pipelines. If more data is
425           written in one go than this value then it will be split into
426           multiple pipelines, up to the maximum number of pipelines defined
427           by max_pipelines. This only has an effect if a suitable cipher
428           suite has been negotiated, an engine that supports pipelining has
429           been loaded, and max_pipelines is greater than 1. See
430           SSL_CTX_set_split_send_fragment(3) for further information.
431
432       -max_pipelines int
433           The maximum number of encrypt/decrypt pipelines to be used. This
434           will only have an effect if an engine has been loaded that supports
435           pipelining (e.g. the dasync engine) and a suitable cipher suite has
436           been negotiated. The default value is 1.  See
437           SSL_CTX_set_max_pipelines(3) for further information.
438
439       -read_buf int
440           The default read buffer size to be used for connections. This will
441           only have an effect if the buffer size is larger than the size that
442           would otherwise be used and pipelining is in use (see
443           SSL_CTX_set_default_read_buffer_len(3) for further information).
444
445       -ignore_unexpected_eof
446           Some TLS implementations do not send the mandatory close_notify
447           alert on shutdown. If the application tries to wait for the
448           close_notify alert but the peer closes the connection without
449           sending it, an error is generated. When this option is enabled the
450           peer does not need to send the close_notify alert and a closed
451           connection will be treated as if the close_notify alert was
452           received.  For more information on shutting down a connection, see
453           SSL_shutdown(3).
454
455       -bugs
456           There are several known bugs in SSL and TLS implementations. Adding
457           this option enables various workarounds.
458
459       -comp
460           Enables support for SSL/TLS compression.  This option was
461           introduced in OpenSSL 1.1.0.  TLS compression is not recommended
462           and is off by default as of OpenSSL 1.1.0.
463
464       -no_comp
465           Disables support for SSL/TLS compression.  TLS compression is not
466           recommended and is off by default as of OpenSSL 1.1.0.
467
468       -brief
469           Only provide a brief summary of connection parameters instead of
470           the normal verbose output.
471
472       -sigalgs sigalglist
473           Specifies the list of signature algorithms that are sent by the
474           client.  The server selects one entry in the list based on its
475           preferences.  For example strings, see SSL_CTX_set1_sigalgs(3)
476
477       -curves curvelist
478           Specifies the list of supported curves to be sent by the client.
479           The curve is ultimately selected by the server. For a list of all
480           curves, use:
481
482               $ openssl ecparam -list_curves
483
484       -cipher cipherlist
485           This allows the TLSv1.2 and below cipher list sent by the client to
486           be modified.  This list will be combined with any TLSv1.3
487           ciphersuites that have been configured. Although the server
488           determines which ciphersuite is used it should take the first
489           supported cipher in the list sent by the client. See
490           openssl-ciphers(1) for more information.
491
492       -ciphersuites val
493           This allows the TLSv1.3 ciphersuites sent by the client to be
494           modified. This list will be combined with any TLSv1.2 and below
495           ciphersuites that have been configured. Although the server
496           determines which cipher suite is used it should take the first
497           supported cipher in the list sent by the client. See
498           openssl-ciphers(1) for more information. The format for this list
499           is a simple colon (":") separated list of TLSv1.3 ciphersuite
500           names.
501
502       -starttls protocol
503           Send the protocol-specific message(s) to switch to TLS for
504           communication.  protocol is a keyword for the intended protocol.
505           Currently, the only supported keywords are "smtp", "pop3", "imap",
506           "ftp", "xmpp", "xmpp-server", "irc", "postgres", "mysql", "lmtp",
507           "nntp", "sieve" and "ldap".
508
509       -xmpphost hostname
510           This option, when used with "-starttls xmpp" or "-starttls xmpp-
511           server", specifies the host for the "to" attribute of the stream
512           element.  If this option is not specified, then the host specified
513           with "-connect" will be used.
514
515           This option is an alias of the -name option for "xmpp" and "xmpp-
516           server".
517
518       -name hostname
519           This option is used to specify hostname information for various
520           protocols used with -starttls option. Currently only "xmpp", "xmpp-
521           server", "smtp" and "lmtp" can utilize this -name option.
522
523           If this option is used with "-starttls xmpp" or "-starttls xmpp-
524           server", if specifies the host for the "to" attribute of the stream
525           element. If this option is not specified, then the host specified
526           with "-connect" will be used.
527
528           If this option is used with "-starttls lmtp" or "-starttls smtp",
529           it specifies the name to use in the "LMTP LHLO" or "SMTP EHLO"
530           message, respectively. If this option is not specified, then
531           "mail.example.com" will be used.
532
533       -tlsextdebug
534           Print out a hex dump of any TLS extensions received from the
535           server.
536
537       -no_ticket
538           Disable RFC4507bis session ticket support.
539
540       -sess_out filename
541           Output SSL session to filename.
542
543       -sess_in filename
544           Load SSL session from filename. The client will attempt to resume a
545           connection from this session.
546
547       -serverinfo types
548           A list of comma-separated TLS Extension Types (numbers between 0
549           and 65535).  Each type will be sent as an empty ClientHello TLS
550           Extension.  The server's response (if any) will be encoded and
551           displayed as a PEM file.
552
553       -status
554           Sends a certificate status request to the server (OCSP stapling).
555           The server response (if any) is printed out.
556
557       -alpn protocols, -nextprotoneg protocols
558           These flags enable the Enable the Application-Layer Protocol
559           Negotiation or Next Protocol Negotiation (NPN) extension,
560           respectively. ALPN is the IETF standard and replaces NPN.  The
561           protocols list is a comma-separated list of protocol names that the
562           client should advertise support for. The list should contain the
563           most desirable protocols first.  Protocol names are printable ASCII
564           strings, for example "http/1.1" or "spdy/3".  An empty list of
565           protocols is treated specially and will cause the client to
566           advertise support for the TLS extension but disconnect just after
567           receiving ServerHello with a list of server supported protocols.
568           The flag -nextprotoneg cannot be specified if -tls1_3 is used.
569
570       -ct, -noct
571           Use one of these two options to control whether Certificate
572           Transparency (CT) is enabled (-ct) or disabled (-noct).  If CT is
573           enabled, signed certificate timestamps (SCTs) will be requested
574           from the server and reported at handshake completion.
575
576           Enabling CT also enables OCSP stapling, as this is one possible
577           delivery method for SCTs.
578
579       -ctlogfile
580           A file containing a list of known Certificate Transparency logs.
581           See SSL_CTX_set_ctlog_list_file(3) for the expected file format.
582
583       -keylogfile file
584           Appends TLS secrets to the specified keylog file such that external
585           programs (like Wireshark) can decrypt TLS connections.
586
587       -early_data file
588           Reads the contents of the specified file and attempts to send it as
589           early data to the server. This will only work with resumed sessions
590           that support early data and when the server accepts the early data.
591
592       -enable_pha
593           For TLSv1.3 only, send the Post-Handshake Authentication extension.
594           This will happen whether or not a certificate has been provided via
595           -cert.
596
597       -use_srtp value
598           Offer SRTP key management, where value is a colon-separated profile
599           list.
600
601       -srpuser value
602           Set the SRP username to the specified value. This option is
603           deprecated.
604
605       -srppass value
606           Set the SRP password to the specified value. This option is
607           deprecated.
608
609       -srp_lateuser
610           SRP username for the second ClientHello message. This option is
611           deprecated.
612
613       -srp_moregroups  This option is deprecated.
614           Tolerate other than the known g and N values.
615
616       -srp_strength number
617           Set the minimal acceptable length, in bits, for N.  This option is
618           deprecated.
619
620       -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3, -ssl3, -tls1,
621       -tls1_1, -tls1_2, -tls1_3
622           See "TLS Version Options" in openssl(1).
623
624       -dtls, -dtls1, -dtls1_2
625           These specify the use of DTLS instead of TLS.  See "TLS Version
626           Options" in openssl(1).
627
628       -nameopt option
629           This specifies how the subject or issuer names are displayed.  See
630           openssl-namedisplay-options(1) for details.
631
632       -xkey infile, -xcert file, -xchain file, -xchain_build file, -xcertform
633       DER|PEM, -xkeyform DER|PEM
634           Set extended certificate verification options.  See "Extended
635           Verification Options" in openssl-verification-options(1) for
636           details.
637
638       -CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri,
639       -no-CAstore
640           See "Trusted Certificate Options" in
641           openssl-verification-options(1) for details.
642
643       -bugs, -comp, -no_comp, -no_ticket, -serverpref, -client_renegotiation,
644       -legacy_renegotiation, -no_renegotiation, -no_resumption_on_reneg,
645       -legacy_server_connect, -no_legacy_server_connect, -no_etm
646       -allow_no_dhe_kex, -prioritize_chacha, -strict, -sigalgs algs,
647       -client_sigalgs algs, -groups groups, -curves curves, -named_curve
648       curve, -cipher ciphers, -ciphersuites 1.3ciphers, -min_protocol
649       minprot, -max_protocol maxprot, -record_padding padding,
650       -debug_broken_protocol, -no_middlebox
651           See "SUPPORTED COMMAND LINE COMMANDS" in SSL_CONF_cmd(3) for
652           details.
653
654       -rand files, -writerand file
655           See "Random State Options" in openssl(1) for details.
656
657       -provider name
658       -provider-path path
659       -propquery propq
660           See "Provider Options" in openssl(1), provider(7), and property(7).
661
662       -engine id
663           See "Engine Options" in openssl(1).  This option is deprecated.
664
665       -ssl_client_engine id
666           Specify engine to be used for client certificate operations.
667
668       -allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check,
669       -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical,
670       -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy,
671       -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only,
672       -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth,
673       -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict
674       -issuer_checks
675           Set various options of certificate chain verification.  See
676           "Verification Options" in openssl-verification-options(1) for
677           details.
678
679           Verification errors are displayed, for debugging, but the command
680           will proceed unless the -verify_return_error option is used.
681
682       host:port
683           Rather than providing -connect, the target hostname and optional
684           port may be provided as a single positional argument after all
685           options. If neither this nor -connect are provided, falls back to
686           attempting to connect to localhost on port 4433.
687

CONNECTED COMMANDS

689       If a connection is established with an SSL server then any data
690       received from the server is displayed and any key presses will be sent
691       to the server. If end of file is reached then the connection will be
692       closed down. When used interactively (which means neither -quiet nor
693       -ign_eof have been given), then certain commands are also recognized
694       which perform special operations. These commands are a letter which
695       must appear at the start of a line. They are listed below.
696
697       Q   End the current SSL connection and exit.
698
699       R   Renegotiate the SSL session (TLSv1.2 and below only).
700
701       k   Send a key update message to the server (TLSv1.3 only)
702
703       K   Send a key update message to the server and request one back
704           (TLSv1.3 only)
705

NOTES

707       This command can be used to debug SSL servers. To connect to an SSL
708       HTTP server the command:
709
710        openssl s_client -connect servername:443
711
712       would typically be used (https uses port 443). If the connection
713       succeeds then an HTTP command can be given such as "GET /" to retrieve
714       a web page.
715
716       If the handshake fails then there are several possible causes, if it is
717       nothing obvious like no client certificate then the -bugs, -ssl3,
718       -tls1, -no_ssl3, -no_tls1 options can be tried in case it is a buggy
719       server. In particular you should play with these options before
720       submitting a bug report to an OpenSSL mailing list.
721
722       A frequent problem when attempting to get client certificates working
723       is that a web client complains it has no certificates or gives an empty
724       list to choose from. This is normally because the server is not sending
725       the clients certificate authority in its "acceptable CA list" when it
726       requests a certificate. By using this command, the CA list can be
727       viewed and checked. However, some servers only request client
728       authentication after a specific URL is requested. To obtain the list in
729       this case it is necessary to use the -prexit option and send an HTTP
730       request for an appropriate page.
731
732       If a certificate is specified on the command line using the -cert
733       option it will not be used unless the server specifically requests a
734       client certificate. Therefore, merely including a client certificate on
735       the command line is no guarantee that the certificate works.
736
737       If there are problems verifying a server certificate then the
738       -showcerts option can be used to show all the certificates sent by the
739       server.
740
741       This command is a test tool and is designed to continue the handshake
742       after any certificate verification errors. As a result it will accept
743       any certificate chain (trusted or not) sent by the peer. Non-test
744       applications should not do this as it makes them vulnerable to a MITM
745       attack. This behaviour can be changed by with the -verify_return_error
746       option: any verify errors are then returned aborting the handshake.
747
748       The -bind option may be useful if the server or a firewall requires
749       connections to come from some particular address and or port.
750

BUGS

752       Because this program has a lot of options and also because some of the
753       techniques used are rather old, the C source for this command is rather
754       hard to read and not a model of how things should be done.  A typical
755       SSL client program would be much simpler.
756
757       The -prexit option is a bit of a hack. We should really report
758       information whenever a session is renegotiated.
759

SEE ALSO

761       openssl(1), openssl-sess_id(1), openssl-s_server(1),
762       openssl-ciphers(1), SSL_CONF_cmd(3), SSL_CTX_set_max_send_fragment(3),
763       SSL_CTX_set_split_send_fragment(3), SSL_CTX_set_max_pipelines(3),
764       ossl_store-file(7)
765

HISTORY

767       The -no_alt_chains option was added in OpenSSL 1.1.0.  The -name option
768       was added in OpenSSL 1.1.1.
769
770       The -certform option has become obsolete in OpenSSL 3.0.0 and has no
771       effect.
772
773       The -engine option was deprecated in OpenSSL 3.0.
774
776       Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
777
778       Licensed under the Apache License 2.0 (the "License").  You may not use
779       this file except in compliance with the License.  You can obtain a copy
780       in the file LICENSE in the source distribution or at
781       <https://www.openssl.org/source/license.html>.
782
783
784
7853.1.1                             2023-08-31           OPENSSL-S_CLIENT(1ossl)
Impressum