|
Packit Service |
4684c1 |
@node gnutls-cli-debug Invocation
|
|
Packit Service |
4684c1 |
@section Invoking gnutls-cli-debug
|
|
Packit Service |
4684c1 |
@pindex gnutls-cli-debug
|
|
Packit Service |
4684c1 |
@ignore
|
|
Packit Service |
4684c1 |
# -*- buffer-read-only: t -*- vi: set ro:
|
|
Packit Service |
4684c1 |
#
|
|
Packit Service |
4684c1 |
# DO NOT EDIT THIS FILE (invoke-gnutls-cli-debug.texi)
|
|
Packit Service |
4684c1 |
#
|
|
Packit Service |
4684c1 |
# It has been AutoGen-ed
|
|
Packit Service |
4684c1 |
# From the definitions ../src/cli-debug-args.def
|
|
Packit Service |
4684c1 |
# and the template file agtexi-cmd.tpl
|
|
Packit Service |
4684c1 |
@end ignore
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
TLS debug client. It sets up multiple TLS connections to
|
|
Packit Service |
4684c1 |
a server and queries its capabilities. It was created to assist in debugging
|
|
Packit Service |
4684c1 |
GnuTLS, but it might be useful to extract a TLS server's capabilities.
|
|
Packit Service |
4684c1 |
It connects to a TLS server, performs tests and print the server's
|
|
Packit Service |
4684c1 |
capabilities. If called with the `-V' parameter more checks will be performed.
|
|
Packit Service |
4684c1 |
Can be used to check for servers with special needs or bugs.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This section was generated by @strong{AutoGen},
|
|
Packit Service |
4684c1 |
using the @code{agtexi-cmd} template and the option descriptions for the @code{gnutls-cli-debug} program.
|
|
Packit Service |
4684c1 |
This software is released under the GNU General Public License, version 3 or later.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@anchor{gnutls-cli-debug usage}
|
|
Packit Service |
4684c1 |
@subheading gnutls-cli-debug help/usage (@option{--help})
|
|
Packit Service |
4684c1 |
@cindex gnutls-cli-debug help
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This is the automatically generated usage text for gnutls-cli-debug.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The text printed is the same whether selected with the @code{help} option
|
|
Packit Service |
4684c1 |
(@option{--help}) or the @code{more-help} option (@option{--more-help}). @code{more-help} will print
|
|
Packit Service |
4684c1 |
the usage text by passing it through a pager program.
|
|
Packit Service |
4684c1 |
@code{more-help} is disabled on platforms without a working
|
|
Packit Service |
4684c1 |
@code{fork(2)} function. The @code{PAGER} environment variable is
|
|
Packit Service |
4684c1 |
used to select the program, defaulting to @file{more}. Both will exit
|
|
Packit Service |
4684c1 |
with a status code of 0.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@exampleindent 0
|
|
Packit Service |
4684c1 |
@example
|
|
Packit Service |
4684c1 |
gnutls-cli-debug - GnuTLS debug client
|
|
Packit Service |
4684c1 |
Usage: gnutls-cli-debug [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-d, --debug=num Enable debugging
|
|
Packit Service |
4684c1 |
- it must be in the range:
|
|
Packit Service |
4684c1 |
0 to 9999
|
|
Packit Service |
4684c1 |
-V, --verbose More verbose output
|
|
Packit Service |
4684c1 |
- may appear multiple times
|
|
Packit Service |
4684c1 |
-p, --port=num The port to connect to
|
|
Packit Service |
4684c1 |
- it must be in the range:
|
|
Packit Service |
4684c1 |
0 to 65536
|
|
Packit Service |
4684c1 |
--app-proto=str an alias for the 'starttls-proto' option
|
|
Packit Service |
4684c1 |
--starttls-proto=str The application protocol to be used to obtain the server's certificate
|
|
Packit Service |
4684c1 |
(https, ftp, smtp, imap, ldap, xmpp, lmtp, pop3, nntp, sieve, postgres)
|
|
Packit Service |
4684c1 |
-v, --version[=arg] output version information and exit
|
|
Packit Service |
4684c1 |
-h, --help display extended usage information and exit
|
|
Packit Service |
4684c1 |
-!, --more-help extended usage information passed thru pager
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Options are specified by doubled hyphens and their name or by a single
|
|
Packit Service |
4684c1 |
hyphen and the flag character.
|
|
Packit Service |
4684c1 |
Operands and options may be intermixed. They will be reordered.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
TLS debug client. It sets up multiple TLS connections to a server and
|
|
Packit Service |
4684c1 |
queries its capabilities. It was created to assist in debugging GnuTLS,
|
|
Packit Service |
4684c1 |
but it might be useful to extract a TLS server's capabilities. It connects
|
|
Packit Service |
4684c1 |
to a TLS server, performs tests and print the server's capabilities. If
|
|
Packit Service |
4684c1 |
called with the `-V' parameter more checks will be performed. Can be used
|
|
Packit Service |
4684c1 |
to check for servers with special needs or bugs.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@end example
|
|
Packit Service |
4684c1 |
@exampleindent 4
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@anchor{gnutls-cli-debug debug}
|
|
Packit Service |
4684c1 |
@subheading debug option (-d)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This is the ``enable debugging'' option.
|
|
Packit Service |
4684c1 |
This option takes a number argument.
|
|
Packit Service |
4684c1 |
Specifies the debug level.
|
|
Packit Service |
4684c1 |
@anchor{gnutls-cli-debug app-proto}
|
|
Packit Service |
4684c1 |
@subheading app-proto option
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This is an alias for the @code{starttls-proto} option,
|
|
Packit Service |
4684c1 |
@pxref{gnutls-cli-debug starttls-proto, the starttls-proto option documentation}.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@anchor{gnutls-cli-debug starttls-proto}
|
|
Packit Service |
4684c1 |
@subheading starttls-proto option
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This is the ``the application protocol to be used to obtain the server's certificate (https, ftp, smtp, imap, ldap, xmpp, lmtp, pop3, nntp, sieve, postgres)'' option.
|
|
Packit Service |
4684c1 |
This option takes a string argument.
|
|
Packit Service |
4684c1 |
Specify the application layer protocol for STARTTLS. If the protocol is supported, gnutls-cli will proceed to the TLS negotiation.
|
|
Packit Service |
4684c1 |
@anchor{gnutls-cli-debug exit status}
|
|
Packit Service |
4684c1 |
@subheading gnutls-cli-debug exit status
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
One of the following exit values will be returned:
|
|
Packit Service |
4684c1 |
@table @samp
|
|
Packit Service |
4684c1 |
@item 0 (EXIT_SUCCESS)
|
|
Packit Service |
4684c1 |
Successful program execution.
|
|
Packit Service |
4684c1 |
@item 1 (EXIT_FAILURE)
|
|
Packit Service |
4684c1 |
The operation failed or the command syntax was not valid.
|
|
Packit Service |
4684c1 |
@end table
|
|
Packit Service |
4684c1 |
@anchor{gnutls-cli-debug See Also}
|
|
Packit Service |
4684c1 |
@subheading gnutls-cli-debug See Also
|
|
Packit Service |
4684c1 |
gnutls-cli(1), gnutls-serv(1)
|
|
Packit Service |
4684c1 |
@anchor{gnutls-cli-debug Examples}
|
|
Packit Service |
4684c1 |
@subheading gnutls-cli-debug Examples
|
|
Packit Service |
4684c1 |
@example
|
|
Packit Service |
4684c1 |
$ gnutls-cli-debug localhost
|
|
Packit Service |
4684c1 |
GnuTLS debug client 3.5.0
|
|
Packit Service |
4684c1 |
Checking localhost:443
|
|
Packit Service |
4684c1 |
for SSL 3.0 (RFC6101) support... yes
|
|
Packit Service |
4684c1 |
whether we need to disable TLS 1.2... no
|
|
Packit Service |
4684c1 |
whether we need to disable TLS 1.1... no
|
|
Packit Service |
4684c1 |
whether we need to disable TLS 1.0... no
|
|
Packit Service |
4684c1 |
whether %NO_EXTENSIONS is required... no
|
|
Packit Service |
4684c1 |
whether %COMPAT is required... no
|
|
Packit Service |
4684c1 |
for TLS 1.0 (RFC2246) support... yes
|
|
Packit Service |
4684c1 |
for TLS 1.1 (RFC4346) support... yes
|
|
Packit Service |
4684c1 |
for TLS 1.2 (RFC5246) support... yes
|
|
Packit Service |
4684c1 |
fallback from TLS 1.6 to... TLS1.2
|
|
Packit Service |
4684c1 |
for RFC7507 inappropriate fallback... yes
|
|
Packit Service |
4684c1 |
for HTTPS server name... Local
|
|
Packit Service |
4684c1 |
for certificate chain order... sorted
|
|
Packit Service |
4684c1 |
for safe renegotiation (RFC5746) support... yes
|
|
Packit Service |
4684c1 |
for Safe renegotiation support (SCSV)... no
|
|
Packit Service |
4684c1 |
for encrypt-then-MAC (RFC7366) support... no
|
|
Packit Service |
4684c1 |
for ext master secret (RFC7627) support... no
|
|
Packit Service |
4684c1 |
for heartbeat (RFC6520) support... no
|
|
Packit Service |
4684c1 |
for version rollback bug in RSA PMS... dunno
|
|
Packit Service |
4684c1 |
for version rollback bug in Client Hello... no
|
|
Packit Service |
4684c1 |
whether the server ignores the RSA PMS version... yes
|
|
Packit Service |
4684c1 |
whether small records (512 bytes) are tolerated on handshake... yes
|
|
Packit Service |
4684c1 |
whether cipher suites not in SSL 3.0 spec are accepted... yes
|
|
Packit Service |
4684c1 |
whether a bogus TLS record version in the client hello is accepted... yes
|
|
Packit Service |
4684c1 |
whether the server understands TLS closure alerts... partially
|
|
Packit Service |
4684c1 |
whether the server supports session resumption... yes
|
|
Packit Service |
4684c1 |
for anonymous authentication support... no
|
|
Packit Service |
4684c1 |
for ephemeral Diffie-Hellman support... no
|
|
Packit Service |
4684c1 |
for ephemeral EC Diffie-Hellman support... yes
|
|
Packit Service |
4684c1 |
ephemeral EC Diffie-Hellman group info... SECP256R1
|
|
Packit Service |
4684c1 |
for AES-128-GCM cipher (RFC5288) support... yes
|
|
Packit Service |
4684c1 |
for AES-128-CCM cipher (RFC6655) support... no
|
|
Packit Service |
4684c1 |
for AES-128-CCM-8 cipher (RFC6655) support... no
|
|
Packit Service |
4684c1 |
for AES-128-CBC cipher (RFC3268) support... yes
|
|
Packit Service |
4684c1 |
for CAMELLIA-128-GCM cipher (RFC6367) support... no
|
|
Packit Service |
4684c1 |
for CAMELLIA-128-CBC cipher (RFC5932) support... no
|
|
Packit Service |
4684c1 |
for 3DES-CBC cipher (RFC2246) support... yes
|
|
Packit Service |
4684c1 |
for ARCFOUR 128 cipher (RFC2246) support... yes
|
|
Packit Service |
4684c1 |
for MD5 MAC support... yes
|
|
Packit Service |
4684c1 |
for SHA1 MAC support... yes
|
|
Packit Service |
4684c1 |
for SHA256 MAC support... yes
|
|
Packit Service |
4684c1 |
for ZLIB compression support... no
|
|
Packit Service |
4684c1 |
for max record size (RFC6066) support... no
|
|
Packit Service |
4684c1 |
for OCSP status response (RFC6066) support... no
|
|
Packit Service |
4684c1 |
for OpenPGP authentication (RFC6091) support... no
|
|
Packit Service |
4684c1 |
@end example
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
You could also use the client to debug services with starttls capability.
|
|
Packit Service |
4684c1 |
@example
|
|
Packit Service |
4684c1 |
$ gnutls-cli-debug --starttls-proto smtp --port 25 localhost
|
|
Packit Service |
4684c1 |
@end example
|