NAME


gnutls-cli - GNU TLS test client

SYNOPSIS


gnutls-cli [options] hostname

DESCRIPTION


Simple client program to set up a TLS connection to some other computer. It sets up a TLS connection and forwards data from the standard input to the secured socket and vice versa.

OPTIONS


Program control options

--copyright Prints the program’s license.
-d, --debug LEVEL Specify the debug level. Default is 1.
-h, --help Prints a short reminder of the command line options.
-l, --list Print a list of the supported algorithms and modes.
-r, --resume Connect, establish a session. Connect again and resume this session.
-s, --starttls Connect, establish a plain session and start TLS when EOF or a SIGALRM is received.
-v, --version Prints the program’s version number.

TLS/SSL control options

--priority PRIORITY STRING TLS algorithms and protocols to enable. Unless the first keyword is "NONE" the defaults are:
Protocols: TLS1.1, TLS1.0, and SSL3.0.
Compression: NULL.
Certificate types: X.509, OpenPGP.
You can also use predefined sets of ciphersuites such as:
PERFORMANCE all the "secure" ciphersuites are enabled, limited to 128 bit ciphers and sorted by terms of speed performance.
NORMAL option enables all "secure" ciphersuites. The 256-bit ciphers are included as a fallback only. The ciphers are sorted by security margin.
SECURE128 flag enables all "secure" ciphersuites with ciphers up to 128 bits, sorted by security margin.
SECURE256 flag enables all "secure" ciphersuites including the 256 bit ciphers, sorted by security margin.
EXPORT all the ciphersuites are enabled, including the low-security 40 bit ciphers.
NONE nothing is enabled. This disables even protocols and compression methods.
Special keywords:
To avoid collisions in order to specify a compression algorithm in this string you have to prefix it with "COMP-", protocol versions with "VERS-" and certificate types with "CTYPE-". All other algorithms don’t need a prefix.
Examples:
"NORMAL"
"NORMAL:%COMPAT"
"NORMAL:!AES-128-CBC"
"NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"

--crlf Send CR LF instead of LF.
-f, --fingerprint Send the openpgp fingerprint, instead of the key.
-p, --port integer The port to connect to.
--protocols protocol1 protocol2... Protocols to enable (use gnutls-cli --list to show the supported protocols).
--recordsize integer The maximum record size to advertize.

Certificate options

--pgpcertfile FILE PGP Public Key (certificate) file to use.
--pgpkeyfile FILE PGP Key file to use.
--pgpkeyring FILE PGP Key ring file to use.
--pgptrustdb FILE PGP trustdb file to use.
--srppasswd PASSWD SRP password to use.
--srpusername NAME SRP username to use.
--x509cafile FILE Certificate file to use.
--x509certfile FILE X.509 Certificate file to use.
--x509fmtder Use DER format for certificates
--x509keyfile FILE X.509 key file to use.
--xml Print the certificate information in XML format.

SEE ALSO


gnutls-cli-debug(1), gnutls-serv(1)

AUTHOR


Nikos Mavroyanopoulos <nmav@gnutls.org> and others; see /usr/share/doc/gnutls-bin/AUTHORS for a complete list.

This manual page was written by Ivo Timmermans <ivo@debian.org>, for the Debian GNU/Linux system (but may be used by others).

openSUSE Logo

Contents