diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-10-17 08:57:02 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-10-17 09:36:39 +0200 |
| commit | b64f979d6e57ff7d0d916af5223473728f01b651 (patch) | |
| tree | 81a373b773daa11f0df264b2511d116a9da2f923 | |
| parent | 21a1184961357f8b90a2e28c9ddc6150a889a37c (diff) | |
| download | gnutls-b64f979d6e57ff7d0d916af5223473728f01b651.tar.gz | |
gnutls-cli-debug: updated doc
| -rw-r--r-- | src/cli-debug-args.def | 94 |
1 files changed, 49 insertions, 45 deletions
diff --git a/src/cli-debug-args.def b/src/cli-debug-args.def index 728f204139..5146c70cab 100644 --- a/src/cli-debug-args.def +++ b/src/cli-debug-args.def @@ -35,9 +35,10 @@ flag = { name = starttls-proto; arg-type = string; descrip = "The application protocol to be used to obtain the server's certificate (https, ftp, smtp, imap, ldap, xmpp)"; - doc = ""; + doc = "Specify the application layer protocol for STARTTLS. If the protocol is supported, gnutls-cli will proceed to the TLS negotiation."; }; + doc-section = { ds-type = 'SEE ALSO'; // or anything else ds-format = 'texi'; // or texi or mdoc format @@ -52,50 +53,53 @@ doc-section = { ds-text = <<-_EOF_ @example $ ../src/gnutls-cli-debug localhost -Resolving 'localhost'... -Connecting to '127.0.0.1:443'... -Checking for SSL 3.0 support... yes -Checking whether %COMPAT is required... no -Checking for TLS 1.0 support... yes -Checking for TLS 1.1 support... no -Checking fallback from TLS 1.1 to... TLS 1.0 -Checking for TLS 1.2 support... no -Checking whether we need to disable TLS 1.0... N/A -Checking for Safe renegotiation support... yes -Checking for Safe renegotiation support (SCSV)... yes -Checking for HTTPS server name... not checked -Checking for version rollback bug in RSA PMS... no -Checking for version rollback bug in Client Hello... no -Checking whether the server ignores the RSA PMS version... no -Checking whether the server can accept Hello Extensions... yes -Checking whether the server can accept small records (512 bytes)... yes -Checking whether the server can accept cipher suites not in SSL 3.0 spec... yes -Checking whether the server can accept a bogus TLS record version in the client hello... yes -Checking for certificate information... N/A -Checking for trusted CAs... N/A -Checking whether the server understands TLS closure alerts... partially -Checking whether the server supports session resumption... yes -Checking for export-grade ciphersuite support... no -Checking RSA-export ciphersuite info... N/A -Checking for anonymous authentication support... no -Checking anonymous Diffie-Hellman group info... N/A -Checking for ephemeral Diffie-Hellman support... no -Checking ephemeral Diffie-Hellman group info... N/A -Checking for ephemeral EC Diffie-Hellman support... yes -Checking ephemeral EC Diffie-Hellman group info... - Curve SECP256R1 -Checking for AES-GCM cipher support... no -Checking for AES-CBC cipher support... yes -Checking for CAMELLIA cipher support... no -Checking for 3DES-CBC cipher support... yes -Checking for ARCFOUR 128 cipher support... yes -Checking for ARCFOUR 40 cipher support... no -Checking for MD5 MAC support... yes -Checking for SHA1 MAC support... yes -Checking for SHA256 MAC support... no -Checking for ZLIB compression support... no -Checking for max record size... no -Checking for OpenPGP authentication support... no +GnuTLS debug client 3.5.0 +Checking localhost:443 + for SSL 3.0 (RFC6101) support... yes + whether we need to disable TLS 1.2... no + whether we need to disable TLS 1.1... no + whether we need to disable TLS 1.0... no + whether %NO_EXTENSIONS is required... no + whether %COMPAT is required... no + for TLS 1.0 (RFC2246) support... yes + for TLS 1.1 (RFC4346) support... yes + for TLS 1.2 (RFC5246) support... yes + fallback from TLS 1.6 to... TLS1.2 + for RFC7507 inappropriate fallback... yes + for HTTPS server name... Local + for certificate chain order... sorted + for safe renegotiation (RFC5746) support... yes + for Safe renegotiation support (SCSV)... no + for encrypt-then-MAC (RFC7366) support... no + for ext master secret (RFC7627) support... no + for heartbeat (RFC6520) support... no + for version rollback bug in RSA PMS... dunno + for version rollback bug in Client Hello... no + whether the server ignores the RSA PMS version... yes +whether small records (512 bytes) are tolerated on handshake... yes + whether cipher suites not in SSL 3.0 spec are accepted... yes +whether a bogus TLS record version in the client hello is accepted... yes + whether the server understands TLS closure alerts... partially + whether the server supports session resumption... yes + for anonymous authentication support... no + for ephemeral Diffie-Hellman support... no + for ephemeral EC Diffie-Hellman support... yes + ephemeral EC Diffie-Hellman group info... SECP256R1 + for AES-128-GCM cipher (RFC5288) support... yes + for AES-128-CCM cipher (RFC6655) support... no + for AES-128-CCM-8 cipher (RFC6655) support... no + for AES-128-CBC cipher (RFC3268) support... yes + for CAMELLIA-128-GCM cipher (RFC6367) support... no + for CAMELLIA-128-CBC cipher (RFC5932) support... no + for 3DES-CBC cipher (RFC2246) support... yes + for ARCFOUR 128 cipher (RFC2246) support... yes + for MD5 MAC support... yes + for SHA1 MAC support... yes + for SHA256 MAC support... yes + for ZLIB compression support... no + for max record size (RFC6066) support... no + for OCSP status response (RFC6066) support... no + for OpenPGP authentication (RFC6091) support... no @end example _EOF_; }; |