diff options
Diffstat (limited to 'doc/apps/s_client.pod')
-rw-r--r-- | doc/apps/s_client.pod | 44 |
1 files changed, 42 insertions, 2 deletions
diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index e1e1ba9865..4ebf7b5854 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -38,6 +38,10 @@ B<openssl> B<s_client> [B<-cipher cipherlist>] [B<-starttls protocol>] [B<-engine id>] +[B<-tlsextdebug>] +[B<-no_ticket>] +[B<-sess_out filename>] +[B<-sess_in filename>] [B<-rand file(s)>] =head1 DESCRIPTION @@ -97,6 +101,11 @@ also used when building the client certificate chain. A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain. +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig> + +Set various certificate chain valiadition option. See the +L<B<verify>|verify(1)> manual page for details. + =item B<-reconnect> reconnects to the same server 5 times using the same session ID, this can @@ -157,6 +166,16 @@ input. inhibit printing of session and certificate information. This implicitly turns on B<-ign_eof> as well. +=item B<-psk_identity identity> + +Use the PSK identity B<identity> when using a PSK cipher suite. + +=item B<-psk key> + +Use the PSK key B<key> when using a PSK cipher suite. The key is +given as a hexadecimal number without leading 0x, for example -psk +1a2b3c4d. + =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> these options disable the use of certain SSL or TLS protocols. By default @@ -184,11 +203,28 @@ command for more information. send the protocol-specific message(s) to switch to TLS for communication. B<protocol> is a keyword for the intended protocol. Currently, the only -supported keywords are "smtp" and "pop3". +supported keywords are "smtp", "pop3", "imap", and "ftp". + +=item B<-tlsextdebug> + +print out a hex dump of any TLS extensions received from the server. + +=item B<-no_ticket> + +disable RFC4507bis session ticket support. + +=item B<-sess_out filename> + +output SSL session to B<filename> + +=item B<-sess_in sess.pem> + +load SSL session from B<filename>. The client will attempt to resume a +connection from this session. =item B<-engine id> -specifying an engine (by it's unique B<id> string) will cause B<s_client> +specifying an engine (by its unique B<id> string) will cause B<s_client> to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. @@ -246,6 +282,10 @@ on the command line is no guarantee that the certificate works. If there are problems verifying a server certificate then the B<-showcerts> option can be used to show the whole chain. +Since the SSLv23 client hello cannot include compression methods or extensions +these will only be supported if its use is disabled, for example by using the +B<-no_sslv2> option. + =head1 BUGS Because this program has a lot of options and also because some of |