NAME
gnutls-cli - GNU TLS test client
SYNOPSIS
gnutls-cli [options] hostname
DESCRIPTION
Simple client program to set up a TLS connection to some other computer. It sets up a TLS connection and forwards data from the standard input to the secured socket and vice versa.
OPTIONS
Program control options
--copyright | Prints the programs license. |
-d, --debug LEVEL | Specify the debug level. Default is 1. |
-h, --help | Prints a short reminder of the command line options. |
-l, --list | Print a list of the supported algorithms and modes. |
-r, --resume | Connect, establish a session. Connect again and resume this session. |
-s, --starttls | Connect, establish a plain session and start TLS when EOF or a SIGALRM is received. |
-v, --version |
Prints the programs version number.
|
TLS/SSL control options
--priority PRIORITY STRING | TLS algorithms and protocols to enable. Unless the first keyword is "NONE" the defaults are: |
Protocols: TLS1.1, TLS1.0, and SSL3.0. | |
Compression: NULL. | |
Certificate types: X.509, OpenPGP. | |
You can also use predefined sets of ciphersuites such as: | |
PERFORMANCE all the "secure" ciphersuites are enabled, limited to 128 bit ciphers and sorted by terms of speed performance. | |
NORMAL option enables all "secure" ciphersuites. The 256-bit ciphers are included as a fallback only. The ciphers are sorted by security margin. | |
SECURE128 flag enables all "secure" ciphersuites with ciphers up to 128 bits, sorted by security margin. | |
SECURE256 flag enables all "secure" ciphersuites including the 256 bit ciphers, sorted by security margin. | |
EXPORT all the ciphersuites are enabled, including the low-security 40 bit ciphers. | |
NONE nothing is enabled. This disables even protocols and compression methods. | |
Special keywords: | |
To avoid collisions in order to specify a compression algorithm in this string you have to prefix it with "COMP-", protocol versions with "VERS-" and certificate types with "CTYPE-". All other algorithms dont need a prefix. | |
Examples: | |
"NORMAL" | |
"NORMAL:%COMPAT" | |
"NORMAL:!AES-128-CBC" | |
"NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"
| |
--crlf | Send CR LF instead of LF. |
-f, --fingerprint | Send the openpgp fingerprint, instead of the key. |
-p, --port integer | The port to connect to. |
--protocols protocol1 protocol2... | Protocols to enable (use gnutls-cli --list to show the supported protocols). |
--recordsize integer |
The maximum record size to advertize.
|
Certificate options
--pgpcertfile FILE | PGP Public Key (certificate) file to use. |
--pgpkeyfile FILE | PGP Key file to use. |
--pgpkeyring FILE | PGP Key ring file to use. |
--pgptrustdb FILE | PGP trustdb file to use. |
--srppasswd PASSWD | SRP password to use. |
--srpusername NAME | SRP username to use. |
--x509cafile FILE | Certificate file to use. |
--x509certfile FILE | X.509 Certificate file to use. |
--x509fmtder | Use DER format for certificates |
--x509keyfile FILE | X.509 key file to use. |
--xml |
Print the certificate information in XML format.
|
SEE ALSO
gnutls-cli-debug(1), gnutls-serv(1)
AUTHOR
Nikos Mavroyanopoulos <nmav@gnutls.org> and others; see /usr/share/doc/gnutls-bin/AUTHORS for a complete list.
This manual page was written by Ivo Timmermans <ivo@debian.org>, for the Debian GNU/Linux system (but may be used by others).