version 1.109, 2019/07/09 11:19:05 |
version 1.110, 2019/07/11 10:31:48 |
|
|
.nr nS 1 |
.nr nS 1 |
.Nm "openssl s_client" |
.Nm "openssl s_client" |
.Op Fl 4 | 6 |
.Op Fl 4 | 6 |
|
.Op Fl alpn Ar protocols |
.Op Fl bugs |
.Op Fl bugs |
.Op Fl CAfile Ar file |
.Op Fl CAfile Ar file |
.Op Fl CApath Ar directory |
.Op Fl CApath Ar directory |
.Op Fl cert Ar file |
.Op Fl cert Ar file |
|
.Op Fl certform Cm der | pem |
.Op Fl check_ss_sig |
.Op Fl check_ss_sig |
.Op Fl cipher Ar cipherlist |
.Op Fl cipher Ar cipherlist |
.Op Fl connect Ar host Ns Op : Ns Ar port |
.Op Fl connect Ar host Ns Op : Ns Ar port |
|
|
.Op Fl crl_check_all |
.Op Fl crl_check_all |
.Op Fl crlf |
.Op Fl crlf |
.Op Fl debug |
.Op Fl debug |
|
.Op Fl dtls1 |
.Op Fl extended_crl |
.Op Fl extended_crl |
.Op Fl groups |
.Op Fl groups |
|
.Op Fl host Ar host |
.Op Fl ign_eof |
.Op Fl ign_eof |
.Op Fl ignore_critical |
.Op Fl ignore_critical |
.Op Fl issuer_checks |
.Op Fl issuer_checks |
.Op Fl key Ar keyfile |
.Op Fl key Ar keyfile |
|
.Op Fl keyform Cm der | pem |
|
.Op Fl keymatexport Ar label |
|
.Op Fl keymatexportlen Ar len |
|
.Op Fl legacy_server_connect |
.Op Fl msg |
.Op Fl msg |
|
.Op Fl mtu Ar mtu |
.Op Fl nbio |
.Op Fl nbio |
.Op Fl nbio_test |
.Op Fl nbio_test |
|
.Op Fl no_comp |
|
.Op Fl no_ign_eof |
|
.Op Fl no_legacy_server_connect |
.Op Fl no_ticket |
.Op Fl no_ticket |
.Op Fl no_tls1 |
.Op Fl no_tls1 |
.Op Fl no_tls1_1 |
.Op Fl no_tls1_1 |
.Op Fl no_tls1_2 |
.Op Fl no_tls1_2 |
|
.Op Fl pass Ar arg |
.Op Fl pause |
.Op Fl pause |
.Op Fl policy_check |
.Op Fl policy_check |
|
.Op Fl port Ar port |
.Op Fl prexit |
.Op Fl prexit |
.Op Fl proxy Ar host : Ns Ar port |
.Op Fl proxy Ar host : Ns Ar port |
.Op Fl psk Ar key |
|
.Op Fl psk_identity Ar identity |
|
.Op Fl quiet |
.Op Fl quiet |
.Op Fl reconnect |
.Op Fl reconnect |
.Op Fl servername Ar name |
.Op Fl servername Ar name |
|
.Op Fl serverpref |
|
.Op Fl sess_in Ar file |
|
.Op Fl sess_out Ar file |
.Op Fl showcerts |
.Op Fl showcerts |
.Op Fl starttls Ar protocol |
.Op Fl starttls Ar protocol |
.Op Fl state |
.Op Fl state |
|
.Op Fl status |
|
.Op Fl timeout |
.Op Fl tls1 |
.Op Fl tls1 |
.Op Fl tls1_1 |
.Op Fl tls1_1 |
.Op Fl tls1_2 |
.Op Fl tls1_2 |
.Op Fl tlsextdebug |
.Op Fl tlsextdebug |
|
.Op Fl use_srtp Ar profiles |
.Op Fl verify Ar depth |
.Op Fl verify Ar depth |
|
.Op Fl verify_return_error |
.Op Fl x509_strict |
.Op Fl x509_strict |
.Op Fl xmpphost Ar host |
.Op Fl xmpphost Ar host |
.nr nS 0 |
.nr nS 0 |
|
|
Attempt connections using IPv4 only. |
Attempt connections using IPv4 only. |
.It Fl 6 |
.It Fl 6 |
Attempt connections using IPv6 only. |
Attempt connections using IPv6 only. |
|
.It Fl alpn Ar protocols |
|
Enable the Application-Layer Protocol Negotiation. |
|
.Ar protocols |
|
is a comma-separated list of protocol names that the client should advertise |
|
support for. |
.It Fl bugs |
.It Fl bugs |
Enable various workarounds for buggy implementations. |
Enable various workarounds for buggy implementations. |
.It Fl CAfile Ar file |
.It Fl CAfile Ar file |
|
|
.It Fl cert Ar file |
.It Fl cert Ar file |
The certificate to use, if one is requested by the server. |
The certificate to use, if one is requested by the server. |
The default is not to use a certificate. |
The default is not to use a certificate. |
|
.It Fl certform Cm der | pem |
|
The certificate format. |
|
The default is |
|
.Cm pem . |
.It Xo |
.It Xo |
.Fl check_ss_sig , |
.Fl check_ss_sig , |
.Fl crl_check , |
.Fl crl_check , |
|
|
as required by some servers. |
as required by some servers. |
.It Fl debug |
.It Fl debug |
Print extensive debugging information, including a hex dump of all traffic. |
Print extensive debugging information, including a hex dump of all traffic. |
|
.It Fl dtls1 |
|
Permit only DTLS1.0. |
.It Fl groups Ar ecgroups |
.It Fl groups Ar ecgroups |
Specify a colon-separated list of permitted EC curve groups. |
Specify a colon-separated list of permitted EC curve groups. |
|
.It Fl host Ar host |
|
The |
|
.Ar host |
|
to connect to. |
|
The default is localhost. |
.It Fl ign_eof |
.It Fl ign_eof |
Inhibit shutting down the connection when end of file is reached in the input. |
Inhibit shutting down the connection when end of file is reached in the input. |
.It Fl key Ar keyfile |
.It Fl key Ar keyfile |
The private key to use. |
The private key to use. |
If not specified, the certificate file will be used. |
If not specified, the certificate file will be used. |
|
.It Fl keyform Cm der | pem |
|
The private key format. |
|
The default is |
|
.Cm pem . |
|
.It Fl keymatexport Ar label |
|
Export keying material using label. |
|
.It Fl keymatexportlen Ar len |
|
Export len bytes of keying material (default 20). |
|
.It Fl legacy_server_connect , no_legacy_server_connect |
|
Allow or disallow initial connection to servers that don't support RI. |
.It Fl msg |
.It Fl msg |
Show all protocol messages with hex dump. |
Show all protocol messages with hex dump. |
|
.It Fl mtu Ar mtu |
|
Set the link layer MTU. |
.It Fl nbio |
.It Fl nbio |
Turn on non-blocking I/O. |
Turn on non-blocking I/O. |
.It Fl nbio_test |
.It Fl nbio_test |
Test non-blocking I/O. |
Test non-blocking I/O. |
|
.It Fl no_ign_eof |
|
Shut down the connection when end of file is reached in the input. |
|
Can be used to override the implicit |
|
.Fl ign_eof |
|
after |
|
.Fl quiet . |
.It Fl no_tls1 | no_tls1_1 | no_tls1_2 |
.It Fl no_tls1 | no_tls1_1 | no_tls1_2 |
Disable the use of TLS1.0, 1.1, and 1.2, respectively. |
Disable the use of TLS1.0, 1.1, and 1.2, respectively. |
.It Fl no_ticket |
.It Fl no_ticket |
Disable RFC 4507 session ticket support. |
Disable RFC 4507 session ticket support. |
|
.It Fl pass Ar arg |
|
The private key password source. |
.It Fl pause |
.It Fl pause |
Pause 1 second between each read and write call. |
Pause 1 second between each read and write call. |
|
.It Fl port Ar port |
|
The |
|
.Ar port |
|
to connect to. |
|
The default is 4433. |
.It Fl prexit |
.It Fl prexit |
Print session information when the program exits. |
Print session information when the program exits. |
This will always attempt |
This will always attempt |
|
|
If not specified, localhost is used as final destination. |
If not specified, localhost is used as final destination. |
After that, switch the connection through the proxy to the destination |
After that, switch the connection through the proxy to the destination |
to TLS. |
to TLS. |
.It Fl psk Ar key |
|
Use the PSK key |
|
.Ar key |
|
when using a PSK cipher suite. |
|
The key is given as a hexadecimal number without the leading 0x, |
|
for example -psk 1a2b3c4d. |
|
.It Fl psk_identity Ar identity |
|
Use the PSK |
|
.Ar identity |
|
when using a PSK cipher suite. |
|
.It Fl quiet |
.It Fl quiet |
Inhibit printing of session and certificate information. |
Inhibit printing of session and certificate information. |
This implicitly turns on |
This implicitly turns on |
|
|
.It Fl showcerts |
.It Fl showcerts |
Display the whole server certificate chain: normally only the server |
Display the whole server certificate chain: normally only the server |
certificate itself is displayed. |
certificate itself is displayed. |
|
.It Fl serverpref |
|
Use the server's cipher preferences. |
|
.It Fl sess_in Ar file |
|
Load TLS session from file. |
|
The client will attempt to resume a connection from this session. |
|
.It Fl sess_out Ar file |
|
Output TLS session to file. |
.It Fl starttls Ar protocol |
.It Fl starttls Ar protocol |
Send the protocol-specific messages to switch to TLS for communication. |
Send the protocol-specific messages to switch to TLS for communication. |
.Ar protocol |
.Ar protocol |
|
|
.Qq xmpp . |
.Qq xmpp . |
.It Fl state |
.It Fl state |
Print the SSL session states. |
Print the SSL session states. |
|
.It Fl status |
|
Send a certificate status request to the server (OCSP stapling). |
|
The server response (if any) is printed out. |
|
.It Fl timeout |
|
Enable send/receive timeout on DTLS connections. |
.It Fl tls1 | tls1_1 | tls1_2 |
.It Fl tls1 | tls1_1 | tls1_2 |
Permit only TLS1.0, 1.1, or 1.2, respectively. |
Permit only TLS1.0, 1.1, or 1.2, respectively. |
.It Fl tlsextdebug |
.It Fl tlsextdebug |
Print a hex dump of any TLS extensions received from the server. |
Print a hex dump of any TLS extensions received from the server. |
|
.It Fl use_srtp Ar profiles |
|
Offer SRTP key management with a colon-separated profile list. |
.It Fl verify Ar depth |
.It Fl verify Ar depth |
Turn on server certificate verification, |
Turn on server certificate verification, |
with a maximum length of |
with a maximum length of |
|
|
with a certificate chain can be seen. |
with a certificate chain can be seen. |
As a side effect the connection will never fail due to a server |
As a side effect the connection will never fail due to a server |
certificate verify failure. |
certificate verify failure. |
|
.It Fl verify_return_error |
|
Return verification error. |
.It Fl xmpphost Ar hostname |
.It Fl xmpphost Ar hostname |
When used with |
When used with |
.Fl starttls Ar xmpp , |
.Fl starttls Ar xmpp , |