SYNOPSIS
gnutls-cli [options] hostnameDESCRIPTION
Simple client program to set up a TLS connection to some other computer. It sets up a TLS connection and forwards data from the standard input to the secured socket and vice versa.OPTIONS
Program control options
- -d, --debug LEVEL
- Specify the debug level. Default is 1.
- -h, --help
- Prints a short reminder of the command line options.
- -l, --list
- Print a list of the supported algorithms and modes.
- -r, --resume
- Connect, establish a session. Connect again and resume this session.
- -s, --starttls
- Connect, establish a plain session and start TLS when EOF or a SIGALRM is received.
- -v, --version
- Prints the program's version number.
- -V, --verbose
-
More verbose output.
TLS/SSL control options
- --priority PRIORITY STRING
- TLS algorithms and protocols to enable. You can use predefined sets of ciphersuites such as:
- PERFORMANCE all the "secure" ciphersuites are enabled, limited to 128 bit ciphers and sorted by terms of speed performance.
- NORMAL option enables all "secure" ciphersuites. The 256-bit ciphers are included as a fallback only. The ciphers are sorted by security margin.
- SECURE128 flag enables all "secure" ciphersuites with ciphers up to 128 bits, sorted by security margin.
- SECURE256 flag enables all "secure" ciphersuites including the 256 bit ciphers, sorted by security margin.
- EXPORT all the ciphersuites are enabled, including the low-security 40 bit ciphers.
- NONE nothing is enabled. This disables even protocols and compression methods.
- Check the GnuTLS manual on section "Priority strings" for more information on allowed keywords.
- Examples:
- "NORMAL"
- "NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL"
- "NORMAL:-ARCFOUR-128" means normal ciphers except for ARCFOUR-128.
- "SECURE:-VERS-SSL3.0:+COMP-DEFLATE" means that only secure ciphers are enabled, SSL3.0 is disabled, and libz compression enabled.
-
"NONE:+VERS-TLS-ALL:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1" -
"NORMAL:%COMPAT" is the most compatible mode
- --crlf
- Send CR LF instead of LF.
- -f, --fingerprint
- Send the openpgp fingerprint, instead of the key.
- -p, --port integer
- The port to connect to.
- --ciphers cipher1 cipher2...
- Ciphers to enable (use gnutls-cli --list to show the supported ciphers).
- --protocols protocol1 protocol2...
- Protocols to enable (use gnutls-cli --list to show the supported protocols).
- --comp comp1 comp2...
- Compression methods to enable (use gnutls-cli --list to show the supported methods).
- --macs mac1 mac2...
- MACs to enable (use gnutls-cli --list to show the supported MACs).
- --kx kx1 kx2...
- Key exchange methods to enable (use gnutls-cli --list to show the supported methods).
- --ctypes certType1 certType2...
- Certificate types to enable (use gnutls-cli --list to show the supported types).
- --recordsize integer
- The maximum record size to advertize.
- --disable-extensions
- Disable all the TLS extensions.
- --print-cert
- Print the certificate in PEM format.
- --insecure
-
Don't abort program if server certificates can't be validated.
Certificate options
- --pgpcertfile FILE
- PGP Public Key (certificate) file to use.
- --pgpkeyfile FILE
- PGP Key file to use.
- --pgpkeyring FILE
- PGP Key ring file to use.
- --pgptrustdb FILE
- PGP trustdb file to use.
- --pgpsubkey HEX|auto2
- PGP subkey to use.
- --srppasswd PASSWD
- SRP password to use.
- --srpusername NAME
- SRP username to use.
- --x509cafile FILE
- Certificate file to use. This option accepts PKCS #11 URLs such as "pkcs11:token=xxx"
- --x509certfile FILE
- X.509 Certificate file to use, or a PKCS #11 URL.
- --x509fmtder
- Use DER format for certificates
- --x509keyfile FILE
- X.509 key file or PKCS #11 URL to use.
- --x509crlfile FILE
- X.509 CRL file to use.
- --pskusername NAME
- PSK username to use.
- --pskkey KEY
- PSK key (in hex) to use.
- --opaque-prf-input DATA
-
Use Opaque PRF Input DATA.
AUTHOR
Nikos Mavrogiannopoulos <[email protected]> and others; see /usr/share/doc/gnutls-bin/AUTHORS for a complete list.
This manual page was written by Ivo Timmermans <[email protected]>, for the Debian GNU/Linux system (but may be used by others).