38
gnutls-cli - GnuTLS client - Ver. 3.0.22
39
USAGE: gnutls-cli [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [hostname]
39
gnutls-cli - GnuTLS client
40
Usage: gnutls-cli [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [hostname]
41
42
-d, --debug=num Enable debugging.
42
- It must be in the range:
43
- it must be in the range:
44
45
-V, --verbose More verbose output
45
46
- may appear multiple times
46
47
--tofu Enable trust on first use authentication
47
- disabled as --no-tofu
48
- disabled as '--no-tofu'
49
--dane Enable DANE certificate verification (DNSSEC)
50
- disabled as '--no-dane'
51
--local-dns Use the local DNS server for DNSSEC resolving.
52
- disabled as '--no-local-dns'
53
--ca-verification Disable CA certificate verification
54
- disabled as '--no-ca-verification'
48
56
--ocsp Enable OCSP certificate verification
49
- disabled as --no-ocsp
57
- disabled as '--no-ocsp'
50
58
-r, --resume Establish a session and resume
51
59
-e, --rehandshake Establish a session and rehandshake
52
--noticket Don't accept session tickets
53
60
-s, --starttls Connect, establish a plain session and start TLS.
54
61
-u, --udp Use DTLS (datagram TLS) over UDP
55
62
--mtu=num Set MTU for datagram TLS
56
- It must be in the range:
63
- it must be in the range:
58
65
--crlf Send CR LF instead of LF
59
66
--x509fmtder Use DER format for certificates to read from
60
67
-f, --fingerprint Send the openpgp fingerprint, instead of the key
61
--disable-extensions Disable all the TLS extensions
62
68
--print-cert Print peer's certificate in PEM format
63
--recordsize=num The maximum record size to advertize
64
- It must be in the range:
69
--dh-bits=num The minimum number of bits allowed for DH
66
70
--priority=str Priorities string
67
71
--x509cafile=str Certificate file or PKCS #11 URL to use
68
72
--x509crlfile=file CRL file to use
82
86
--pskkey=str PSK key (in hex) to use
83
87
-p, --port=str The port or service to connect to
84
88
--insecure Don't abort program if server certificate can't be validated
89
--ranges Use length-hiding padding to prevent traffic analysis
85
90
--benchmark-ciphers Benchmark individual ciphers
86
91
--benchmark-soft-ciphers Benchmark individual software ciphers (no hw acceleration)
87
--benchmark-tls Benchmark ciphers and key exchange methods in TLS
92
--benchmark-tls-kx Benchmark TLS key exchange methods
93
--benchmark-tls-ciphers Benchmark TLS ciphers
88
94
-l, --list Print a list of the supported algorithms and modes
89
-v, --version[=arg] Output version information and exit
90
-h, --help Display extended usage information and exit
91
-!, --more-help Extended usage information passed thru pager
95
--noticket Don't allow session tickets
96
--srtp-profiles=str Offer SRTP profiles
97
--alpn=str Application layer protocol
98
- may appear multiple times
99
-b, --heartbeat Activate heartbeat support
100
--recordsize=num The maximum record size to advertize
101
- it must be in the range:
103
--disable-sni Do not send a Server Name Indication (SNI)
104
--disable-extensions Disable all the TLS extensions
105
-v, --version[=arg] output version information and exit
106
-h, --help display extended usage information and exit
107
-!, --more-help extended usage information passed thru pager
93
109
Options are specified by doubled hyphens and their name or by a single
94
110
hyphen and the flag character.
95
111
Operands and options may be intermixed. They will be reordered.
99
113
Simple client program to set up a TLS connection to some other computer. It
100
114
sets up a TLS connection and forwards data from the standard input to the
101
115
secured socket and vice versa.
103
please send bug reports to: bug-gnutls@@gnu.org
117
Please send bug reports to: <bug-gnutls@@gnu.org>
107
121
@anchor{gnutls-cli debug}
108
122
@subheading debug option (-d)
109
@cindex gnutls-cli-debug
111
124
This is the ``enable debugging.'' option.
112
125
This option takes an argument number.
113
126
Specifies the debug level.
114
127
@anchor{gnutls-cli tofu}
115
128
@subheading tofu option
116
@cindex gnutls-cli-tofu
118
130
This is the ``enable trust on first use authentication'' option.
119
131
This option will, in addition to certificate authentication, perform authentication based on previously seen public keys, a model similar to SSH authentication.
132
@anchor{gnutls-cli dane}
133
@subheading dane option
135
This is the ``enable dane certificate verification (dnssec)'' option.
136
This option will, in addition to certificate authentication using
137
the trusted CAs, verify the server certificates using on the DANE information
138
available via DNSSEC.
139
@anchor{gnutls-cli local-dns}
140
@subheading local-dns option
142
This is the ``use the local dns server for dnssec resolving.'' option.
143
This option will use the local DNS server for DNSSEC.
144
This is disabled by default due to many servers not allowing DNSSEC.
145
@anchor{gnutls-cli ca-verification}
146
@subheading ca-verification option
148
This is the ``disable ca certificate verification'' option.
151
This option has some usage constraints. It:
154
is enabled by default.
157
This option will disable CA certificate verification. It is to be used with the --dane or --tofu options.
120
158
@anchor{gnutls-cli ocsp}
121
159
@subheading ocsp option
122
@cindex gnutls-cli-ocsp
124
161
This is the ``enable ocsp certificate verification'' option.
125
162
This option will enable verification of the peer's certificate using ocsp
126
163
@anchor{gnutls-cli resume}
127
164
@subheading resume option (-r)
128
@cindex gnutls-cli-resume
130
166
This is the ``establish a session and resume'' option.
131
167
Connect, establish a session, reconnect and resume.
132
168
@anchor{gnutls-cli rehandshake}
133
169
@subheading rehandshake option (-e)
134
@cindex gnutls-cli-rehandshake
136
171
This is the ``establish a session and rehandshake'' option.
137
172
Connect, establish a session and rehandshake immediately.
138
173
@anchor{gnutls-cli starttls}
139
174
@subheading starttls option (-s)
140
@cindex gnutls-cli-starttls
142
176
This is the ``connect, establish a plain session and start tls.'' option.
143
177
The TLS session will be initiated when EOF or a SIGALRM is received.
178
@anchor{gnutls-cli dh-bits}
179
@subheading dh-bits option
181
This is the ``the minimum number of bits allowed for dh'' option.
182
This option takes an argument number.
183
This option sets the minimum number of bits allowed for a Diffie-Hellman key exchange. You may want to lower the default value if the peer sends a weak prime and you get an connection error with unacceptable prime.
144
184
@anchor{gnutls-cli priority}
145
185
@subheading priority option
146
@cindex gnutls-cli-priority
148
187
This is the ``priorities string'' option.
149
188
This option takes an argument string.
154
193
Check the GnuTLS manual on section ``Priority strings'' for more
155
194
information on allowed keywords
195
@anchor{gnutls-cli ranges}
196
@subheading ranges option
198
This is the ``use length-hiding padding to prevent traffic analysis'' option.
199
When possible (e.g., when %NEW_PADDING is specified), use length-hiding padding to prevent traffic analysis.
156
200
@anchor{gnutls-cli list}
157
201
@subheading list option (-l)
158
@cindex gnutls-cli-list
160
203
This is the ``print a list of the supported algorithms and modes'' option.
161
204
Print a list of the supported algorithms and modes. If a priority string is given then only the enabled ciphersuites are shown.
205
@anchor{gnutls-cli alpn}
206
@subheading alpn option
208
This is the ``application layer protocol'' option.
209
This option takes an argument string.
212
This option has some usage constraints. It:
215
may appear an unlimited number of times.
218
This option will set and enable the Application Layer Protocol Negotiation (ALPN) in the TLS protocol.
219
@anchor{gnutls-cli disable-extensions}
220
@subheading disable-extensions option
222
This is the ``disable all the tls extensions'' option.
223
This option disables all TLS extensions. Deprecated option. Use the priority string.
162
224
@anchor{gnutls-cli exit status}
163
225
@subheading gnutls-cli exit status