1 files changed, 56 insertions, 0 deletions

diff --git a/doc/gnutls-cli-debug-examples.texi b/doc/gnutls-cli-debug-examples.texi
new file mode 100644
index 0000000000..5114fc0673
--- /dev/null
+++ b/doc/gnutls-cli-debug-examples.texi
@@ -0,0 +1,56 @@
+@example
+$ gnutls-cli-debug localhost
+GnuTLS debug client 3.5.0
+Checking localhost:443
+                             for SSL 3.0 (RFC6101) support... yes
+                        whether we need to disable TLS 1.2... no
+                        whether we need to disable TLS 1.1... no
+                        whether we need to disable TLS 1.0... no
+                        whether %NO_EXTENSIONS is required... no
+                               whether %COMPAT is required... no
+                             for TLS 1.0 (RFC2246) support... yes
+                             for TLS 1.1 (RFC4346) support... yes
+                             for TLS 1.2 (RFC5246) support... yes
+                                  fallback from TLS 1.6 to... TLS1.2
+                        for RFC7507 inappropriate fallback... yes
+                                     for HTTPS server name... Local
+                               for certificate chain order... sorted
+                  for safe renegotiation (RFC5746) support... yes
+                     for Safe renegotiation support (SCSV)... no
+                    for encrypt-then-MAC (RFC7366) support... no
+                   for ext master secret (RFC7627) support... no
+                           for heartbeat (RFC6520) support... no
+                       for version rollback bug in RSA PMS... dunno
+                  for version rollback bug in Client Hello... no
+            whether the server ignores the RSA PMS version... yes
+whether small records (512 bytes) are tolerated on handshake... yes
+    whether cipher suites not in SSL 3.0 spec are accepted... yes
+whether a bogus TLS record version in the client hello is accepted... yes
+         whether the server understands TLS closure alerts... partially
+            whether the server supports session resumption... yes
+                      for anonymous authentication support... no
+                      for ephemeral Diffie-Hellman support... no
+                   for ephemeral EC Diffie-Hellman support... yes
+                    ephemeral EC Diffie-Hellman group info... SECP256R1
+                  for AES-128-GCM cipher (RFC5288) support... yes
+                  for AES-128-CCM cipher (RFC6655) support... no
+                for AES-128-CCM-8 cipher (RFC6655) support... no
+                  for AES-128-CBC cipher (RFC3268) support... yes
+             for CAMELLIA-128-GCM cipher (RFC6367) support... no
+             for CAMELLIA-128-CBC cipher (RFC5932) support... no
+                     for 3DES-CBC cipher (RFC2246) support... yes
+                  for ARCFOUR 128 cipher (RFC2246) support... yes
+                                       for MD5 MAC support... yes
+                                      for SHA1 MAC support... yes
+                                    for SHA256 MAC support... yes
+                              for ZLIB compression support... no
+                     for max record size (RFC6066) support... no
+                for OCSP status response (RFC6066) support... no
+              for OpenPGP authentication (RFC6091) support... no
+@end example
+
+You could also use the client to debug services with starttls capability.
+@example
+$ gnutls-cli-debug --starttls-proto smtp --port 25 localhost
+@end example
+