|
Packit |
aea12f |
.de1 NOP
|
|
Packit |
aea12f |
. it 1 an-trap
|
|
Packit |
aea12f |
. if \\n[.$] \,\\$*\/
|
|
Packit |
aea12f |
..
|
|
Packit |
aea12f |
.ie t \
|
|
Packit |
aea12f |
.ds B-Font [CB]
|
|
Packit |
aea12f |
.ds I-Font [CI]
|
|
Packit |
aea12f |
.ds R-Font [CR]
|
|
Packit |
aea12f |
.el \
|
|
Packit |
aea12f |
.ds B-Font B
|
|
Packit |
aea12f |
.ds I-Font I
|
|
Packit |
aea12f |
.ds R-Font R
|
|
Packit Service |
991b93 |
.TH gnutls-cli-debug 1 "03 Jun 2020" "3.6.14" "User Commands"
|
|
Packit |
aea12f |
.\"
|
|
Packit |
aea12f |
.\" DO NOT EDIT THIS FILE (in-mem file)
|
|
Packit |
aea12f |
.\"
|
|
Packit |
aea12f |
.\" It has been AutoGen-ed
|
|
Packit |
aea12f |
.\" From the definitions ../../src/cli-debug-args.def.tmp
|
|
Packit |
aea12f |
.\" and the template file agman-cmd.tpl
|
|
Packit |
aea12f |
.SH NAME
|
|
Packit |
aea12f |
\f\*[B-Font]gnutls-cli-debug\fP
|
|
Packit |
aea12f |
\- GnuTLS debug client
|
|
Packit |
aea12f |
.SH SYNOPSIS
|
|
Packit |
aea12f |
\f\*[B-Font]gnutls-cli-debug\fP
|
|
Packit |
aea12f |
.\" Mixture of short (flag) options and long options
|
|
Packit |
aea12f |
[\f\*[B-Font]\-flags\f[]]
|
|
Packit |
aea12f |
[\f\*[B-Font]\-flag\f[] [\f\*[I-Font]value\f[]]]
|
|
Packit |
aea12f |
[\f\*[B-Font]\-\-option-name\f[][[=| ]\f\*[I-Font]value\f[]]]
|
|
Packit |
aea12f |
.sp \n(Ppu
|
|
Packit |
aea12f |
.ne 2
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Operands and options may be intermixed. They will be reordered.
|
|
Packit |
aea12f |
.sp \n(Ppu
|
|
Packit |
aea12f |
.ne 2
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.SH "DESCRIPTION"
|
|
Packit |
aea12f |
TLS debug client. It sets up multiple TLS connections to
|
|
Packit |
aea12f |
a server and queries its capabilities. It was created to assist in debugging
|
|
Packit |
aea12f |
GnuTLS, but it might be useful to extract a TLS server's capabilities.
|
|
Packit |
aea12f |
It connects to a TLS server, performs tests and print the server's
|
|
Packit |
aea12f |
capabilities. If called with the `-V' parameter more checks will be performed.
|
|
Packit |
aea12f |
Can be used to check for servers with special needs or bugs.
|
|
Packit |
aea12f |
.SH "OPTIONS"
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-d\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-debug\f[]=\f\*[I-Font]number\f[]
|
|
Packit |
aea12f |
Enable debugging.
|
|
Packit |
aea12f |
This option takes an integer number as its argument.
|
|
Packit |
aea12f |
The value of
|
|
Packit |
aea12f |
\f\*[I-Font]number\f[]
|
|
Packit |
aea12f |
is constrained to being:
|
|
Packit |
aea12f |
.in +4
|
|
Packit |
aea12f |
.nf
|
|
Packit |
aea12f |
.na
|
|
Packit |
aea12f |
in the range 0 through 9999
|
|
Packit |
aea12f |
.fi
|
|
Packit |
aea12f |
.in -4
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
Specifies the debug level.
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-V\f[], \f\*[B-Font]\-\-verbose\f[]
|
|
Packit |
aea12f |
More verbose output.
|
|
Packit |
aea12f |
This option may appear an unlimited number of times.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-p\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-port\f[]=\f\*[I-Font]number\f[]
|
|
Packit |
aea12f |
The port to connect to.
|
|
Packit |
aea12f |
This option takes an integer number as its argument.
|
|
Packit |
aea12f |
The value of
|
|
Packit |
aea12f |
\f\*[I-Font]number\f[]
|
|
Packit |
aea12f |
is constrained to being:
|
|
Packit |
aea12f |
.in +4
|
|
Packit |
aea12f |
.nf
|
|
Packit |
aea12f |
.na
|
|
Packit |
aea12f |
in the range 0 through 65536
|
|
Packit |
aea12f |
.fi
|
|
Packit |
aea12f |
.in -4
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-\-app-proto\f[]
|
|
Packit |
aea12f |
This is an alias for the \fI--starttls-proto\fR option.
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-\-starttls\-proto\f[]=\f\*[I-Font]string\f[]
|
|
Packit |
aea12f |
The application protocol to be used to obtain the server's certificate (https, ftp, smtp, imap, ldap, xmpp, lmtp, pop3, nntp, sieve, postgres).
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
Specify the application layer protocol for STARTTLS. If the protocol is supported, gnutls-cli will proceed to the TLS negotiation.
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-h\f[], \f\*[B-Font]\-\-help\f[]
|
|
Packit |
aea12f |
Display usage information and exit.
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-\&!\f[], \f\*[B-Font]\-\-more-help\f[]
|
|
Packit |
aea12f |
Pass the extended usage information through a pager.
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-v\f[] [{\f\*[I-Font]v|c|n\f[] \f\*[B-Font]\-\-version\f[] [{\f\*[I-Font]v|c|n\f[]}]}]
|
|
Packit |
aea12f |
Output version of program and exit. The default mode is `v', a simple
|
|
Packit |
aea12f |
version. The `c' mode will print copyright information and `n' will
|
|
Packit |
aea12f |
print the full copyright notice.
|
|
Packit |
aea12f |
.PP
|
|
Packit |
aea12f |
.SH EXAMPLES
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
.in +4
|
|
Packit |
aea12f |
.nf
|
|
Packit |
aea12f |
$ gnutls\-cli\-debug localhost
|
|
Packit |
aea12f |
GnuTLS debug client 3.5.0
|
|
Packit |
aea12f |
Checking localhost:443
|
|
Packit |
aea12f |
for SSL 3.0 (RFC6101) support... yes
|
|
Packit |
aea12f |
whether we need to disable TLS 1.2... no
|
|
Packit |
aea12f |
whether we need to disable TLS 1.1... no
|
|
Packit |
aea12f |
whether we need to disable TLS 1.0... no
|
|
Packit |
aea12f |
whether %NO_EXTENSIONS is required... no
|
|
Packit |
aea12f |
whether %COMPAT is required... no
|
|
Packit |
aea12f |
for TLS 1.0 (RFC2246) support... yes
|
|
Packit |
aea12f |
for TLS 1.1 (RFC4346) support... yes
|
|
Packit |
aea12f |
for TLS 1.2 (RFC5246) support... yes
|
|
Packit |
aea12f |
fallback from TLS 1.6 to... TLS1.2
|
|
Packit |
aea12f |
for RFC7507 inappropriate fallback... yes
|
|
Packit |
aea12f |
for HTTPS server name... Local
|
|
Packit |
aea12f |
for certificate chain order... sorted
|
|
Packit |
aea12f |
for safe renegotiation (RFC5746) support... yes
|
|
Packit |
aea12f |
for Safe renegotiation support (SCSV)... no
|
|
Packit |
aea12f |
for encrypt\-then\-MAC (RFC7366) support... no
|
|
Packit |
aea12f |
for ext master secret (RFC7627) support... no
|
|
Packit |
aea12f |
for heartbeat (RFC6520) support... no
|
|
Packit |
aea12f |
for version rollback bug in RSA PMS... dunno
|
|
Packit |
aea12f |
for version rollback bug in Client Hello... no
|
|
Packit |
aea12f |
whether the server ignores the RSA PMS version... yes
|
|
Packit |
aea12f |
whether small records (512 bytes) are tolerated on handshake... yes
|
|
Packit |
aea12f |
whether cipher suites not in SSL 3.0 spec are accepted... yes
|
|
Packit |
aea12f |
whether a bogus TLS record version in the client hello is accepted... yes
|
|
Packit |
aea12f |
whether the server understands TLS closure alerts... partially
|
|
Packit |
aea12f |
whether the server supports session resumption... yes
|
|
Packit |
aea12f |
for anonymous authentication support... no
|
|
Packit |
aea12f |
for ephemeral Diffie\-Hellman support... no
|
|
Packit |
aea12f |
for ephemeral EC Diffie\-Hellman support... yes
|
|
Packit |
aea12f |
ephemeral EC Diffie\-Hellman group info... SECP256R1
|
|
Packit |
aea12f |
for AES\-128\-GCM cipher (RFC5288) support... yes
|
|
Packit |
aea12f |
for AES\-128\-CCM cipher (RFC6655) support... no
|
|
Packit |
aea12f |
for AES\-128\-CCM\-8 cipher (RFC6655) support... no
|
|
Packit |
aea12f |
for AES\-128\-CBC cipher (RFC3268) support... yes
|
|
Packit |
aea12f |
for CAMELLIA\-128\-GCM cipher (RFC6367) support... no
|
|
Packit |
aea12f |
for CAMELLIA\-128\-CBC cipher (RFC5932) support... no
|
|
Packit |
aea12f |
for 3DES\-CBC cipher (RFC2246) support... yes
|
|
Packit |
aea12f |
for ARCFOUR 128 cipher (RFC2246) support... yes
|
|
Packit |
aea12f |
for MD5 MAC support... yes
|
|
Packit |
aea12f |
for SHA1 MAC support... yes
|
|
Packit |
aea12f |
for SHA256 MAC support... yes
|
|
Packit |
aea12f |
for ZLIB compression support... no
|
|
Packit |
aea12f |
for max record size (RFC6066) support... no
|
|
Packit |
aea12f |
for OCSP status response (RFC6066) support... no
|
|
Packit |
aea12f |
for OpenPGP authentication (RFC6091) support... no
|
|
Packit |
aea12f |
.in -4
|
|
Packit |
aea12f |
.fi
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
You could also use the client to debug services with starttls capability.
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
.in +4
|
|
Packit |
aea12f |
.nf
|
|
Packit |
aea12f |
$ gnutls\-cli\-debug \-\-starttls\-proto smtp \-\-port 25 localhost
|
|
Packit |
aea12f |
.in -4
|
|
Packit |
aea12f |
.fi
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.SH "EXIT STATUS"
|
|
Packit |
aea12f |
One of the following exit values will be returned:
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP 0 " (EXIT_SUCCESS)"
|
|
Packit |
aea12f |
Successful program execution.
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP 1 " (EXIT_FAILURE)"
|
|
Packit |
aea12f |
The operation failed or the command syntax was not valid.
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP 70 " (EX_SOFTWARE)"
|
|
Packit |
aea12f |
libopts had an internal operational error. Please report
|
|
Packit |
aea12f |
it to autogen-users@lists.sourceforge.net. Thank you.
|
|
Packit |
aea12f |
.PP
|
|
Packit |
aea12f |
.SH "SEE ALSO"
|
|
Packit |
aea12f |
gnutls\-cli(1), gnutls\-serv(1)
|
|
Packit |
aea12f |
.SH "AUTHORS"
|
|
Packit |
aea12f |
Nikos Mavrogiannopoulos, Simon Josefsson and others; see /usr/share/doc/gnutls/AUTHORS for a complete list.
|
|
Packit |
aea12f |
.SH "COPYRIGHT"
|
|
Packit Service |
991b93 |
Copyright (C) 2000-2020 Free Software Foundation, and others all rights reserved.
|
|
Packit |
aea12f |
This program is released under the terms of the GNU General Public License, version 3 or later.
|
|
Packit |
aea12f |
.SH "BUGS"
|
|
Packit Service |
991b93 |
Please send bug reports to: bugs@gnutls.org
|
|
Packit |
aea12f |
.SH "NOTES"
|
|
Packit |
aea12f |
This manual page was \fIAutoGen\fP-erated from the \fBgnutls-cli-debug\fP
|
|
Packit |
aea12f |
option definitions.
|