Provided by: gnutls-bin_2.10.5-1ubuntu3_i386
gnutls-cli - GnuTLS test client
gnutls-cli [options] hostname
Simple client program to set up a TLS connection to some other
computer. It sets up a TLS connection and forwards data from the
standard input to the secured socket and vice versa.
Program control options
-d, --debug LEVEL
Specify the debug level. Default is 1.
Prints a short reminder of the command line options.
Print a list of the supported algorithms and modes.
Connect, establish a session. Connect again and resume this
Connect, establish a plain session and start TLS when EOF or a
SIGALRM is received.
Prints the program's version number.
More verbose output.
TLS/SSL control options
--priority PRIORITY STRING
TLS algorithms and protocols to enable. Unless the first
keyword is "NONE" the defaults are:
Protocols: TLS1.1, TLS1.0, and SSL3.0.
Certificate types: X.509, OpenPGP.
Signature algorithms: RSA-SHA1, RSA-MD2, RSA-MD5, RSA-SHA256,
You can also use predefined sets of ciphersuites such as:
PERFORMANCE all the "secure" ciphersuites are enabled, limited
to 128 bit ciphers and sorted by terms of speed performance.
NORMAL option enables all "secure" ciphersuites. The 256-bit
ciphers are included as a fallback only. The ciphers are sorted
by security margin.
SECURE128 flag enables all "secure" ciphersuites with ciphers up
to 128 bits, sorted by security margin.
SECURE256 flag enables all "secure" ciphersuites including the
256 bit ciphers, sorted by security margin.
EXPORT all the ciphersuites are enabled, including the low-
security 40 bit ciphers.
NONE nothing is enabled. This disables even protocols and
"!" or "-" appended with an algorithm will remove this
"+" appended with an algorithm will add this algorithm.
"%COMPAT" will enable compatibility features for a server.
"%SSL3_RECORD_VERSION" force SSL3.0 record version in the first
client hello. This is to avoid buggy servers from terminating
"%UNSAFE_RENEGOTIATION" Permits (re-)handshakes even unsafe
"%PARTIAL_RENEGOTIATION" Prevents renegotiation with clients and
servers not supporting the safe renegotiation extension.
"%SAFE_RENEGOTIATION" will enable safe renegotiation. This is
the most secure and recommended option for clients. However this
will prevent from connecting to legacy servers.
To avoid collisions in order to specify a compression algorithm
in this string you have to prefix it with "COMP-", protocol
versions with "VERS-" and certificate types with "CTYPE-". All
other algorithms don't need a prefix.
--crlf Send CR LF instead of LF.
Send the openpgp fingerprint, instead of the key.
-p, --port integer
The port to connect to.
--ciphers cipher1 cipher2...
Ciphers to enable (use gnutls-cli --list to show the supported
--protocols protocol1 protocol2...
Protocols to enable (use gnutls-cli --list to show the supported
--comp comp1 comp2...
Compression methods to enable (use gnutls-cli --list to show the
--macs mac1 mac2...
MACs to enable (use gnutls-cli --list to show the supported
--kx kx1 kx2...
Key exchange methods to enable (use gnutls-cli --list to show
the supported methods).
--ctypes certType1 certType2...
Certificate types to enable (use gnutls-cli --list to show the
The maximum record size to advertize.
Disable all the TLS extensions.
Print the certificate in PEM format.
Don't abort program if server certificates can't be validated.
PGP Public Key (certificate) file to use.
PGP Key file to use.
PGP Key ring file to use.
PGP trustdb file to use.
PGP subkey to use.
SRP password to use.
SRP username to use.
Certificate file to use.
X.509 Certificate file to use.
Use DER format for certificates
X.509 key file to use.
X.509 CRL file to use.
PSK username to use.
PSK key (in hex) to use.
Use Opaque PRF Input DATA.
Nikos Mavroyanopoulos <email@example.com> and others; see
/usr/share/doc/gnutls-bin/AUTHORS for a complete list.
This manual page was written by Ivo Timmermans <firstname.lastname@example.org>, for
the Debian GNU/Linux system (but may be used by others).
December 1st 2003 gnutls-cli(1)