1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
@node gnutls-cli-debug Invocation
@section Invoking gnutls-cli-debug
@pindex gnutls-cli-debug
@ignore
# -*- buffer-read-only: t -*- vi: set ro:
#
# DO NOT EDIT THIS FILE (invoke-gnutls-cli-debug.texi)
#
# It has been AutoGen-ed January 1, 2013 at 09:07:52 PM by AutoGen 5.16
# From the definitions ../src/cli-debug-args.def
# and the template file agtexi-cmd.tpl
@end ignore
TLS debug client. It sets up multiple TLS connections to
a server and queries its capabilities. It was created to assist in debugging
GnuTLS, but it might be useful to extract a TLS server's capabilities.
It connects to a TLS server, performs tests and print the server's
capabilities. If called with the `-v' parameter more checks will be performed.
Can be used to check for servers with special needs or bugs.
This section was generated by @strong{AutoGen},
using the @code{agtexi-cmd} template and the option descriptions for the @code{gnutls-cli-debug} program.
This software is released under the GNU General Public License, version 3 or later.
@anchor{gnutls-cli-debug usage}
@subheading gnutls-cli-debug help/usage (-h)
@cindex gnutls-cli-debug help
This is the automatically generated usage text for gnutls-cli-debug.
The text printed is the same whether for the @code{help} option (-h) or the @code{more-help} option (-!). @code{more-help} will print
the usage text by passing it through a pager program.
@code{more-help} is disabled on platforms without a working
@code{fork(2)} function. The @code{PAGER} environment variable is
used to select the program, defaulting to @file{more}. Both will exit
with a status code of 0.
@exampleindent 0
@example
gnutls-cli-debug - GnuTLS debug client - Ver. @@VERSION@@
USAGE: gnutls-cli-debug [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
-d, --debug=num Enable debugging.
- It must be in the range:
0 to 9999
-V, --verbose More verbose output
- may appear multiple times
-p, --port=num The port to connect to
- It must be in the range:
0 to 65536
-v, --version[=arg] Output version information and exit
-h, --help Display extended usage information and exit
-!, --more-help Extended usage information passed thru pager
Options are specified by doubled hyphens and their name or by a single
hyphen and the flag character.
Operands and options may be intermixed. They will be reordered.
TLS debug client. It sets up multiple TLS connections to a server and
queries its capabilities. It was created to assist in debugging GnuTLS,
but it might be useful to extract a TLS server's capabilities. It connects
to a TLS server, performs tests and print the server's capabilities. If
called with the `-v' parameter more checks will be performed. Can be used
to check for servers with special needs or bugs.
please send bug reports to: bug-gnutls@@gnu.org
@end example
@exampleindent 4
@anchor{gnutls-cli-debug debug}
@subheading debug option (-d)
This is the ``enable debugging.'' option.
This option takes an argument number.
Specifies the debug level.
@anchor{gnutls-cli-debug exit status}
@subheading gnutls-cli-debug exit status
One of the following exit values will be returned:
@table @samp
@item 0 (EXIT_SUCCESS)
Successful program execution.
@item 1 (EXIT_FAILURE)
The operation failed or the command syntax was not valid.
@end table
@anchor{gnutls-cli-debug See Also}
@subheading gnutls-cli-debug See Also
gnutls-cli(1), gnutls-serv(1)
@anchor{gnutls-cli-debug Examples}
@subheading gnutls-cli-debug Examples
@example
$ ../src/gnutls-cli-debug localhost
Resolving 'localhost'...
Connecting to '127.0.0.1:443'...
Checking for SSL 3.0 support... yes
Checking whether %COMPAT is required... no
Checking for TLS 1.0 support... yes
Checking for TLS 1.1 support... no
Checking fallback from TLS 1.1 to... TLS 1.0
Checking for TLS 1.2 support... no
Checking whether we need to disable TLS 1.0... N/A
Checking for Safe renegotiation support... yes
Checking for Safe renegotiation support (SCSV)... yes
Checking for HTTPS server name... not checked
Checking for version rollback bug in RSA PMS... no
Checking for version rollback bug in Client Hello... no
Checking whether the server ignores the RSA PMS version... no
Checking whether the server can accept Hello Extensions... yes
Checking whether the server can accept small records (512 bytes)... yes
Checking whether the server can accept cipher suites not in SSL 3.0 spec... yes
Checking whether the server can accept a bogus TLS record version in the client hello... yes
Checking for certificate information... N/A
Checking for trusted CAs... N/A
Checking whether the server understands TLS closure alerts... partially
Checking whether the server supports session resumption... yes
Checking for export-grade ciphersuite support... no
Checking RSA-export ciphersuite info... N/A
Checking for anonymous authentication support... no
Checking anonymous Diffie-Hellman group info... N/A
Checking for ephemeral Diffie-Hellman support... no
Checking ephemeral Diffie-Hellman group info... N/A
Checking for ephemeral EC Diffie-Hellman support... yes
Checking ephemeral EC Diffie-Hellman group info...
Curve SECP256R1
Checking for AES-GCM cipher support... no
Checking for AES-CBC cipher support... yes
Checking for CAMELLIA cipher support... no
Checking for 3DES-CBC cipher support... yes
Checking for ARCFOUR 128 cipher support... yes
Checking for ARCFOUR 40 cipher support... no
Checking for MD5 MAC support... yes
Checking for SHA1 MAC support... yes
Checking for SHA256 MAC support... no
Checking for ZLIB compression support... no
Checking for max record size... no
Checking for OpenPGP authentication support... no
@end example
|
