gnutls-cli man page on FreeBSD

Man page or keyword search:  
man Server   9747 pages
apropos Keyword Search (all sections)
Output format
FreeBSD logo
[printable version]

gnutls-cli(1)							 gnutls-cli(1)

NAME
       gnutls-cli - GNU TLS test client

SYNOPSIS
       gnutls-cli [options] hostname

DESCRIPTION
       Simple  client  program	to  set up a TLS connection to some other com‐
       puter.  It sets up a TLS connection and forwards data from the standard
       input to the secured socket and vice versa.

OPTIONS
   Program control options
       -d, --debug LEVEL
	      Specify the debug level. Default is 1.

       -h, --help
	      Prints a short reminder of the command line options.

       -l, --list
	      Print a list of the supported algorithms and modes.

       -r, --resume
	      Connect,	establish  a  session.	 Connect again and resume this
	      session.

       -s, --starttls
	      Connect, establish a plain session and start TLS when EOF	 or  a
	      SIGALRM is received.

       -v, --version
	      Prints the program's version number.

       -V, --verbose
	      More verbose output.

   TLS/SSL control options
       --priority PRIORITY STRING
	      TLS  algorithms  and protocols to enable.	 Unless the first key‐
	      word is "NONE" the defaults are:

	      Protocols: TLS1.1, TLS1.0, and SSL3.0.

	      Compression: NULL.

	      Certificate types: X.509, OpenPGP.

	      You can also use predefined sets of ciphersuites such as:

	      PERFORMANCE all the "secure" ciphersuites are  enabled,  limited
	      to 128 bit ciphers and sorted by terms of speed performance.

	      NORMAL  option  enables  all  "secure" ciphersuites. The 256-bit
	      ciphers are included as a fallback only. The ciphers are	sorted
	      by security margin.

	      SECURE128 flag enables all "secure" ciphersuites with ciphers up
	      to 128 bits, sorted by security margin.

	      SECURE256 flag enables all "secure" ciphersuites	including  the
	      256 bit ciphers, sorted by security margin.

	      EXPORT all the ciphersuites are enabled, including the low-secu‐
	      rity 40 bit ciphers.

	      NONE nothing is enabled. This disables even protocols  and  com‐
	      pression methods.

	      Special keywords:

	      "!"  or  "-"  appended  with an algorithm will remove this algo‐
	      rithm.

	      "+" appended with an algorithm will add this algorithm.

	      "%COMPAT" will enable compatibility features for a server.

	      "%SSL3_RECORD_VERSION" force SSL3.0 record version in the	 first
	      client  hello.  This  is to avoid buggy servers from terminating
	      connection.

	      To avoid collisions in order to specify a compression  algorithm
	      in this string you have to prefix it with "COMP-", protocol ver‐
	      sions with "VERS-" and  certificate  types  with	"CTYPE-".  All
	      other algorithms don't need a prefix.

	      Examples:

	      "NORMAL"

	      "NORMAL:%COMPAT"

	      "NORMAL:!AES-128-CBC"

	      "NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"

       --crlf Send CR LF instead of LF.

       -f, --fingerprint
	      Send the openpgp fingerprint, instead of the key.

       -p, --port integer
	      The port to connect to.

       --ciphers cipher1 cipher2...
	      Ciphers  to  enable (use gnutls-cli --list to show the supported
	      ciphers).

       --protocols protocol1 protocol2...
	      Protocols to enable (use gnutls-cli --list to show the supported
	      protocols).

       --comp comp1 comp2...
	      Compression methods to enable (use gnutls-cli --list to show the
	      supported methods).

       --macs mac1 mac2...
	      MACs to enable (use gnutls-cli  --list  to  show	the  supported
	      MACs).

       --kx kx1 kx2...
	      Key  exchange  methods  to enable (use gnutls-cli --list to show
	      the supported methods).

       --ctypes certType1 certType2...
	      Certificate types to enable (use gnutls-cli --list to  show  the
	      supported types).

       --recordsize integer
	      The maximum record size to advertize.

       --disable-extensions
	      Disable all the TLS extensions.

       --print-cert
	      Print the certificate in PEM format.

       --insecure
	      Don't abort program if server certificates can't be validated.

   Certificate options
       --pgpcertfile FILE
	      PGP Public Key (certificate) file to use.

       --pgpkeyfile FILE
	      PGP Key file to use.

       --pgpkeyring FILE
	      PGP Key ring file to use.

       --pgptrustdb FILE
	      PGP trustdb file to use.

       --pgpsubkey HEX|auto2
	      PGP subkey to use.

       --srppasswd PASSWD
	      SRP password to use.

       --srpusername NAME
	      SRP username to use.

       --x509cafile FILE
	      Certificate file to use.

       --x509certfile FILE
	      X.509 Certificate file to use.

       --x509fmtder
	      Use DER format for certificates

       --x509keyfile FILE
	      X.509 key file to use.

       --x509crlfile FILE
	      X.509 CRL file to use.

       --pskusername NAME
	      PSK username to use.

       --pskkey KEY
	      PSK key (in hex) to use.

       --opaque-prf-input DATA
	      Use Opaque PRF Input DATA.

SEE ALSO
       gnutls-cli-debug(1), gnutls-serv(1)

AUTHOR
       Nikos	 Mavroyanopoulos    <nmav@gnutls.org>	 and	others;	   see
       /usr/share/doc/gnutls-bin/AUTHORS for a complete list.

       This manual page was written by Ivo  Timmermans	<ivo@debian.org>,  for
       the Debian GNU/Linux system (but may be used by others).

			       December 1st 2003		 gnutls-cli(1)
[top]

List of man pages available for FreeBSD

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
...................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net