manpagez: man pages & more
info gnutls
Home | html | info | man
[ << ] [ < ] [ Up ] [ > ] [ >> ]         [Top] [Contents] [Index] [ ? ]

9.1 The gnutls-cli tool

Simple client program to set up a TLS connection to some other computer. It sets up a TLS connection and forwards data from the standard input to the secured socket and vice versa.

GnuTLS test client
Usage:  gnutls-cli [options] hostname

     -d, --debug integer      Enable debugging
     -r, --resume             Connect, establish a session. Connect
                              again and resume this session.
     -s, --starttls           Connect, establish a plain session and
                              start TLS when EOF or a SIGALRM is
                              received.
     --crlf                   Send CR LF instead of LF.
     --x509fmtder             Use DER format for certificates to read
                              from.
     -f, --fingerprint        Send the openpgp fingerprint, instead
                              of the key.
     --disable-extensions     Disable all the TLS extensions.
     --print-cert             Print the certificate in PEM format.
     --recordsize integer     The maximum record size to advertize.
     -V, --verbose            More verbose output.
     --ciphers cipher1 cipher2...
                              Ciphers to enable.
     --protocols protocol1 protocol2...
                              Protocols to enable.
     --comp comp1 comp2...    Compression methods to enable.
     --macs mac1 mac2...      MACs to enable.
     --kx kx1 kx2...          Key exchange methods to enable.
     --ctypes certType1 certType2...
                              Certificate types to enable.
     --priority PRIORITY STRING
                              Priorities string.
     --x509cafile FILE        Certificate file to use.
     --x509crlfile FILE       CRL file to use.
     --pgpkeyfile FILE        PGP Key file to use.
     --pgpkeyring FILE        PGP Key ring file to use.
     --pgpcertfile FILE       PGP Public Key (certificate) file to
                              use.
     --pgpsubkey HEX|auto     PGP subkey to use.
     --x509keyfile FILE       X.509 key file to use.
     --x509certfile FILE      X.509 Certificate file to use.
     --srpusername NAME       SRP username to use.
     --srppasswd PASSWD       SRP password to use.
     --pskusername NAME       PSK username to use.
     --pskkey KEY             PSK key (in hex) to use.
     --opaque-prf-input DATA
                              Use Opaque PRF Input DATA.
     -p, --port PORT          The port to connect to.
     --insecure               Don't abort program if server
                              certificate can't be validated.
     -l, --list               Print a list of the supported
                              algorithms and modes.
     -h, --help               prints this help
     -v, --version            prints the program's version number

Example client PSK connection

To connect to a server using PSK authentication, you need to enable the choice of PSK by using a cipher priority parameter such as in the example below.

$ ./gnutls-cli -p 5556 localhost --pskusername psk_identity \
  --pskkey 88f3824b3e5659f52d00e959bacab954b6540344 \
  --priority NORMAL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK
Resolving 'localhost'...
Connecting to '127.0.0.1:5556'...
- PSK authentication.
- Version: TLS1.1
- Key Exchange: PSK
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed

- Simple Client Mode:

By keeping the --pskusername parameter and removing the --pskkey parameter, it will query only for the password during the handshake.

Listing the ciphersuites in a priority string

$ ./gnutls-cli --priority SECURE192 -l
Cipher suites for SECURE192
TLS_ECDHE_ECDSA_AES_256_CBC_SHA384                0xc0, 0x24	TLS1.2
TLS_ECDHE_ECDSA_AES_256_GCM_SHA384                0xc0, 0x2e	TLS1.2
TLS_ECDHE_RSA_AES_256_GCM_SHA384                  0xc0, 0x30	TLS1.2
TLS_DHE_RSA_AES_256_CBC_SHA256                    0x00, 0x6b	TLS1.2
TLS_DHE_DSS_AES_256_CBC_SHA256                    0x00, 0x6a	TLS1.2
TLS_RSA_AES_256_CBC_SHA256                        0x00, 0x3d	TLS1.2

[ << ] [ < ] [ Up ] [ > ] [ >> ]         [Top] [Contents] [Index] [ ? ]

This document was generated on January 21, 2012 using texi2html 5.0.

© manpagez.com 2000-2019
Individual documents may contain additional copyright information.