1 .TH gnutls\-cli 1 "December 1st 2003"
3 gnutls\-cli \- GnuTLS test client
5 gnutls\-cli [\fIoptions\fR] \fIhostname\fI
7 Simple client program to set up a TLS connection to some other
8 computer. It sets up a TLS connection and forwards data from the
9 standard input to the secured socket and vice versa.
11 .SS Program control options
12 .IP "\-d, \-\-debug LEVEL"
13 Specify the debug level. Default is 1.
15 Prints a short reminder of the command line options.
17 Print a list of the supported algorithms and modes.
19 Connect, establish a session. Connect again and resume this session.
20 .IP "\-s, \-\-starttls"
21 Connect, establish a plain session and start TLS when EOF or a SIGALRM
23 .IP "\-v, \-\-version"
24 Prints the program's version number.
25 .IP "\-V, \-\-verbose"
28 .SS TLS/SSL control options
29 .IP "\-\-priority \fIPRIORITY STRING\fR"
30 TLS algorithms and protocols to enable.
31 You can use predefined sets of ciphersuites such as:
34 all the "secure" ciphersuites are enabled, limited to 128 bit
35 ciphers and sorted by terms of speed performance.
38 option enables all "secure" ciphersuites. The 256-bit ciphers
39 are included as a fallback only. The ciphers are sorted by security
43 flag enables all "secure" ciphersuites with ciphers up to
44 128 bits, sorted by security margin.
47 flag enables all "secure" ciphersuites including the 256 bit
48 ciphers, sorted by security margin.
51 all the ciphersuites are enabled, including the
52 low-security 40 bit ciphers.
55 nothing is enabled. This disables even protocols and
59 Check the GnuTLS manual on section "Priority strings" for
60 more information on allowed keywords.
66 "NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL"
68 "NORMAL:-ARCFOUR-128" means normal ciphers except for ARCFOUR-128.
70 "SECURE:-VERS-SSL3.0:+COMP-DEFLATE" means that only secure ciphers are
71 enabled, SSL3.0 is disabled, and libz compression enabled.
73 "NONE:+VERS-TLS-ALL:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1"
75 "NORMAL:%COMPAT" is the most compatible mode
78 Send CR LF instead of LF.
79 .IP "\-f, \-\-fingerprint"
80 Send the openpgp fingerprint, instead of the key.
81 .IP "\-p, \-\-port \fIinteger\fR"
82 The port to connect to.
83 .IP "\-\-ciphers \fIcipher1 cipher2...\fR"
84 Ciphers to enable (use \fBgnutls\-cli \-\-list\fR to show the
86 .IP "\-\-protocols \fIprotocol1 protocol2...\fR"
87 Protocols to enable (use \fBgnutls\-cli \-\-list\fR to show the
89 .IP "\-\-comp \fIcomp1 comp2...\fR"
90 Compression methods to enable (use \fBgnutls\-cli \-\-list\fR to
91 show the supported methods).
92 .IP "\-\-macs \fImac1 mac2...\fR"
93 MACs to enable (use \fBgnutls\-cli \-\-list\fR to show the
95 .IP "\-\-kx \fIkx1 kx2...\fR"
96 Key exchange methods to enable (use \fBgnutls\-cli \-\-list\fR to
97 show the supported methods).
98 .IP "\-\-ctypes \fIcertType1 certType2...\fR"
99 Certificate types to enable (use \fBgnutls\-cli \-\-list\fR to show
100 the supported types).
101 .IP "\-\-recordsize \fIinteger\fR"
102 The maximum record size to advertize.
103 .IP "\-\-disable-extensions"
104 Disable all the TLS extensions.
106 Print the certificate in PEM format.
108 Don't abort program if server certificates can't be validated.
110 .SS Certificate options
111 .IP "\-\-pgpcertfile \fIFILE\fR"
112 PGP Public Key (certificate) file to use.
113 .IP "\-\-pgpkeyfile \fIFILE\fR"
115 .IP "\-\-pgpkeyring \fIFILE\fR"
116 PGP Key ring file to use.
117 .IP "\-\-pgptrustdb \fIFILE\fR"
118 PGP trustdb file to use.
119 .IP "\-\-pgpsubkey \fIHEX|auto\fR2
121 .IP "\-\-srppasswd \fIPASSWD\fR"
123 .IP "\-\-srpusername \fINAME\fR"
125 .IP "\-\-x509cafile \fIFILE\fR"
126 Certificate file to use. This option accepts PKCS #11 URLs such as
128 .IP "\-\-x509certfile \fIFILE\fR"
129 X.509 Certificate file to use, or a PKCS #11 URL.
131 Use DER format for certificates
132 .IP "\-\-x509keyfile \fIFILE\fR"
133 X.509 key file or PKCS #11 URL to use.
134 .IP "\-\-x509crlfile \fIFILE\fR"
135 X.509 CRL file to use.
136 .IP "\-\-pskusername \fINAME\fR"
138 .IP "\-\-pskkey \fIKEY\fR"
139 PSK key (in hex) to use.
140 .IP "\-\-opaque-prf-input \fIDATA\fR"
141 Use Opaque PRF Input DATA.
144 .BR gnutls\-cli\-debug (1),
148 Nikos Mavrogiannopoulos <nmav@gnutls.org> and others; see
149 /usr/share/doc/gnutls\-bin/AUTHORS for a complete list.
151 This manual page was written by Ivo Timmermans <ivo@debian.org>, for
152 the Debian GNU/Linux system (but may be used by others).