Provided by: gnutls-bin_3.0.11+really2.12.14-5ubuntu3_amd64 bug


       gnutls-cli - GnuTLS test client


       gnutls-cli [options] hostname


       Simple client program to set up a TLS connection to some other computer.  It sets up a TLS
       connection and forwards data from the standard input to the secured socket and vice versa.


   Program control options
       -d, --debug LEVEL
              Specify the debug level. Default is 1.

       -h, --help
              Prints a short reminder of the command line options.

       -l, --list
              Print a list of the supported algorithms and modes.

       -r, --resume
              Connect, establish a session.  Connect again and resume this session.

       -s, --starttls
              Connect, establish a plain session and start TLS when EOF or a SIGALRM is received.

       -v, --version
              Prints the program's version number.

       -V, --verbose
              More verbose output.

   TLS/SSL control options
       --priority PRIORITY STRING
              TLS  algorithms  and  protocols  to  enable.   You  can  use  predefined  sets   of
              ciphersuites such as:

              PERFORMANCE  all  the "secure" ciphersuites are enabled, limited to 128 bit ciphers
              and sorted by terms of speed performance.

              NORMAL option enables all "secure" ciphersuites. The 256-bit ciphers  are  included
              as a fallback only. The ciphers are sorted by security margin.

              SECURE128  flag  enables  all  "secure"  ciphersuites  with ciphers up to 128 bits,
              sorted by security margin.

              SECURE256 flag enables all "secure" ciphersuites including  the  256  bit  ciphers,
              sorted by security margin.

              EXPORT all the ciphersuites are enabled, including the low-security 40 bit ciphers.

              NONE nothing is enabled. This disables even protocols and compression methods.

              Check  the  GnuTLS  manual  on  section  "Priority strings" for more information on
              allowed keywords.




              "NORMAL:-ARCFOUR-128" means normal ciphers except for ARCFOUR-128.

              "SECURE:-VERS-SSL3.0:+COMP-DEFLATE" means that only  secure  ciphers  are  enabled,
              SSL3.0 is disabled, and libz compression enabled.


              "NORMAL:%COMPAT" is the most compatible mode

       --crlf Send CR LF instead of LF.

       -f, --fingerprint
              Send the openpgp fingerprint, instead of the key.

       -p, --port integer
              The port to connect to.

       --ciphers cipher1 cipher2...
              Ciphers to enable (use gnutls-cli --list to show the supported ciphers).

       --protocols protocol1 protocol2...
              Protocols to enable (use gnutls-cli --list to show the supported protocols).

       --comp comp1 comp2...
              Compression  methods  to  enable  (use  gnutls-cli  --list  to  show  the supported

       --macs mac1 mac2...
              MACs to enable (use gnutls-cli --list to show the supported MACs).

       --kx kx1 kx2...
              Key exchange methods to  enable  (use  gnutls-cli  --list  to  show  the  supported

       --ctypes certType1 certType2...
              Certificate types to enable (use gnutls-cli --list to show the supported types).

       --recordsize integer
              The maximum record size to advertize.

              Disable all the TLS extensions.

              Print the certificate in PEM format.

              Don't abort program if server certificates can't be validated.

   Certificate options
       --pgpcertfile FILE
              PGP Public Key (certificate) file to use.

       --pgpkeyfile FILE
              PGP Key file to use.

       --pgpkeyring FILE
              PGP Key ring file to use.

       --pgptrustdb FILE
              PGP trustdb file to use.

       --pgpsubkey HEX|auto2
              PGP subkey to use.

       --srppasswd PASSWD
              SRP password to use.

       --srpusername NAME
              SRP username to use.

       --x509cafile FILE
              Certificate   file   to   use.   This   option   accepts  PKCS  #11  URLs  such  as

       --x509certfile FILE
              X.509 Certificate file to use, or a PKCS #11 URL.

              Use DER format for certificates

       --x509keyfile FILE
              X.509 key file or PKCS #11 URL to use.

       --x509crlfile FILE
              X.509 CRL file to use.

       --pskusername NAME
              PSK username to use.

       --pskkey KEY
              PSK key (in hex) to use.

       --opaque-prf-input DATA
              Use Opaque PRF Input DATA.


       gnutls-cli-debug(1), gnutls-serv(1)


       Nikos       Mavrogiannopoulos       <>        and        others;        see
       /usr/share/doc/gnutls-bin/AUTHORS for a complete list.

       This  manual page was written by Ivo Timmermans <>, for the Debian GNU/Linux
       system (but may be used by others).

                                        December 1st 2003                           gnutls-cli(1)