LinuxGuruz
  • Last 5 Forum Topics
    Replies
    Views
    Last post


The Web Only This Site
  • BOOKMARK

  • ADD TO FAVORITES

  • REFERENCES


  • MARC

    Mailing list ARChives
    - Search by -
     Subjects
     Authors
     Bodies





    FOLDOC

    Computing Dictionary




  • Text Link Ads






  • LINUX man pages
  • Linux Man Page Viewer


    The following form allows you to view linux man pages.

    Command:

    gnutls-cli

    
    
    

    SYNOPSIS

           gnutls-cli [-flag [value]]... [--opt-name[[=| ]value]]... [hostname]
    
           Operands and options may be intermixed.  They will be reordered.
    
    
    

    DESCRIPTION

           Simple  client  program  to  set up a TLS connection to some other com-
           puter.  It sets up a TLS connection and forwards data from the standard
           input to the secured socket and vice versa.
    
    
    

    OPTIONS

           -d number, --debug=number
                  Enable  debugging.   This  option takes an integer number as its
                  argument.  The value of number is constrained to being:
                      in the range  0 through 9999
    
                  Specifies the debug level.
    
           -V, --verbose
                  More verbose output.  This option may appear an unlimited number
                  of times.
    
           --tofu, --no-tofu
                  Enable trust on first use authentication.  The no-tofu form will
                  disable the option.
    
                  This option will, in addition to certificate authentication,
                  perform authentication based on previously seen public keys, a
                  model similar to SSH authentication.
    
           --strict-tofu, --no-strict-tofu
                  Fail to connect if a known certificate has changed.  The
                  no-strict-tofu form will disable the option.
    
                  This option will perform authentication as with option --tofu;
                  however, while --tofu asks whether to trust a changed certifi-
                  cate, this option will fail in case of certificate changes.
    
           --dane, --no-dane
                  Enable DANE certificate verification (DNSSEC).  The no-dane form
                  will disable the option.
    
                  This option will, in addition to certificate authentication
                  using the trusted CAs, verify the server certificates using on
                  the DANE information available via DNSSEC.
    
           --local-dns, --no-local-dns
                  Use the local DNS server for DNSSEC resolving.  The no-local-dns
                  form will disable the option.
    
    
                  This option will enable verification of the peer's certificate
                  using ocsp
    
           -r, --resume
                  Establish a session and resume.
    
                  Connect, establish a session, reconnect and resume.
    
           -e, --rehandshake
                  Establish a session and rehandshake.
    
                  Connect, establish a session and rehandshake immediately.
    
           -s, --starttls
                  Connect, establish a plain session and start TLS.
    
                  The TLS session will be initiated when EOF or a SIGALRM is
                  received.
    
           -u, --udp
                  Use DTLS (datagram TLS) over UDP.
    
           --mtu=number
                  Set MTU for datagram TLS.  This option takes an integer number
                  as its argument.  The value of number is constrained to being:
                      in the range  0 through 17000
    
           --crlf Send CR LF instead of LF.
    
           --x509fmtder
                  Use DER format for certificates to read from.
    
           -f, --fingerprint
                  Send the openpgp fingerprint, instead of the key.
    
           --print-cert
                  Print peer's certificate in PEM format.
    
           --dh-bits=number
                  The minimum number of bits allowed for DH.  This option takes an
                  integer number as its argument.
    
                  This option sets the minimum number of bits allowed for a
                  Diffie-Hellman key exchange. You may want to lower the default
                  value if the peer sends a weak prime and you get an connection
    
           --x509crlfile=file
                  CRL file to use.
    
           --pgpkeyfile=file
                  PGP Key file to use.
    
           --pgpkeyring=file
                  PGP Key ring file to use.
    
           --pgpcertfile=file
                  PGP Public Key (certificate) file to use.
    
           --x509keyfile=string
                  X.509 key file or PKCS #11 URL to use.
    
           --x509certfile=string
                  X.509 Certificate file or PKCS #11 URL to use.
    
           --pgpsubkey=string
                  PGP subkey to use (hex or auto).
    
           --srpusername=string
                  SRP username to use.
    
           --srppasswd=string
                  SRP password to use.
    
           --pskusername=string
                  PSK username to use.
    
           --pskkey=string
                  PSK key (in hex) to use.
    
           -p string, --port=string
                  The port or service to connect to.
    
           --insecure
                  Don't abort program if server certificate can't be validated.
    
           --benchmark-tls-kx
                  Benchmark TLS key exchange methods.
    
           --benchmark-tls-ciphers
                  Benchmark TLS ciphers.
    
           -l, --list
                  Print a list of the supported algorithms and modes.
    
                  Print a list of the supported algorithms and modes. If a prior-
                  ity string is given then only the enabled ciphersuites are
                  shown.
    
           --noticket
                  Don't allow session tickets.
    
           --srtp-profiles=string
                  Offer SRTP profiles.
    
           --alpn=string
                  Application layer protocol.  This option may appear an unlimited
                  number of times.
    
                  This option will set and enable the Application Layer Protocol
                  Negotiation  (ALPN) in the TLS protocol.
    
           -b, --heartbeat
                  Activate heartbeat support.
    
           --recordsize=number
                  The maximum record size to advertize.  This option takes an
                  integer number as its argument.  The value of number is con-
                  strained to being:
                      in the range  0 through 4096
    
           --disable-sni
                  Do not send a Server Name Indication (SNI).
    
           --disable-extensions
                  Disable all the TLS extensions.
    
                  This option disables all TLS extensions. Deprecated option. Use
                  the priority string.
                  delimiter is expected to be a single US-ASCII character (octets
                  0 - 127). This option is only relevant if inline commands are
                  enabled via the inline-commands option
    
           -h, --help
                  Display usage information and exit.
    
           -!, --more-help
                  Pass the extended usage information through a pager.
    
           -v [{v|c|n}], --version[={v|c|n}]
                  Output version of program and exit.  The default mode is 'v', a
                  simple version.  The 'c' mode will print copyright information
                  and 'n' will print the full copyright notice.
    
    
    

    EXAMPLES

           Connecting using PSK authentication
           To connect to a server using PSK authentication, you need to enable the
           choice of PSK by using a cipher priority parameter such as in the exam-
           ple below.
               $ ./gnutls-cli -p 5556 localhost --pskusername psk_identity     --pskkey 88f3824b3e5659f52d00e959bacab954b6540344     --priority NORMAL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK
               Resolving 'localhost'...
               Connecting to '127.0.0.1:5556'...
               - PSK authentication.
               - Version: TLS1.1
               - Key Exchange: PSK
               - Cipher: AES-128-CBC
               - MAC: SHA1
               - Compression: NULL
               - Handshake was completed
               - Simple Client Mode:
           By keeping the --pskusername parameter and removing the --pskkey param-
           eter, it will query only for the password during the handshake.
    
           Listing ciphersuites in a priority string
           To list the ciphersuites in a priority string:
               $ ./gnutls-cli --priority SECURE192 -l
               Cipher suites for SECURE192
               TLS_ECDHE_ECDSA_AES_256_CBC_SHA384         0xc0, 0x24  TLS1.2
               TLS_ECDHE_ECDSA_AES_256_GCM_SHA384         0xc0, 0x2e  TLS1.2
               TLS_ECDHE_RSA_AES_256_GCM_SHA384           0xc0, 0x30  TLS1.2
               TLS_DHE_RSA_AES_256_CBC_SHA256             0x00, 0x6b  TLS1.2
               TLS_DHE_DSS_AES_256_CBC_SHA256             0x00, 0x6a  TLS1.2
               TLS_RSA_AES_256_CBC_SHA256                 0x00, 0x3d  TLS1.2
    
               Certificate types: CTYPE-X.509
               Protocols: VERS-TLS1.2, VERS-TLS1.1, VERS-TLS1.0, VERS-SSL3.0, VERS-DTLS1.0
               Compression: COMP-NULL
               Elliptic curves: CURVE-SECP384R1, CURVE-SECP521R1
               PK-signatures: SIGN-RSA-SHA384, SIGN-ECDSA-SHA384, SIGN-RSA-SHA512, SIGN-ECDSA-SHA512
    
           Connecting using a PKCS #11 token
    
               $ p11tool --login --list-certs "pkcs11:model=PKCS15;manufacturer=MyMan;serial=1234;token=Test"
    
               Object 0:
               URL: pkcs11:model=PKCS15;manufacturer=MyMan;serial=1234;token=Test;object=client;object-type=cert
               Type: X.509 Certificate
               Label: client
               ID: 2a:97:0d:58:d1:51:3c:23:07:ae:4e:0d:72:26:03:7d:99:06:02:6a
    
               $ export MYCERT="pkcs11:model=PKCS15;manufacturer=MyMan;serial=1234;token=Test;object=client;object-type=cert"
               $ export MYKEY="pkcs11:model=PKCS15;manufacturer=MyMan;serial=1234;token=Test;object=client;object-type=private"
    
               $ gnutls-cli www.example.com --x509keyfile $MYKEY --x509certfile MYCERT
           Notice that the private key only differs from the certificate in the
           object-type.
    
    
    

    EXIT STATUS

           One of the following exit values will be returned:
    
           0 (EXIT_SUCCESS)
                  Successful program execution.
    
           1 (EXIT_FAILURE)
                  The operation failed or the command syntax was not valid.
    
           70 (EX_SOFTWARE)
                  libopts had an internal operational error.  Please report it to
                  autogen-users@lists.sourceforge.net.  Thank you.
    
    
    

    SEE ALSO

           gnutls-cli-debug(1), gnutls-serv(1)
    
    
    

    AUTHORS

           Nikos Mavrogiannopoulos, Simon Josefsson and others; see
           /usr/share/doc/gnutls/AUTHORS for a complete list.
    
    
    

    COPYRIGHT

           Copyright (C) 2000-2014 Free Software Foundation, and others all rights
           reserved.  This program is released under the terms of the GNU General
           Public License, version 3 or later.
    
    
    

    BUGS

           Please send bug reports to: bugs@gnutls.org
    
    
    

    NOTES

           This manual page was AutoGen-erated from the gnutls-cli option defini-
           tions.
    
    
    

    3.2.12 02 Mar 2014 gnutls-cli(1)

    
    
  • MORE RESOURCE


  • Linux

    The Distributions





    Linux

    The Software





    Linux

    The News



  • MARKETING






  • Toll Free

webmaster@linuxguruz.com
Copyright © 1999 - 2016 by LinuxGuruz