Provided by: gnutls-bin_2.10.5-1ubuntu3_i386 bug


       gnutls-cli - GnuTLS test client


       gnutls-cli [options] hostname


       Simple  client  program  to  set  up  a  TLS  connection  to some other
       computer.  It sets up a TLS  connection  and  forwards  data  from  the
       standard input to the secured socket and vice versa.


   Program control options
       -d, --debug LEVEL
              Specify the debug level. Default is 1.

       -h, --help
              Prints a short reminder of the command line options.

       -l, --list
              Print a list of the supported algorithms and modes.

       -r, --resume
              Connect,  establish  a  session.   Connect again and resume this

       -s, --starttls
              Connect, establish a plain session and start TLS when EOF  or  a
              SIGALRM is received.

       -v, --version
              Prints the program's version number.

       -V, --verbose
              More verbose output.

   TLS/SSL control options
       --priority PRIORITY STRING
              TLS  algorithms  and  protocols  to  enable.   Unless  the first
              keyword is "NONE" the defaults are:

              Protocols: TLS1.1, TLS1.0, and SSL3.0.

              Compression: NULL.

              Certificate types: X.509, OpenPGP.

              Signature algorithms: RSA-SHA1,  RSA-MD2,  RSA-MD5,  RSA-SHA256,
              RSA-SHA512, DSA-SHA1.

              You can also use predefined sets of ciphersuites such as:

              PERFORMANCE  all  the "secure" ciphersuites are enabled, limited
              to 128 bit ciphers and sorted by terms of speed performance.

              NORMAL option enables all  "secure"  ciphersuites.  The  256-bit
              ciphers  are included as a fallback only. The ciphers are sorted
              by security margin.

              SECURE128 flag enables all "secure" ciphersuites with ciphers up
              to 128 bits, sorted by security margin.

              SECURE256  flag  enables all "secure" ciphersuites including the
              256 bit ciphers, sorted by security margin.

              EXPORT all the ciphersuites  are  enabled,  including  the  low-
              security 40 bit ciphers.

              NONE  nothing  is  enabled.  This  disables  even  protocols and
              compression methods.

              Special keywords:

              "!"  or  "-"  appended  with  an  algorithm  will  remove   this

              "+" appended with an algorithm will add this algorithm.

              "%COMPAT" will enable compatibility features for a server.

              "%SSL3_RECORD_VERSION"  force SSL3.0 record version in the first
              client hello. This is to avoid buggy  servers  from  terminating

              "%UNSAFE_RENEGOTIATION"   Permits  (re-)handshakes  even  unsafe

              "%PARTIAL_RENEGOTIATION" Prevents renegotiation with clients and
              servers   not   supporting  the  safe  renegotiation  extension.

              "%SAFE_RENEGOTIATION" will enable safe  renegotiation.  This  is
              the most secure and recommended option for clients. However this
              will prevent from connecting to legacy servers.

              To avoid collisions in order to specify a compression  algorithm
              in  this  string  you  have  to prefix it with "COMP-", protocol
              versions with "VERS-" and certificate types with  "CTYPE-".  All
              other algorithms don't need a prefix.






       --crlf Send CR LF instead of LF.

       -f, --fingerprint
              Send the openpgp fingerprint, instead of the key.

       -p, --port integer
              The port to connect to.

       --ciphers cipher1 cipher2...
              Ciphers  to  enable (use gnutls-cli --list to show the supported

       --protocols protocol1 protocol2...
              Protocols to enable (use gnutls-cli --list to show the supported

       --comp comp1 comp2...
              Compression methods to enable (use gnutls-cli --list to show the
              supported methods).

       --macs mac1 mac2...
              MACs to enable (use gnutls-cli  --list  to  show  the  supported

       --kx kx1 kx2...
              Key  exchange  methods  to enable (use gnutls-cli --list to show
              the supported methods).

       --ctypes certType1 certType2...
              Certificate types to enable (use gnutls-cli --list to  show  the
              supported types).

       --recordsize integer
              The maximum record size to advertize.

              Disable all the TLS extensions.

              Print the certificate in PEM format.

              Don't abort program if server certificates can't be validated.

   Certificate options
       --pgpcertfile FILE
              PGP Public Key (certificate) file to use.

       --pgpkeyfile FILE
              PGP Key file to use.

       --pgpkeyring FILE
              PGP Key ring file to use.

       --pgptrustdb FILE
              PGP trustdb file to use.

       --pgpsubkey HEX|auto2
              PGP subkey to use.

       --srppasswd PASSWD
              SRP password to use.

       --srpusername NAME
              SRP username to use.

       --x509cafile FILE
              Certificate file to use.

       --x509certfile FILE
              X.509 Certificate file to use.

              Use DER format for certificates

       --x509keyfile FILE
              X.509 key file to use.

       --x509crlfile FILE
              X.509 CRL file to use.

       --pskusername NAME
              PSK username to use.

       --pskkey KEY
              PSK key (in hex) to use.

       --opaque-prf-input DATA
              Use Opaque PRF Input DATA.


       gnutls-cli-debug(1), gnutls-serv(1)


       Nikos     Mavroyanopoulos    <>    and    others;    see
       /usr/share/doc/gnutls-bin/AUTHORS for a complete list.

       This manual page was written by Ivo  Timmermans  <>,  for
       the Debian GNU/Linux system (but may be used by others).

                               December 1st 2003                 gnutls-cli(1)