LibraryToggle FramesPrintFeedback

The options supported by the openssl s_client utility are as follows:

-connect host[:port]

- Specify the host and (optionally) port to connect to. Default is local host and port 4433.

-cert certname

- Specifies the certificate to use, if one is requested by the server.

-certform format

- The certificate format, which can be either PEM or DER. Default is PEM.

-key keyfile

- File containing the client’s private key. Default is to extract the key from the client certificate.

-keyform format

- The private key format, which can be either PEM or DER. Default is PEM.

-pass arg

- The private key password.

-verify depth

- Maximum server certificate chain length.

-CApath directory

- Directory to use for server certificate verification.

-CAfile file

- File containing trusted CA certificates.

-reconnect

- Reconnects to the same server five times using the same session ID.

-pause

- Pauses for one second between each read and write call.

-showcerts

- Display the whole server certificate chain.

-prexit

- Print session information when the program exits.

-state

- Prints out the SSL session states.

-debug

- Log debug data, including hex dump of messages.

-msg

- Show all protocol messages with hex dump.

-nbio_test

- Tests non-blocking I/O.

-nbio

- Turns on non-blocking I/O.

-crlf

- Translates a line feed (LF) from the terminal into CR+LF, as required by some servers.

-ign_eof

- Inhibits shutting down the connection when end of file is reached in the input.

-quiet

- Inhibits printing of session and certificate information; implicitly turns on -ign_eof as well.

-ssl2, -ssl3, -tls1, -no_ssl2, -no_ssl3, -no_tls1

- These options enable/disable the use of certain SSL or TLS protocols.

-bugs

- Enables workarounds to several known bugs in SSL and TLS implementations.

-cipher cipherlist

- Specifies the cipher list sent by the client. The server should use the first supported cipher from the list sent by the client.

-starttls protocol

- Send the protocol-specific message(s) to switch to TLS for communication, where the protocol can be either smtp or pop3.

-engine id

- Specifies an engine, by it's unique id string.

-rand file(s)

- A file or files containing random data used to seed the random number generator, or an EGD socket. The file separator is ; for MS-Windows, , for OpenVMS, and : for all other platforms.

Comments powered by Disqus
loading table of contents...