|
Packit Service |
4684c1 |
AutoGen Definitions options;
|
|
Packit Service |
4684c1 |
prog-name = gnutls-cli-debug;
|
|
Packit Service |
4684c1 |
prog-title = "GnuTLS debug client";
|
|
Packit Service |
4684c1 |
prog-desc = "Simple client program to check TLS server capabilities.";
|
|
Packit Service |
4684c1 |
short-usage = "Usage: gnutls-cli-debug [options] hostname\n"
|
|
Packit Service |
4684c1 |
"gnutls-cli --help for usage instructions.\n";
|
|
Packit Service |
4684c1 |
explain = "";
|
|
Packit Service |
4684c1 |
detail = "TLS debug client. It sets up multiple TLS connections to
|
|
Packit Service |
4684c1 |
a server and queries its capabilities. It was created to assist in debugging
|
|
Packit Service |
4684c1 |
GnuTLS, but it might be useful to extract a TLS server's capabilities.
|
|
Packit Service |
4684c1 |
It connects to a TLS server, performs tests and print the server's
|
|
Packit Service |
4684c1 |
capabilities. If called with the `-V' parameter more checks will be performed.
|
|
Packit Service |
4684c1 |
Can be used to check for servers with special needs or bugs.";
|
|
Packit Service |
4684c1 |
reorder-args;
|
|
Packit Service |
4684c1 |
argument;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define VERBOSE_OPT 1
|
|
Packit Service |
4684c1 |
#include args-std.def
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
flag = {
|
|
Packit Service |
4684c1 |
name = port;
|
|
Packit Service |
4684c1 |
value = p;
|
|
Packit Service |
4684c1 |
arg-type = number;
|
|
Packit Service |
4684c1 |
arg-range = "0 -> 65536";
|
|
Packit Service |
4684c1 |
descrip = "The port to connect to";
|
|
Packit Service |
4684c1 |
doc = "";
|
|
Packit Service |
4684c1 |
};
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
flag = {
|
|
Packit Service |
4684c1 |
name = app-proto;
|
|
Packit Service |
4684c1 |
aliases = starttls-proto;
|
|
Packit Service |
4684c1 |
};
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
flag = {
|
|
Packit Service |
4684c1 |
name = starttls-proto;
|
|
Packit Service |
4684c1 |
arg-type = string;
|
|
Packit Service |
4684c1 |
descrip = "The application protocol to be used to obtain the server's certificate (https, ftp, smtp, imap, ldap, xmpp, lmtp, pop3, nntp, sieve, postgres)";
|
|
Packit Service |
4684c1 |
doc = "Specify the application layer protocol for STARTTLS. If the protocol is supported, gnutls-cli will proceed to the TLS negotiation.";
|
|
Packit Service |
4684c1 |
};
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
doc-section = {
|
|
Packit Service |
4684c1 |
ds-type = 'SEE ALSO'; // or anything else
|
|
Packit Service |
4684c1 |
ds-format = 'texi'; // or texi or mdoc format
|
|
Packit Service |
4684c1 |
ds-text = <<-_EOText_
|
|
Packit Service |
4684c1 |
gnutls-cli(1), gnutls-serv(1)
|
|
Packit Service |
4684c1 |
_EOText_;
|
|
Packit Service |
4684c1 |
};
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
doc-section = {
|
|
Packit Service |
4684c1 |
ds-type = 'EXAMPLES';
|
|
Packit Service |
4684c1 |
ds-format = 'texi';
|
|
Packit Service |
4684c1 |
ds-text = <<-_EOF_
|
|
Packit Service |
4684c1 |
@example
|
|
Packit Service |
4684c1 |
$ gnutls-cli-debug localhost
|
|
Packit Service |
4684c1 |
GnuTLS debug client 3.5.0
|
|
Packit Service |
4684c1 |
Checking localhost:443
|
|
Packit Service |
4684c1 |
for SSL 3.0 (RFC6101) support... yes
|
|
Packit Service |
4684c1 |
whether we need to disable TLS 1.2... no
|
|
Packit Service |
4684c1 |
whether we need to disable TLS 1.1... no
|
|
Packit Service |
4684c1 |
whether we need to disable TLS 1.0... no
|
|
Packit Service |
4684c1 |
whether %NO_EXTENSIONS is required... no
|
|
Packit Service |
4684c1 |
whether %COMPAT is required... no
|
|
Packit Service |
4684c1 |
for TLS 1.0 (RFC2246) support... yes
|
|
Packit Service |
4684c1 |
for TLS 1.1 (RFC4346) support... yes
|
|
Packit Service |
4684c1 |
for TLS 1.2 (RFC5246) support... yes
|
|
Packit Service |
4684c1 |
fallback from TLS 1.6 to... TLS1.2
|
|
Packit Service |
4684c1 |
for RFC7507 inappropriate fallback... yes
|
|
Packit Service |
4684c1 |
for HTTPS server name... Local
|
|
Packit Service |
4684c1 |
for certificate chain order... sorted
|
|
Packit Service |
4684c1 |
for safe renegotiation (RFC5746) support... yes
|
|
Packit Service |
4684c1 |
for Safe renegotiation support (SCSV)... no
|
|
Packit Service |
4684c1 |
for encrypt-then-MAC (RFC7366) support... no
|
|
Packit Service |
4684c1 |
for ext master secret (RFC7627) support... no
|
|
Packit Service |
4684c1 |
for heartbeat (RFC6520) support... no
|
|
Packit Service |
4684c1 |
for version rollback bug in RSA PMS... dunno
|
|
Packit Service |
4684c1 |
for version rollback bug in Client Hello... no
|
|
Packit Service |
4684c1 |
whether the server ignores the RSA PMS version... yes
|
|
Packit Service |
4684c1 |
whether small records (512 bytes) are tolerated on handshake... yes
|
|
Packit Service |
4684c1 |
whether cipher suites not in SSL 3.0 spec are accepted... yes
|
|
Packit Service |
4684c1 |
whether a bogus TLS record version in the client hello is accepted... yes
|
|
Packit Service |
4684c1 |
whether the server understands TLS closure alerts... partially
|
|
Packit Service |
4684c1 |
whether the server supports session resumption... yes
|
|
Packit Service |
4684c1 |
for anonymous authentication support... no
|
|
Packit Service |
4684c1 |
for ephemeral Diffie-Hellman support... no
|
|
Packit Service |
4684c1 |
for ephemeral EC Diffie-Hellman support... yes
|
|
Packit Service |
4684c1 |
ephemeral EC Diffie-Hellman group info... SECP256R1
|
|
Packit Service |
4684c1 |
for AES-128-GCM cipher (RFC5288) support... yes
|
|
Packit Service |
4684c1 |
for AES-128-CCM cipher (RFC6655) support... no
|
|
Packit Service |
4684c1 |
for AES-128-CCM-8 cipher (RFC6655) support... no
|
|
Packit Service |
4684c1 |
for AES-128-CBC cipher (RFC3268) support... yes
|
|
Packit Service |
4684c1 |
for CAMELLIA-128-GCM cipher (RFC6367) support... no
|
|
Packit Service |
4684c1 |
for CAMELLIA-128-CBC cipher (RFC5932) support... no
|
|
Packit Service |
4684c1 |
for 3DES-CBC cipher (RFC2246) support... yes
|
|
Packit Service |
4684c1 |
for ARCFOUR 128 cipher (RFC2246) support... yes
|
|
Packit Service |
4684c1 |
for MD5 MAC support... yes
|
|
Packit Service |
4684c1 |
for SHA1 MAC support... yes
|
|
Packit Service |
4684c1 |
for SHA256 MAC support... yes
|
|
Packit Service |
4684c1 |
for ZLIB compression support... no
|
|
Packit Service |
4684c1 |
for max record size (RFC6066) support... no
|
|
Packit Service |
4684c1 |
for OCSP status response (RFC6066) support... no
|
|
Packit Service |
4684c1 |
for OpenPGP authentication (RFC6091) support... no
|
|
Packit Service |
4684c1 |
@end example
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
You could also use the client to debug services with starttls capability.
|
|
Packit Service |
4684c1 |
@example
|
|
Packit Service |
4684c1 |
$ gnutls-cli-debug --starttls-proto smtp --port 25 localhost
|
|
Packit Service |
4684c1 |
@end example
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_EOF_;
|
|
Packit Service |
4684c1 |
};
|
|
Packit Service |
4684c1 |
|