s_client.pod (264278) | s_client.pod (269682) |
---|---|
1 2=pod 3 4=head1 NAME 5 6s_client - SSL/TLS client program 7 8=head1 SYNOPSIS 9 10B<openssl> B<s_client> 11[B<-connect host:port>] | 1 2=pod 3 4=head1 NAME 5 6s_client - SSL/TLS client program 7 8=head1 SYNOPSIS 9 10B<openssl> B<s_client> 11[B<-connect host:port>] |
12[B<-servername name>] |
|
12[B<-verify depth>] 13[B<-verify_return_error>] 14[B<-cert filename>] 15[B<-certform DER|PEM>] 16[B<-key filename>] 17[B<-keyform DER|PEM>] 18[B<-pass arg>] 19[B<-CApath directory>] 20[B<-CAfile filename>] 21[B<-reconnect>] 22[B<-pause>] 23[B<-showcerts>] 24[B<-debug>] 25[B<-msg>] 26[B<-nbio_test>] 27[B<-state>] 28[B<-nbio>] 29[B<-crlf>] 30[B<-ign_eof>] | 13[B<-verify depth>] 14[B<-verify_return_error>] 15[B<-cert filename>] 16[B<-certform DER|PEM>] 17[B<-key filename>] 18[B<-keyform DER|PEM>] 19[B<-pass arg>] 20[B<-CApath directory>] 21[B<-CAfile filename>] 22[B<-reconnect>] 23[B<-pause>] 24[B<-showcerts>] 25[B<-debug>] 26[B<-msg>] 27[B<-nbio_test>] 28[B<-state>] 29[B<-nbio>] 30[B<-crlf>] 31[B<-ign_eof>] |
32[B<-no_ign_eof>] |
|
31[B<-quiet>] 32[B<-ssl2>] 33[B<-ssl3>] 34[B<-tls1>] 35[B<-no_ssl2>] 36[B<-no_ssl3>] 37[B<-no_tls1>] 38[B<-bugs>] 39[B<-cipher cipherlist>] | 33[B<-quiet>] 34[B<-ssl2>] 35[B<-ssl3>] 36[B<-tls1>] 37[B<-no_ssl2>] 38[B<-no_ssl3>] 39[B<-no_tls1>] 40[B<-bugs>] 41[B<-cipher cipherlist>] |
42[B<-serverpref>] |
|
40[B<-starttls protocol>] 41[B<-engine id>] 42[B<-tlsextdebug>] 43[B<-no_ticket>] 44[B<-sess_out filename>] 45[B<-sess_in filename>] 46[B<-rand file(s)>] | 43[B<-starttls protocol>] 44[B<-engine id>] 45[B<-tlsextdebug>] 46[B<-no_ticket>] 47[B<-sess_out filename>] 48[B<-sess_in filename>] 49[B<-rand file(s)>] |
50[B<-status>] 51[B<-nextprotoneg protocols>] |
|
47 48=head1 DESCRIPTION 49 50The B<s_client> command implements a generic SSL/TLS client which connects 51to a remote host using SSL/TLS. It is a I<very> useful diagnostic tool for 52SSL servers. 53 54=head1 OPTIONS 55 56=over 4 57 58=item B<-connect host:port> 59 60This specifies the host and optional port to connect to. If not specified 61then an attempt is made to connect to the local host on port 4433. 62 | 52 53=head1 DESCRIPTION 54 55The B<s_client> command implements a generic SSL/TLS client which connects 56to a remote host using SSL/TLS. It is a I<very> useful diagnostic tool for 57SSL servers. 58 59=head1 OPTIONS 60 61=over 4 62 63=item B<-connect host:port> 64 65This specifies the host and optional port to connect to. If not specified 66then an attempt is made to connect to the local host on port 4433. 67 |
68=item B<-servername name> 69 70Set the TLS SNI (Server Name Indication) extension in the ClientHello message. 71 |
|
63=item B<-cert certname> 64 65The certificate to use, if one is requested by the server. The default is 66not to use a certificate. 67 68=item B<-certform format> 69 70The certificate format to use: DER or PEM. PEM is the default. --- 96 unchanged lines hidden (view full) --- 167inhibit shutting down the connection when end of file is reached in the 168input. 169 170=item B<-quiet> 171 172inhibit printing of session and certificate information. This implicitly 173turns on B<-ign_eof> as well. 174 | 72=item B<-cert certname> 73 74The certificate to use, if one is requested by the server. The default is 75not to use a certificate. 76 77=item B<-certform format> 78 79The certificate format to use: DER or PEM. PEM is the default. --- 96 unchanged lines hidden (view full) --- 176inhibit shutting down the connection when end of file is reached in the 177input. 178 179=item B<-quiet> 180 181inhibit printing of session and certificate information. This implicitly 182turns on B<-ign_eof> as well. 183 |
184=item B<-no_ign_eof> 185 186shut down the connection when end of file is reached in the input. 187Can be used to override the implicit B<-ign_eof> after B<-quiet>. 188 |
|
175=item B<-psk_identity identity> 176 177Use the PSK identity B<identity> when using a PSK cipher suite. 178 179=item B<-psk key> 180 181Use the PSK key B<key> when using a PSK cipher suite. The key is 182given as a hexadecimal number without leading 0x, for example -psk --- 17 unchanged lines hidden (view full) --- 200 201=item B<-cipher cipherlist> 202 203this allows the cipher list sent by the client to be modified. Although 204the server determines which cipher suite is used it should take the first 205supported cipher in the list sent by the client. See the B<ciphers> 206command for more information. 207 | 189=item B<-psk_identity identity> 190 191Use the PSK identity B<identity> when using a PSK cipher suite. 192 193=item B<-psk key> 194 195Use the PSK key B<key> when using a PSK cipher suite. The key is 196given as a hexadecimal number without leading 0x, for example -psk --- 17 unchanged lines hidden (view full) --- 214 215=item B<-cipher cipherlist> 216 217this allows the cipher list sent by the client to be modified. Although 218the server determines which cipher suite is used it should take the first 219supported cipher in the list sent by the client. See the B<ciphers> 220command for more information. 221 |
222=item B<-serverpref> 223 224use the server's cipher preferences; only used for SSLV2. 225 |
|
208=item B<-starttls protocol> 209 210send the protocol-specific message(s) to switch to TLS for communication. 211B<protocol> is a keyword for the intended protocol. Currently, the only 212supported keywords are "smtp", "pop3", "imap", and "ftp". 213 214=item B<-tlsextdebug> 215 --- 22 unchanged lines hidden (view full) --- 238=item B<-rand file(s)> 239 240a file or files containing random data used to seed the random number 241generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). 242Multiple files can be specified separated by a OS-dependent character. 243The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for 244all others. 245 | 226=item B<-starttls protocol> 227 228send the protocol-specific message(s) to switch to TLS for communication. 229B<protocol> is a keyword for the intended protocol. Currently, the only 230supported keywords are "smtp", "pop3", "imap", and "ftp". 231 232=item B<-tlsextdebug> 233 --- 22 unchanged lines hidden (view full) --- 256=item B<-rand file(s)> 257 258a file or files containing random data used to seed the random number 259generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). 260Multiple files can be specified separated by a OS-dependent character. 261The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for 262all others. 263 |
264=item B<-status> 265 266sends a certificate status request to the server (OCSP stapling). The server 267response (if any) is printed out. 268 269=item B<-nextprotoneg protocols> 270 271enable Next Protocol Negotiation TLS extension and provide a list of 272comma-separated protocol names that the client should advertise 273support for. The list should contain most wanted protocols first. 274Protocol names are printable ASCII strings, for example "http/1.1" or 275"spdy/3". 276Empty list of protocols is treated specially and will cause the client to 277advertise support for the TLS extension but disconnect just after 278reciving ServerHello with a list of server supported protocols. 279 |
|
246=back 247 248=head1 CONNECTED COMMANDS 249 250If a connection is established with an SSL server then any data received 251from the server is displayed and any key presses will be sent to the 252server. When used interactively (which means neither B<-quiet> nor B<-ign_eof> 253have been given), the session will be renegotiated if the line begins with an --- 63 unchanged lines hidden --- | 280=back 281 282=head1 CONNECTED COMMANDS 283 284If a connection is established with an SSL server then any data received 285from the server is displayed and any key presses will be sent to the 286server. When used interactively (which means neither B<-quiet> nor B<-ign_eof> 287have been given), the session will be renegotiated if the line begins with an --- 63 unchanged lines hidden --- |