1
2=pod
3
4=head1 NAME
5
6s_client - SSL/TLS client program
7
8=head1 SYNOPSIS
9
10B<openssl> B<s_client>
11[B<-connect host:port>]
12[B<-verify depth>]
13[B<-verify_return_error>]
14[B<-cert filename>]
15[B<-certform DER|PEM>]
16[B<-key filename>]
17[B<-keyform DER|PEM>]
18[B<-pass arg>]
19[B<-CApath directory>]
20[B<-CAfile filename>]
21[B<-reconnect>]
22[B<-pause>]
23[B<-showcerts>]
24[B<-debug>]
25[B<-msg>]
26[B<-nbio_test>]
27[B<-state>]
28[B<-nbio>]
29[B<-crlf>]
30[B<-ign_eof>]
31[B<-quiet>]
32[B<-ssl2>]
33[B<-ssl3>]
34[B<-tls1>]
35[B<-no_ssl2>]
36[B<-no_ssl3>]
37[B<-no_tls1>]
38[B<-bugs>]
39[B<-cipher cipherlist>]
40[B<-starttls protocol>]
41[B<-engine id>]
42[B<-tlsextdebug>]
43[B<-no_ticket>]
44[B<-sess_out filename>]
45[B<-sess_in filename>]
46[B<-rand file(s)>]
47
48=head1 DESCRIPTION
49
50The B<s_client> command implements a generic SSL/TLS client which connects
51to a remote host using SSL/TLS. It is a I<very> useful diagnostic tool for
52SSL servers.
53
54=head1 OPTIONS
55
56=over 4
57
58=item B<-connect host:port>
59
60This specifies the host and optional port to connect to. If not specified
61then an attempt is made to connect to the local host on port 4433.
62
63=item B<-cert certname>
64
65The certificate to use, if one is requested by the server. The default is
66not to use a certificate.
67
68=item B<-certform format>
69
70The certificate format to use: DER or PEM. PEM is the default.
--- 96 unchanged lines hidden (view full) ---
167inhibit shutting down the connection when end of file is reached in the
168input.
169
170=item B<-quiet>
171
172inhibit printing of session and certificate information. This implicitly
173turns on B<-ign_eof> as well.
174
175=item B<-psk_identity identity>
176
177Use the PSK identity B<identity> when using a PSK cipher suite.
178
179=item B<-psk key>
180
181Use the PSK key B<key> when using a PSK cipher suite. The key is
182given as a hexadecimal number without leading 0x, for example -psk
--- 17 unchanged lines hidden (view full) ---
200
201=item B<-cipher cipherlist>
202
203this allows the cipher list sent by the client to be modified. Although
204the server determines which cipher suite is used it should take the first
205supported cipher in the list sent by the client. See the B<ciphers>
206command for more information.
207
208=item B<-starttls protocol>
209
210send the protocol-specific message(s) to switch to TLS for communication.
211B<protocol> is a keyword for the intended protocol. Currently, the only
212supported keywords are "smtp", "pop3", "imap", and "ftp".
213
214=item B<-tlsextdebug>
215
--- 22 unchanged lines hidden (view full) ---
238=item B<-rand file(s)>
239
240a file or files containing random data used to seed the random number
241generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
242Multiple files can be specified separated by a OS-dependent character.
243The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
244all others.
245
246=back
247
248=head1 CONNECTED COMMANDS
249
250If a connection is established with an SSL server then any data received
251from the server is displayed and any key presses will be sent to the
252server. When used interactively (which means neither B<-quiet> nor B<-ign_eof>
253have been given), the session will be renegotiated if the line begins with an
--- 63 unchanged lines hidden ---
2=pod
3
4=head1 NAME
5
6s_client - SSL/TLS client program
7
8=head1 SYNOPSIS
9
10B<openssl> B<s_client>
11[B<-connect host:port>]
12[B<-verify depth>]
13[B<-verify_return_error>]
14[B<-cert filename>]
15[B<-certform DER|PEM>]
16[B<-key filename>]
17[B<-keyform DER|PEM>]
18[B<-pass arg>]
19[B<-CApath directory>]
20[B<-CAfile filename>]
21[B<-reconnect>]
22[B<-pause>]
23[B<-showcerts>]
24[B<-debug>]
25[B<-msg>]
26[B<-nbio_test>]
27[B<-state>]
28[B<-nbio>]
29[B<-crlf>]
30[B<-ign_eof>]
31[B<-quiet>]
32[B<-ssl2>]
33[B<-ssl3>]
34[B<-tls1>]
35[B<-no_ssl2>]
36[B<-no_ssl3>]
37[B<-no_tls1>]
38[B<-bugs>]
39[B<-cipher cipherlist>]
40[B<-starttls protocol>]
41[B<-engine id>]
42[B<-tlsextdebug>]
43[B<-no_ticket>]
44[B<-sess_out filename>]
45[B<-sess_in filename>]
46[B<-rand file(s)>]
47
48=head1 DESCRIPTION
49
50The B<s_client> command implements a generic SSL/TLS client which connects
51to a remote host using SSL/TLS. It is a I<very> useful diagnostic tool for
52SSL servers.
53
54=head1 OPTIONS
55
56=over 4
57
58=item B<-connect host:port>
59
60This specifies the host and optional port to connect to. If not specified
61then an attempt is made to connect to the local host on port 4433.
62
63=item B<-cert certname>
64
65The certificate to use, if one is requested by the server. The default is
66not to use a certificate.
67
68=item B<-certform format>
69
70The certificate format to use: DER or PEM. PEM is the default.
--- 96 unchanged lines hidden (view full) ---
167inhibit shutting down the connection when end of file is reached in the
168input.
169
170=item B<-quiet>
171
172inhibit printing of session and certificate information. This implicitly
173turns on B<-ign_eof> as well.
174
175=item B<-psk_identity identity>
176
177Use the PSK identity B<identity> when using a PSK cipher suite.
178
179=item B<-psk key>
180
181Use the PSK key B<key> when using a PSK cipher suite. The key is
182given as a hexadecimal number without leading 0x, for example -psk
--- 17 unchanged lines hidden (view full) ---
200
201=item B<-cipher cipherlist>
202
203this allows the cipher list sent by the client to be modified. Although
204the server determines which cipher suite is used it should take the first
205supported cipher in the list sent by the client. See the B<ciphers>
206command for more information.
207
208=item B<-starttls protocol>
209
210send the protocol-specific message(s) to switch to TLS for communication.
211B<protocol> is a keyword for the intended protocol. Currently, the only
212supported keywords are "smtp", "pop3", "imap", and "ftp".
213
214=item B<-tlsextdebug>
215
--- 22 unchanged lines hidden (view full) ---
238=item B<-rand file(s)>
239
240a file or files containing random data used to seed the random number
241generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
242Multiple files can be specified separated by a OS-dependent character.
243The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
244all others.
245
246=back
247
248=head1 CONNECTED COMMANDS
249
250If a connection is established with an SSL server then any data received
251from the server is displayed and any key presses will be sent to the
252server. When used interactively (which means neither B<-quiet> nor B<-ign_eof>
253have been given), the session will be renegotiated if the line begins with an
--- 63 unchanged lines hidden ---