openssl-s_client.pod.in - OpenGrok cross reference for /third_party/openssl/doc/man1/openssl-s

Lines Matching +full:- +full:b
2 {- OpenSSL::safe::output_do_not_edit_headers(); -}
6 openssl-s_client - SSL/TLS client program
10 B<openssl> B<s_client>
11 [B<-help>]
12 [B<-ssl_config> I<section>]
13 [B<-connect> I<host:port>]
14 [B<-host> I<hostname>]
15 [B<-port> I<port>]
16 [B<-bind> I<host:port>]
17 [B<-proxy> I<host:port>]
18 [B<-proxy_user> I<userid>]
19 [B<-proxy_pass> I<arg>]
20 [B<-unix> I<path>]
21 [B<-4>]
22 [B<-6>]
23 [B<-servername> I<name>]
24 [B<-noservername>]
25 [B<-verify> I<depth>]
26 [B<-verify_return_error>]
27 [B<-verify_quiet>]
28 [B<-verifyCAfile> I<filename>]
29 [B<-verifyCApath> I<dir>]
30 [B<-verifyCAstore> I<uri>]
31 [B<-cert> I<filename>]
32 [B<-certform> B<DER>|B<PEM>|B<P12>]
33 [B<-cert_chain> I<filename>]
34 [B<-build_chain>]
35 [B<-CRL> I<filename>]
36 [B<-CRLform> B<DER>|B<PEM>]
37 [B<-crl_download>]
38 [B<-key> I<filename>|I<uri>]
39 [B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
40 [B<-pass> I<arg>]
41 [B<-chainCAfile> I<filename>]
42 [B<-chainCApath> I<directory>]
43 [B<-chainCAstore> I<uri>]
44 [B<-requestCAfile> I<filename>]
45 [B<-dane_tlsa_domain> I<domain>]
46 [B<-dane_tlsa_rrdata> I<rrdata>]
47 [B<-dane_ee_no_namechecks>]
48 [B<-reconnect>]
49 [B<-showcerts>]
50 [B<-prexit>]
51 [B<-debug>]
52 [B<-trace>]
53 [B<-nocommands>]
54 [B<-security_debug>]
55 [B<-security_debug_verbose>]
56 [B<-msg>]
57 [B<-timeout>]
58 [B<-mtu> I<size>]
59 [B<-no_etm>]
60 [B<-keymatexport> I<label>]
61 [B<-keymatexportlen> I<len>]
62 [B<-msgfile> I<filename>]
63 [B<-nbio_test>]
64 [B<-state>]
65 [B<-nbio>]
66 [B<-crlf>]
67 [B<-ign_eof>]
68 [B<-no_ign_eof>]
69 [B<-psk_identity> I<identity>]
70 [B<-psk> I<key>]
71 [B<-psk_session> I<file>]
72 [B<-quiet>]
73 [B<-sctp>]
74 [B<-sctp_label_bug>]
75 [B<-fallback_scsv>]
76 [B<-async>]
77 [B<-maxfraglen> I<len>]
78 [B<-max_send_frag>]
79 [B<-split_send_frag>]
80 [B<-max_pipelines>]
81 [B<-read_buf>]
82 [B<-ignore_unexpected_eof>]
83 [B<-bugs>]
84 [B<-comp>]
85 [B<-no_comp>]
86 [B<-brief>]
87 [B<-legacy_server_connect>]
88 [B<-no_legacy_server_connect>]
89 [B<-allow_no_dhe_kex>]
90 [B<-sigalgs> I<sigalglist>]
91 [B<-curves> I<curvelist>]
92 [B<-cipher> I<cipherlist>]
93 [B<-ciphersuites> I<val>]
94 [B<-serverpref>]
95 [B<-starttls> I<protocol>]
96 [B<-name> I<hostname>]
97 [B<-xmpphost> I<hostname>]
98 [B<-name> I<hostname>]
99 [B<-tlsextdebug>]
100 [B<-no_ticket>]
101 [B<-sess_out> I<filename>]
102 [B<-serverinfo> I<types>]
103 [B<-sess_in> I<filename>]
104 [B<-serverinfo> I<types>]
105 [B<-status>]
106 [B<-alpn> I<protocols>]
107 [B<-nextprotoneg> I<protocols>]
108 [B<-ct>]
109 [B<-noct>]
110 [B<-ctlogfile>]
111 [B<-keylogfile> I<file>]
112 [B<-early_data> I<file>]
113 [B<-enable_pha>]
114 [B<-use_srtp> I<value>]
115 [B<-srpuser> I<value>]
116 [B<-srppass> I<value>]
117 [B<-srp_lateuser>]
118 [B<-srp_moregroups>]
119 [B<-srp_strength> I<number>]
120 {- $OpenSSL::safe::opt_name_synopsis -}
121 {- $OpenSSL::safe::opt_version_synopsis -}
122 {- $OpenSSL::safe::opt_x_synopsis -}
123 {- $OpenSSL::safe::opt_trust_synopsis -}
124 {- $OpenSSL::safe::opt_s_synopsis -}
125 {- $OpenSSL::safe::opt_r_synopsis -}
126 {- $OpenSSL::safe::opt_provider_synopsis -}
127 {- $OpenSSL::safe::opt_engine_synopsis -}[B<-ssl_client_engine> I<id>]
128 {- $OpenSSL::safe::opt_v_synopsis -}
146 =item B<-help>
150 =item B<-ssl_config> I<section>
152 Use the specified section of the configuration file to configure the B<SSL_CTX> object.
154 =item B<-connect> I<host>:I<port>
161 =item B<-host> I<hostname>
163 Host to connect to; use B<-connect> instead.
165 =item B<-port> I<port>
167 Connect to the specified port; use B<-connect> instead.
169 =item B<-bind> I<host:port>
172 connection.  For Unix-domain sockets the port is ignored and the host is
175 =item B<-proxy> I<host:port>
177 When used with the B<-connect> flag, the program uses the host and port
181 =item B<-proxy_user> I<userid>
183 When used with the B<-proxy> flag, the program will attempt to authenticate
190 =item B<-proxy_pass> I<arg>
192 The proxy password source, used with the B<-proxy_user> flag.
193 For more information about the format of B<arg>
194 see L<openssl-passphrase-options(1)>.
196 =item B<-unix> I<path>
198 Connect over the specified Unix-domain socket.
200 =item B<-4>
204 =item B<-6>
208 =item B<-servername> I<name>
212 If B<-servername> is not provided, the TLS SNI extension will be populated with
213 the name given to B<-connect> if it follows a DNS name format. If B<-connect> is
218 B<-servername> is provided then that name will be sent, regardless of whether
221 This option cannot be used in conjunction with B<-noservername>.
223 =item B<-noservername>
226 ClientHello message. Cannot be used in conjunction with the B<-servername> or
227 B<-dane_tlsa_domain> options.
229 =item B<-cert> I<filename>
234 The chain for the client certificate may be specified using B<-cert_chain>.
236 =item B<-certform> B<DER>|B<PEM>|B<P12>
239 See L<openssl-format-options(1)> for details.
241 =item B<-cert_chain>
244 certificate chain related to the certificate specified via the B<-cert> option.
247 =item B<-build_chain>
252 =item B<-CRL> I<filename>
256 =item B<-CRLform> B<DER>|B<PEM>
259 See L<openssl-format-options(1)> for details.
261 =item B<-crl_download>
265 =item B<-key> I<filename>|I<uri>
270 =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
273 See L<openssl-format-options(1)> for details.
275 =item B<-pass> I<arg>
279 see L<openssl-passphrase-options(1)>.
281 =item B<-verify> I<depth>
289 =item B<-verify_return_error>
294 =item B<-verify_quiet>
298 =item B<-verifyCAfile> I<filename>
303 =item B<-verifyCApath> I<dir>
308 see L<openssl-verify(1)> for more information.
310 =item B<-verifyCAstore> I<uri>
315 =item B<-chainCAfile> I<file>
320 =item B<-chainCApath> I<directory>
325 see L<openssl-verify(1)> for more information.
327 =item B<-chainCAstore> I<uri>
332 With URIs in the C<file:> scheme, this acts as B<-chainCAfile> or
333 B<-chainCApath>, depending on if the URI indicates a directory or a
335 See L<ossl_store-file(7)> for more information on the C<file:> scheme.
337 =item B<-requestCAfile> I<file>
340 to the server in the B<certificate_authorities> extension. Only supported
343 =item B<-dane_tlsa_domain> I<domain>
348 combination with at least one instance of the B<-dane_tlsa_rrdata>
354 anchor public key that signed (rather than matched) the top-most
359 =item B<-dane_tlsa_rrdata> I<rrdata>
368   $ openssl s_client -brief -starttls smtp \
369     -connect smtp.example.com:25 \
370     -dane_tlsa_domain smtp.example.com \
371     -dane_tlsa_rrdata "2 1 1
373     -dane_tlsa_rrdata "2 1 1
381 =item B<-dane_ee_no_namechecks>
383 This disables server name checks when authenticating via DANE-EE(3) TLSA
389 The malicious server may then be able to violate cross-origin scripting
392 DANE-EE(3) TLSA records, and can be disabled in applications where it is safe
399 =item B<-reconnect>
404 =item B<-showcerts>
408 B<not> a verified chain.
410 =item B<-prexit>
421 =item B<-state>
425 =item B<-debug>
429 =item B<-nocommands>
433 =item B<-security_debug>
437 =item B<-security_debug_verbose>
441 =item B<-msg>
445 =item B<-timeout>
449 =item B<-mtu> I<size>
453 =item B<-no_etm>
455 Disable Encrypt-then-MAC negotiation.
457 =item B<-keymatexport> I<label>
461 =item B<-keymatexportlen> I<len>
467 =item B<-trace>
471 =item B<-msgfile> I<filename>
473 File to send output of B<-msg> or B<-trace> to, default standard output.
475 =item B<-nbio_test>
479 =item B<-nbio>
483 =item B<-crlf>
488 =item B<-ign_eof>
493 =item B<-quiet>
496 turns on B<-ign_eof> as well.
498 =item B<-no_ign_eof>
501 Can be used to override the implicit B<-ign_eof> after B<-quiet>.
503 =item B<-psk_identity> I<identity>
508 =item B<-psk> I<key>
511 given as a hexadecimal number without leading 0x, for example -psk
515 =item B<-psk_session> I<file>
520 =item B<-sctp>
523 conjunction with B<-dtls>, B<-dtls1> or B<-dtls1_2>. This option is only
526 =item B<-sctp_label_bug>
529 endpoint-pair shared secrets for DTLS/SCTP. This allows communication with
531 implementations. Must be used in conjunction with B<-sctp>. This option is only
534 =item B<-fallback_scsv>
538 =item B<-async>
542 is also used via the B<-engine> option. For test purposes the dummy async engine
545 =item B<-maxfraglen> I<len>
550 =item B<-max_send_frag> I<int>
555 =item B<-split_send_frag> I<int>
564 =item B<-max_pipelines> I<int>
571 =item B<-read_buf> I<int>
578 =item B<-ignore_unexpected_eof>
587 =item B<-bugs>
592 =item B<-comp>
599 =item B<-no_comp>
605 =item B<-brief>
610 =item B<-sigalgs> I<sigalglist>
616 =item B<-curves> I<curvelist>
621     $ openssl ecparam -list_curves
623 =item B<-cipher> I<cipherlist>
629 L<openssl-ciphers(1)> for more information.
631 =item B<-ciphersuites> I<val>
637 L<openssl-ciphers(1)> for more information. The format for this list is a simple
640 =item B<-starttls> I<protocol>
642 Send the protocol-specific message(s) to switch to TLS for communication.
644 supported keywords are "smtp", "pop3", "imap", "ftp", "xmpp", "xmpp-server",
647 =item B<-xmpphost> I<hostname>
649 This option, when used with "-starttls xmpp" or "-starttls xmpp-server",
651 If this option is not specified, then the host specified with "-connect"
654 This option is an alias of the B<-name> option for "xmpp" and "xmpp-server".
656 =item B<-name> I<hostname>
659 used with B<-starttls> option. Currently only "xmpp", "xmpp-server",
660 "smtp" and "lmtp" can utilize this B<-name> option.
662 If this option is used with "-starttls xmpp" or "-starttls xmpp-server",
664 option is not specified, then the host specified with "-connect" will be used.
666 If this option is used with "-starttls lmtp" or "-starttls smtp", it specifies
670 =item B<-tlsextdebug>
674 =item B<-no_ticket>
678 =item B<-sess_out> I<filename>
682 =item B<-sess_in> I<filename>
687 =item B<-serverinfo> I<types>
689 A list of comma-separated TLS Extension Types (numbers between 0 and
694 =item B<-status>
699 =item B<-alpn> I<protocols>, B<-nextprotoneg> I<protocols>
701 These flags enable the Enable the Application-Layer Protocol Negotiation
704 The I<protocols> list is a comma-separated list of protocol names that
711 The flag B<-nextprotoneg> cannot be specified if B<-tls1_3> is used.
713 =item B<-ct>, B<-noct>
716 is enabled (B<-ct>) or disabled (B<-noct>).
723 =item B<-ctlogfile>
728 =item B<-keylogfile> I<file>
733 =item B<-early_data> I<file>
739 =item B<-enable_pha>
741 For TLSv1.3 only, send the Post-Handshake Authentication extension. This will
742 happen whether or not a certificate has been provided via B<-cert>.
744 =item B<-use_srtp> I<value>
746 Offer SRTP key management, where B<value> is a colon-separated profile list.
748 =item B<-srpuser> I<value>
752 =item B<-srppass> I<value>
756 =item B<-srp_lateuser>
760 =item B<-srp_moregroups>  This option is deprecated.
762 Tolerate other than the known B<g> and B<N> values.
764 =item B<-srp_strength> I<number>
766 Set the minimal acceptable length, in bits, for B<N>.  This option is
769 {- $OpenSSL::safe::opt_version_item -}
771 {- $OpenSSL::safe::opt_name_item -}
773 {- $OpenSSL::safe::opt_x_item -}
775 {- $OpenSSL::safe::opt_trust_item -}
777 {- $OpenSSL::safe::opt_s_item -}
779 {- $OpenSSL::safe::opt_r_item -}
781 {- $OpenSSL::safe::opt_provider_item -}
783 {- $OpenSSL::safe::opt_engine_item -}
785 {- output_off() if $disabled{"deprecated-3.0"}; "" -}
786 =item B<-ssl_client_engine> I<id>
789 {- output_on() if $disabled{"deprecated-3.0"}; "" -}
791 {- $OpenSSL::safe::opt_v_item -}
794 proceed unless the B<-verify_return_error> option is used.
798 Rather than providing B<-connect>, the target hostname and optional port may
800 nor B<-connect> are provided, falls back to attempting to connect to
810 used interactively (which means neither B<-quiet> nor B<-ign_eof> have been
817 =item B<Q>
821 =item B<R>
825 =item B<k>
829 =item B<K>
840  openssl s_client -connect servername:443
846 nothing obvious like no client certificate then the B<-bugs>,
847 B<-ssl3>, B<-tls1>, B<-no_ssl3>, B<-no_tls1> options can be tried
849 options B<before> submitting a bug report to an OpenSSL mailing list.
858 is necessary to use the B<-prexit> option and send an HTTP request
861 If a certificate is specified on the command line using the B<-cert>
867 B<-showcerts> option can be used to show all the certificates sent by the
872 accept any certificate chain (trusted or not) sent by the peer. Non-test
873 applications should B<not> do this as it makes them vulnerable to a MITM
874 attack. This behaviour can be changed by with the B<-verify_return_error>
877 The B<-bind> option may be useful if the server or a firewall requires
887 The B<-prexit> option is a bit of a hack. We should really report
893 L<openssl-sess_id(1)>,
894 L<openssl-s_server(1)>,
895 L<openssl-ciphers(1)>,
900 L<ossl_store-file(7)>
904 The B<-no_alt_chains> option was added in OpenSSL 1.1.0.
905 The B<-name> option was added in OpenSSL 1.1.1.
907 The B<-certform> option has become obsolete in OpenSSL 3.0.0 and has no effect.
909 The B<-engine> option was deprecated in OpenSSL 3.0.
913 Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.