gnutls-cli 3.5.8 Copyright (C) 2000-2017 Free Software Foundation, and others, all rights reserved. This is free software. It is licensed for use, modification and redistribution under the terms of the GNU General Public License, version 3 or later <http://gnu.org/licenses/gpl.html> Please send bug reports to: <bugs@gnutls.org>

gnutls-cli - GnuTLS client Usage: gnutls-cli [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [hostname] -d, --debug=num Enable debugging - it must be in the range: 0 to 9999 -V, --verbose More verbose output - may appear multiple times --tofu Enable trust on first use authentication - disabled as '--no-tofu' --strict-tofu Fail to connect if a known certificate has changed - disabled as '--no-strict-tofu' --dane Enable DANE certificate verification (DNSSEC) - disabled as '--no-dane' --local-dns Use the local DNS server for DNSSEC resolving - disabled as '--no-local-dns' --ca-verification Enable CA certificate verification - disabled as '--no-ca-verification' - enabled by default --ocsp Enable OCSP certificate verification - disabled as '--no-ocsp' -r, --resume Establish a session and resume -e, --rehandshake Establish a session and rehandshake -s, --starttls Connect, establish a plain session and start TLS --app-proto=str an alias for the 'starttls-proto' option --starttls-proto=str The application protocol to be used to obtain the server's certificate (https, ftp, smtp, imap, ldap, xmpp) - prohibits the option 'starttls' -u, --udp Use DTLS (datagram TLS) over UDP --mtu=num Set MTU for datagram TLS - it must be in the range: 0 to 17000 --crlf Send CR LF instead of LF --fastopen Enable TCP Fast Open --x509fmtder Use DER format for certificates to read from -f, --fingerprint Send the openpgp fingerprint, instead of the key --print-cert Print peer's certificate in PEM format --save-cert=str Save the peer's certificate chain in the specified file in PEM format --save-ocsp=str Save the peer's OCSP status response in the provided file --dh-bits=num The minimum number of bits allowed for DH --priority=str Priorities string --x509cafile=str Certificate file or PKCS #11 URL to use --x509crlfile=file CRL file to use - file must pre-exist --pgpkeyfile=file PGP Key file to use - file must pre-exist --pgpkeyring=file PGP Key ring file to use - file must pre-exist --pgpcertfile=file PGP Public Key (certificate) file to use - requires the option 'pgpkeyfile' - file must pre-exist --x509keyfile=str X.509 key file or PKCS #11 URL to use --x509certfile=str X.509 Certificate file or PKCS #11 URL to use - requires the option 'x509keyfile' --pgpsubkey=str PGP subkey to use (hex or auto) --srpusername=str SRP username to use --srppasswd=str SRP password to use --pskusername=str PSK username to use --pskkey=str PSK key (in hex) to use -p, --port=str The port or service to connect to --insecure Don't abort program if server certificate can't be validated --ranges Use length-hiding padding to prevent traffic analysis --benchmark-ciphers Benchmark individual ciphers --benchmark-tls-kx Benchmark TLS key exchange methods --benchmark-tls-ciphers Benchmark TLS ciphers -l, --list Print a list of the supported algorithms and modes - prohibits the option 'port' --priority-list Print a list of the supported priority strings --noticket Don't allow session tickets --srtp-profiles=str Offer SRTP profiles --alpn=str Application layer protocol - may appear multiple times -b, --heartbeat Activate heartbeat support --recordsize=num The maximum record size to advertize - it must be in the range: 0 to 4096 --disable-sni Do not send a Server Name Indication (SNI) --disable-extensions Disable all the TLS extensions --inline-commands Inline commands of the form ^<cmd>^ --inline-commands-prefix=str Change the default delimiter for inline commands. --provider=file Specify the PKCS #11 provider library - file must pre-exist --fips140-mode Reports the status of the FIPS140-2 mode in gnutls library -v, --version[=arg] output version information and exit -h, --help display extended usage information and exit -!, --more-help extended usage information passed thru pager Options are specified by doubled hyphens and their name or by a single hyphen and the flag character. Operands and options may be intermixed. They will be reordered. Simple client program to set up a TLS connection to some other computer. It sets up a TLS connection and forwards data from the standard input to the secured socket and vice versa. Please send bug reports to: <bugs@gnutls.org>