Scroll to navigation

gnutls-cli(1) General Commands Manual gnutls-cli(1)

NAME

gnutls-cli - GnuTLS test client

SYNOPSIS

gnutls-cli [options] hostname

DESCRIPTION

Simple client program to set up a TLS connection to some other computer. It sets up a TLS connection and forwards data from the standard input to the secured socket and vice versa.

OPTIONS

Program control options

Specify the debug level. Default is 1.
Prints a short reminder of the command line options.
Print a list of the supported algorithms and modes.
Connect, establish a session. Connect again and resume this session.
Connect, establish a plain session and start TLS when EOF or a SIGALRM is received.
Prints the program's version number.
More verbose output.

TLS/SSL control options

TLS algorithms and protocols to enable. You can use predefined sets of ciphersuites such as:
PERFORMANCE all the "secure" ciphersuites are enabled, limited to 128 bit ciphers and sorted by terms of speed performance.
NORMAL option enables all "secure" ciphersuites. The 256-bit ciphers are included as a fallback only. The ciphers are sorted by security margin.
SECURE128 flag enables all "secure" ciphersuites with ciphers up to 128 bits, sorted by security margin.
SECURE256 flag enables all "secure" ciphersuites including the 256 bit ciphers, sorted by security margin.
EXPORT all the ciphersuites are enabled, including the low-security 40 bit ciphers.
NONE nothing is enabled. This disables even protocols and compression methods.
Check the GnuTLS manual on section "Priority strings" for more information on allowed keywords.
Examples:
"NORMAL"
"NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL"
"NORMAL:-ARCFOUR-128" means normal ciphers except for ARCFOUR-128.
"SECURE:-VERS-SSL3.0:+COMP-DEFLATE" means that only secure ciphers are enabled, SSL3.0 is disabled, and libz compression enabled.

"NONE:+VERS-TLS-ALL:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1"
"NORMAL:%COMPAT" is the most compatible mode

Send CR LF instead of LF.
Send the openpgp fingerprint, instead of the key.
The port to connect to.
Ciphers to enable (use gnutls-cli --list to show the supported ciphers).
Protocols to enable (use gnutls-cli --list to show the supported protocols).
Compression methods to enable (use gnutls-cli --list to show the supported methods).
MACs to enable (use gnutls-cli --list to show the supported MACs).
Key exchange methods to enable (use gnutls-cli --list to show the supported methods).
Certificate types to enable (use gnutls-cli --list to show the supported types).
The maximum record size to advertize.
Disable all the TLS extensions.
Print the certificate in PEM format.
Don't abort program if server certificates can't be validated.

Certificate options

PGP Public Key (certificate) file to use.
PGP Key file to use.
PGP Key ring file to use.
PGP trustdb file to use.
PGP subkey to use.
SRP password to use.
SRP username to use.
Certificate file to use. This option accepts PKCS #11 URLs such as "pkcs11:token=xxx"
X.509 Certificate file to use, or a PKCS #11 URL.
Use DER format for certificates
X.509 key file or PKCS #11 URL to use.
X.509 CRL file to use.
PSK username to use.
PSK key (in hex) to use.
Use Opaque PRF Input DATA.

SEE ALSO

gnutls-cli-debug(1), gnutls-serv(1)

AUTHOR

Nikos Mavrogiannopoulos <nmav@gnutls.org> and others; see /usr/share/doc/gnutls-bin/AUTHORS for a complete list.

This manual page was written by Ivo Timmermans <ivo@debian.org>, for the Debian GNU/Linux system (but may be used by others).

December 1st 2003