1=pod 2{- OpenSSL::safe::output_do_not_edit_headers(); -} 3 4=head1 NAME 5 6openssl-s_client - SSL/TLS client program 7 8=head1 SYNOPSIS 9 10B<openssl> B<s_client> 11[B<-help>] 12[B<-ssl_config> I<section>] 13[B<-connect> I<host:port>] 14[B<-host> I<hostname>] 15[B<-port> I<port>] 16[B<-bind> I<host:port>] 17[B<-proxy> I<host:port>] 18[B<-proxy_user> I<userid>] 19[B<-proxy_pass> I<arg>] 20[B<-unix> I<path>] 21[B<-4>] 22[B<-6>] 23[B<-servername> I<name>] 24[B<-noservername>] 25[B<-verify> I<depth>] 26[B<-verify_return_error>] 27[B<-verify_quiet>] 28[B<-verifyCAfile> I<filename>] 29[B<-verifyCApath> I<dir>] 30[B<-verifyCAstore> I<uri>] 31[B<-cert> I<filename>] 32[B<-certform> B<DER>|B<PEM>|B<P12>] 33[B<-cert_chain> I<filename>] 34[B<-build_chain>] 35[B<-CRL> I<filename>] 36[B<-CRLform> B<DER>|B<PEM>] 37[B<-crl_download>] 38[B<-key> I<filename>|I<uri>] 39[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>] 40[B<-pass> I<arg>] 41[B<-chainCAfile> I<filename>] 42[B<-chainCApath> I<directory>] 43[B<-chainCAstore> I<uri>] 44[B<-requestCAfile> I<filename>] 45[B<-dane_tlsa_domain> I<domain>] 46[B<-dane_tlsa_rrdata> I<rrdata>] 47[B<-dane_ee_no_namechecks>] 48[B<-reconnect>] 49[B<-showcerts>] 50[B<-prexit>] 51[B<-debug>] 52[B<-trace>] 53[B<-nocommands>] 54[B<-security_debug>] 55[B<-security_debug_verbose>] 56[B<-msg>] 57[B<-timeout>] 58[B<-mtu> I<size>] 59[B<-no_etm>] 60[B<-keymatexport> I<label>] 61[B<-keymatexportlen> I<len>] 62[B<-msgfile> I<filename>] 63[B<-nbio_test>] 64[B<-state>] 65[B<-nbio>] 66[B<-crlf>] 67[B<-ign_eof>] 68[B<-no_ign_eof>] 69[B<-psk_identity> I<identity>] 70[B<-psk> I<key>] 71[B<-psk_session> I<file>] 72[B<-quiet>] 73[B<-sctp>] 74[B<-sctp_label_bug>] 75[B<-fallback_scsv>] 76[B<-async>] 77[B<-maxfraglen> I<len>] 78[B<-max_send_frag>] 79[B<-split_send_frag>] 80[B<-max_pipelines>] 81[B<-read_buf>] 82[B<-ignore_unexpected_eof>] 83[B<-bugs>] 84[B<-comp>] 85[B<-no_comp>] 86[B<-brief>] 87[B<-legacy_server_connect>] 88[B<-no_legacy_server_connect>] 89[B<-allow_no_dhe_kex>] 90[B<-sigalgs> I<sigalglist>] 91[B<-curves> I<curvelist>] 92[B<-cipher> I<cipherlist>] 93[B<-ciphersuites> I<val>] 94[B<-serverpref>] 95[B<-starttls> I<protocol>] 96[B<-name> I<hostname>] 97[B<-xmpphost> I<hostname>] 98[B<-name> I<hostname>] 99[B<-tlsextdebug>] 100[B<-no_ticket>] 101[B<-sess_out> I<filename>] 102[B<-serverinfo> I<types>] 103[B<-sess_in> I<filename>] 104[B<-serverinfo> I<types>] 105[B<-status>] 106[B<-alpn> I<protocols>] 107[B<-nextprotoneg> I<protocols>] 108[B<-ct>] 109[B<-noct>] 110[B<-ctlogfile>] 111[B<-keylogfile> I<file>] 112[B<-early_data> I<file>] 113[B<-enable_pha>] 114[B<-use_srtp> I<value>] 115[B<-srpuser> I<value>] 116[B<-srppass> I<value>] 117[B<-srp_lateuser>] 118[B<-srp_moregroups>] 119[B<-srp_strength> I<number>] 120{- $OpenSSL::safe::opt_name_synopsis -} 121{- $OpenSSL::safe::opt_version_synopsis -} 122{- $OpenSSL::safe::opt_x_synopsis -} 123{- $OpenSSL::safe::opt_trust_synopsis -} 124{- $OpenSSL::safe::opt_s_synopsis -} 125{- $OpenSSL::safe::opt_r_synopsis -} 126{- $OpenSSL::safe::opt_provider_synopsis -} 127{- $OpenSSL::safe::opt_engine_synopsis -}[B<-ssl_client_engine> I<id>] 128{- $OpenSSL::safe::opt_v_synopsis -} 129[I<host>:I<port>] 130 131=head1 DESCRIPTION 132 133This command implements a generic SSL/TLS client which 134connects to a remote host using SSL/TLS. It is a I<very> useful diagnostic 135tool for SSL servers. 136 137=head1 OPTIONS 138 139In addition to the options below, this command also supports the 140common and client only options documented 141in the "Supported Command Line Commands" section of the L<SSL_CONF_cmd(3)> 142manual page. 143 144=over 4 145 146=item B<-help> 147 148Print out a usage message. 149 150=item B<-ssl_config> I<section> 151 152Use the specified section of the configuration file to configure the B<SSL_CTX> object. 153 154=item B<-connect> I<host>:I<port> 155 156This specifies the host and optional port to connect to. It is possible to 157select the host and port using the optional target positional argument instead. 158If neither this nor the target positional argument are specified then an attempt 159is made to connect to the local host on port 4433. 160 161=item B<-host> I<hostname> 162 163Host to connect to; use B<-connect> instead. 164 165=item B<-port> I<port> 166 167Connect to the specified port; use B<-connect> instead. 168 169=item B<-bind> I<host:port> 170 171This specifies the host address and or port to bind as the source for the 172connection. For Unix-domain sockets the port is ignored and the host is 173used as the source socket address. 174 175=item B<-proxy> I<host:port> 176 177When used with the B<-connect> flag, the program uses the host and port 178specified with this flag and issues an HTTP CONNECT command to connect 179to the desired server. 180 181=item B<-proxy_user> I<userid> 182 183When used with the B<-proxy> flag, the program will attempt to authenticate 184with the specified proxy using basic (base64) authentication. 185NB: Basic authentication is insecure; the credentials are sent to the proxy 186in easily reversible base64 encoding before any TLS/SSL session is established. 187Therefore, these credentials are easily recovered by anyone able to sniff/trace 188the network. Use with caution. 189 190=item B<-proxy_pass> I<arg> 191 192The proxy password source, used with the B<-proxy_user> flag. 193For more information about the format of B<arg> 194see L<openssl-passphrase-options(1)>. 195 196=item B<-unix> I<path> 197 198Connect over the specified Unix-domain socket. 199 200=item B<-4> 201 202Use IPv4 only. 203 204=item B<-6> 205 206Use IPv6 only. 207 208=item B<-servername> I<name> 209 210Set the TLS SNI (Server Name Indication) extension in the ClientHello message to 211the given value. 212If B<-servername> is not provided, the TLS SNI extension will be populated with 213the name given to B<-connect> if it follows a DNS name format. If B<-connect> is 214not provided either, the SNI is set to "localhost". 215This is the default since OpenSSL 1.1.1. 216 217Even though SNI should normally be a DNS name and not an IP address, if 218B<-servername> is provided then that name will be sent, regardless of whether 219it is a DNS name or not. 220 221This option cannot be used in conjunction with B<-noservername>. 222 223=item B<-noservername> 224 225Suppresses sending of the SNI (Server Name Indication) extension in the 226ClientHello message. Cannot be used in conjunction with the B<-servername> or 227B<-dane_tlsa_domain> options. 228 229=item B<-cert> I<filename> 230 231The client certificate to use, if one is requested by the server. 232The default is not to use a certificate. 233 234The chain for the client certificate may be specified using B<-cert_chain>. 235 236=item B<-certform> B<DER>|B<PEM>|B<P12> 237 238The client certificate file format to use; unspecified by default. 239See L<openssl-format-options(1)> for details. 240 241=item B<-cert_chain> 242 243A file or URI of untrusted certificates to use when attempting to build the 244certificate chain related to the certificate specified via the B<-cert> option. 245The input can be in PEM, DER, or PKCS#12 format. 246 247=item B<-build_chain> 248 249Specify whether the application should build the client certificate chain to be 250provided to the server. 251 252=item B<-CRL> I<filename> 253 254CRL file to use to check the server's certificate. 255 256=item B<-CRLform> B<DER>|B<PEM> 257 258The CRL file format; unspecified by default. 259See L<openssl-format-options(1)> for details. 260 261=item B<-crl_download> 262 263Download CRL from distribution points in the certificate. 264 265=item B<-key> I<filename>|I<uri> 266 267The client private key to use. 268If not specified then the certificate file will be used to read also the key. 269 270=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> 271 272The key format; unspecified by default. 273See L<openssl-format-options(1)> for details. 274 275=item B<-pass> I<arg> 276 277the private key and certificate file password source. 278For more information about the format of I<arg> 279see L<openssl-passphrase-options(1)>. 280 281=item B<-verify> I<depth> 282 283The verify depth to use. This specifies the maximum length of the 284server certificate chain and turns on server certificate verification. 285Currently the verify operation continues after errors so all the problems 286with a certificate chain can be seen. As a side effect the connection 287will never fail due to a server certificate verify failure. 288 289=item B<-verify_return_error> 290 291Return verification errors instead of continuing. This will typically 292abort the handshake with a fatal error. 293 294=item B<-verify_quiet> 295 296Limit verify output to only errors. 297 298=item B<-verifyCAfile> I<filename> 299 300A file in PEM format containing trusted certificates to use 301for verifying the server's certificate. 302 303=item B<-verifyCApath> I<dir> 304 305A directory containing trusted certificates to use 306for verifying the server's certificate. 307This directory must be in "hash format", 308see L<openssl-verify(1)> for more information. 309 310=item B<-verifyCAstore> I<uri> 311 312The URI of a store containing trusted certificates to use 313for verifying the server's certificate. 314 315=item B<-chainCAfile> I<file> 316 317A file in PEM format containing trusted certificates to use 318when attempting to build the client certificate chain. 319 320=item B<-chainCApath> I<directory> 321 322A directory containing trusted certificates to use 323for building the client certificate chain provided to the server. 324This directory must be in "hash format", 325see L<openssl-verify(1)> for more information. 326 327=item B<-chainCAstore> I<uri> 328 329The URI of a store containing trusted certificates to use 330when attempting to build the client certificate chain. 331The URI may indicate a single certificate, as well as a collection of them. 332With URIs in the C<file:> scheme, this acts as B<-chainCAfile> or 333B<-chainCApath>, depending on if the URI indicates a directory or a 334single file. 335See L<ossl_store-file(7)> for more information on the C<file:> scheme. 336 337=item B<-requestCAfile> I<file> 338 339A file containing a list of certificates whose subject names will be sent 340to the server in the B<certificate_authorities> extension. Only supported 341for TLS 1.3 342 343=item B<-dane_tlsa_domain> I<domain> 344 345Enable RFC6698/RFC7671 DANE TLSA authentication and specify the 346TLSA base domain which becomes the default SNI hint and the primary 347reference identifier for hostname checks. This must be used in 348combination with at least one instance of the B<-dane_tlsa_rrdata> 349option below. 350 351When DANE authentication succeeds, the diagnostic output will include 352the lowest (closest to 0) depth at which a TLSA record authenticated 353a chain certificate. When that TLSA record is a "2 1 0" trust 354anchor public key that signed (rather than matched) the top-most 355certificate of the chain, the result is reported as "TA public key 356verified". Otherwise, either the TLSA record "matched TA certificate" 357at a positive depth or else "matched EE certificate" at depth 0. 358 359=item B<-dane_tlsa_rrdata> I<rrdata> 360 361Use one or more times to specify the RRDATA fields of the DANE TLSA 362RRset associated with the target service. The I<rrdata> value is 363specified in "presentation form", that is four whitespace separated 364fields that specify the usage, selector, matching type and associated 365data, with the last of these encoded in hexadecimal. Optional 366whitespace is ignored in the associated data field. For example: 367 368 $ openssl s_client -brief -starttls smtp \ 369 -connect smtp.example.com:25 \ 370 -dane_tlsa_domain smtp.example.com \ 371 -dane_tlsa_rrdata "2 1 1 372 B111DD8A1C2091A89BD4FD60C57F0716CCE50FEEFF8137CDBEE0326E 02CF362B" \ 373 -dane_tlsa_rrdata "2 1 1 374 60B87575447DCBA2A36B7D11AC09FB24A9DB406FEE12D2CC90180517 616E8A18" 375 ... 376 Verification: OK 377 Verified peername: smtp.example.com 378 DANE TLSA 2 1 1 ...ee12d2cc90180517616e8a18 matched TA certificate at depth 1 379 ... 380 381=item B<-dane_ee_no_namechecks> 382 383This disables server name checks when authenticating via DANE-EE(3) TLSA 384records. 385For some applications, primarily web browsers, it is not safe to disable name 386checks due to "unknown key share" attacks, in which a malicious server can 387convince a client that a connection to a victim server is instead a secure 388connection to the malicious server. 389The malicious server may then be able to violate cross-origin scripting 390restrictions. 391Thus, despite the text of RFC7671, name checks are by default enabled for 392DANE-EE(3) TLSA records, and can be disabled in applications where it is safe 393to do so. 394In particular, SMTP and XMPP clients should set this option as SRV and MX 395records already make it possible for a remote domain to redirect client 396connections to any server of its choice, and in any case SMTP and XMPP clients 397do not execute scripts downloaded from remote servers. 398 399=item B<-reconnect> 400 401Reconnects to the same server 5 times using the same session ID, this can 402be used as a test that session caching is working. 403 404=item B<-showcerts> 405 406Displays the server certificate list as sent by the server: it only consists of 407certificates the server has sent (in the order the server has sent them). It is 408B<not> a verified chain. 409 410=item B<-prexit> 411 412Print session information when the program exits. This will always attempt 413to print out information even if the connection fails. Normally information 414will only be printed out once if the connection succeeds. This option is useful 415because the cipher in use may be renegotiated or the connection may fail 416because a client certificate is required or is requested only after an 417attempt is made to access a certain URL. Note: the output produced by this 418option is not always accurate because a connection might never have been 419established. 420 421=item B<-state> 422 423Prints out the SSL session states. 424 425=item B<-debug> 426 427Print extensive debugging information including a hex dump of all traffic. 428 429=item B<-nocommands> 430 431Do not use interactive command letters. 432 433=item B<-security_debug> 434 435Enable security debug messages. 436 437=item B<-security_debug_verbose> 438 439Output more security debug output. 440 441=item B<-msg> 442 443Show protocol messages. 444 445=item B<-timeout> 446 447Enable send/receive timeout on DTLS connections. 448 449=item B<-mtu> I<size> 450 451Set MTU of the link layer to the specified size. 452 453=item B<-no_etm> 454 455Disable Encrypt-then-MAC negotiation. 456 457=item B<-keymatexport> I<label> 458 459Export keying material using the specified label. 460 461=item B<-keymatexportlen> I<len> 462 463Export the specified number of bytes of keying material; default is 20. 464 465Show all protocol messages with hex dump. 466 467=item B<-trace> 468 469Show verbose trace output of protocol messages. 470 471=item B<-msgfile> I<filename> 472 473File to send output of B<-msg> or B<-trace> to, default standard output. 474 475=item B<-nbio_test> 476 477Tests nonblocking I/O 478 479=item B<-nbio> 480 481Turns on nonblocking I/O 482 483=item B<-crlf> 484 485This option translated a line feed from the terminal into CR+LF as required 486by some servers. 487 488=item B<-ign_eof> 489 490Inhibit shutting down the connection when end of file is reached in the 491input. 492 493=item B<-quiet> 494 495Inhibit printing of session and certificate information. This implicitly 496turns on B<-ign_eof> as well. 497 498=item B<-no_ign_eof> 499 500Shut down the connection when end of file is reached in the input. 501Can be used to override the implicit B<-ign_eof> after B<-quiet>. 502 503=item B<-psk_identity> I<identity> 504 505Use the PSK identity I<identity> when using a PSK cipher suite. 506The default value is "Client_identity" (without the quotes). 507 508=item B<-psk> I<key> 509 510Use the PSK key I<key> when using a PSK cipher suite. The key is 511given as a hexadecimal number without leading 0x, for example -psk 5121a2b3c4d. 513This option must be provided in order to use a PSK cipher. 514 515=item B<-psk_session> I<file> 516 517Use the pem encoded SSL_SESSION data stored in I<file> as the basis of a PSK. 518Note that this will only work if TLSv1.3 is negotiated. 519 520=item B<-sctp> 521 522Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in 523conjunction with B<-dtls>, B<-dtls1> or B<-dtls1_2>. This option is only 524available where OpenSSL has support for SCTP enabled. 525 526=item B<-sctp_label_bug> 527 528Use the incorrect behaviour of older OpenSSL implementations when computing 529endpoint-pair shared secrets for DTLS/SCTP. This allows communication with 530older broken implementations but breaks interoperability with correct 531implementations. Must be used in conjunction with B<-sctp>. This option is only 532available where OpenSSL has support for SCTP enabled. 533 534=item B<-fallback_scsv> 535 536Send TLS_FALLBACK_SCSV in the ClientHello. 537 538=item B<-async> 539 540Switch on asynchronous mode. Cryptographic operations will be performed 541asynchronously. This will only have an effect if an asynchronous capable engine 542is also used via the B<-engine> option. For test purposes the dummy async engine 543(dasync) can be used (if available). 544 545=item B<-maxfraglen> I<len> 546 547Enable Maximum Fragment Length Negotiation; allowed values are 548C<512>, C<1024>, C<2048>, and C<4096>. 549 550=item B<-max_send_frag> I<int> 551 552The maximum size of data fragment to send. 553See L<SSL_CTX_set_max_send_fragment(3)> for further information. 554 555=item B<-split_send_frag> I<int> 556 557The size used to split data for encrypt pipelines. If more data is written in 558one go than this value then it will be split into multiple pipelines, up to the 559maximum number of pipelines defined by max_pipelines. This only has an effect if 560a suitable cipher suite has been negotiated, an engine that supports pipelining 561has been loaded, and max_pipelines is greater than 1. See 562L<SSL_CTX_set_split_send_fragment(3)> for further information. 563 564=item B<-max_pipelines> I<int> 565 566The maximum number of encrypt/decrypt pipelines to be used. This will only have 567an effect if an engine has been loaded that supports pipelining (e.g. the dasync 568engine) and a suitable cipher suite has been negotiated. The default value is 1. 569See L<SSL_CTX_set_max_pipelines(3)> for further information. 570 571=item B<-read_buf> I<int> 572 573The default read buffer size to be used for connections. This will only have an 574effect if the buffer size is larger than the size that would otherwise be used 575and pipelining is in use (see L<SSL_CTX_set_default_read_buffer_len(3)> for 576further information). 577 578=item B<-ignore_unexpected_eof> 579 580Some TLS implementations do not send the mandatory close_notify alert on 581shutdown. If the application tries to wait for the close_notify alert but the 582peer closes the connection without sending it, an error is generated. When this 583option is enabled the peer does not need to send the close_notify alert and a 584closed connection will be treated as if the close_notify alert was received. 585For more information on shutting down a connection, see L<SSL_shutdown(3)>. 586 587=item B<-bugs> 588 589There are several known bugs in SSL and TLS implementations. Adding this 590option enables various workarounds. 591 592=item B<-comp> 593 594Enables support for SSL/TLS compression. 595This option was introduced in OpenSSL 1.1.0. 596TLS compression is not recommended and is off by default as of 597OpenSSL 1.1.0. 598 599=item B<-no_comp> 600 601Disables support for SSL/TLS compression. 602TLS compression is not recommended and is off by default as of 603OpenSSL 1.1.0. 604 605=item B<-brief> 606 607Only provide a brief summary of connection parameters instead of the 608normal verbose output. 609 610=item B<-sigalgs> I<sigalglist> 611 612Specifies the list of signature algorithms that are sent by the client. 613The server selects one entry in the list based on its preferences. 614For example strings, see L<SSL_CTX_set1_sigalgs(3)> 615 616=item B<-curves> I<curvelist> 617 618Specifies the list of supported curves to be sent by the client. The curve is 619ultimately selected by the server. 620 621The list of all supported groups includes named EC parameters as well as X25519 622and X448 or FFDHE groups, and may also include groups implemented in 3rd-party 623providers. For a list of named EC parameters, use: 624 625 $ openssl ecparam -list_curves 626 627=item B<-cipher> I<cipherlist> 628 629This allows the TLSv1.2 and below cipher list sent by the client to be modified. 630This list will be combined with any TLSv1.3 ciphersuites that have been 631configured. Although the server determines which ciphersuite is used it should 632take the first supported cipher in the list sent by the client. See 633L<openssl-ciphers(1)> for more information. 634 635=item B<-ciphersuites> I<val> 636 637This allows the TLSv1.3 ciphersuites sent by the client to be modified. This 638list will be combined with any TLSv1.2 and below ciphersuites that have been 639configured. Although the server determines which cipher suite is used it should 640take the first supported cipher in the list sent by the client. See 641L<openssl-ciphers(1)> for more information. The format for this list is a simple 642colon (":") separated list of TLSv1.3 ciphersuite names. 643 644=item B<-starttls> I<protocol> 645 646Send the protocol-specific message(s) to switch to TLS for communication. 647I<protocol> is a keyword for the intended protocol. Currently, the only 648supported keywords are "smtp", "pop3", "imap", "ftp", "xmpp", "xmpp-server", 649"irc", "postgres", "mysql", "lmtp", "nntp", "sieve" and "ldap". 650 651=item B<-xmpphost> I<hostname> 652 653This option, when used with "-starttls xmpp" or "-starttls xmpp-server", 654specifies the host for the "to" attribute of the stream element. 655If this option is not specified, then the host specified with "-connect" 656will be used. 657 658This option is an alias of the B<-name> option for "xmpp" and "xmpp-server". 659 660=item B<-name> I<hostname> 661 662This option is used to specify hostname information for various protocols 663used with B<-starttls> option. Currently only "xmpp", "xmpp-server", 664"smtp" and "lmtp" can utilize this B<-name> option. 665 666If this option is used with "-starttls xmpp" or "-starttls xmpp-server", 667if specifies the host for the "to" attribute of the stream element. If this 668option is not specified, then the host specified with "-connect" will be used. 669 670If this option is used with "-starttls lmtp" or "-starttls smtp", it specifies 671the name to use in the "LMTP LHLO" or "SMTP EHLO" message, respectively. If 672this option is not specified, then "mail.example.com" will be used. 673 674=item B<-tlsextdebug> 675 676Print out a hex dump of any TLS extensions received from the server. 677 678=item B<-no_ticket> 679 680Disable RFC4507bis session ticket support. 681 682=item B<-sess_out> I<filename> 683 684Output SSL session to I<filename>. 685 686=item B<-sess_in> I<filename> 687 688Load SSL session from I<filename>. The client will attempt to resume a 689connection from this session. 690 691=item B<-serverinfo> I<types> 692 693A list of comma-separated TLS Extension Types (numbers between 0 and 69465535). Each type will be sent as an empty ClientHello TLS Extension. 695The server's response (if any) will be encoded and displayed as a PEM 696file. 697 698=item B<-status> 699 700Sends a certificate status request to the server (OCSP stapling). The server 701response (if any) is printed out. 702 703=item B<-alpn> I<protocols>, B<-nextprotoneg> I<protocols> 704 705These flags enable the Enable the Application-Layer Protocol Negotiation 706or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the 707IETF standard and replaces NPN. 708The I<protocols> list is a comma-separated list of protocol names that 709the client should advertise support for. The list should contain the most 710desirable protocols first. Protocol names are printable ASCII strings, 711for example "http/1.1" or "spdy/3". 712An empty list of protocols is treated specially and will cause the 713client to advertise support for the TLS extension but disconnect just 714after receiving ServerHello with a list of server supported protocols. 715The flag B<-nextprotoneg> cannot be specified if B<-tls1_3> is used. 716 717=item B<-ct>, B<-noct> 718 719Use one of these two options to control whether Certificate Transparency (CT) 720is enabled (B<-ct>) or disabled (B<-noct>). 721If CT is enabled, signed certificate timestamps (SCTs) will be requested from 722the server and reported at handshake completion. 723 724Enabling CT also enables OCSP stapling, as this is one possible delivery method 725for SCTs. 726 727=item B<-ctlogfile> 728 729A file containing a list of known Certificate Transparency logs. See 730L<SSL_CTX_set_ctlog_list_file(3)> for the expected file format. 731 732=item B<-keylogfile> I<file> 733 734Appends TLS secrets to the specified keylog file such that external programs 735(like Wireshark) can decrypt TLS connections. 736 737=item B<-early_data> I<file> 738 739Reads the contents of the specified file and attempts to send it as early data 740to the server. This will only work with resumed sessions that support early 741data and when the server accepts the early data. 742 743=item B<-enable_pha> 744 745For TLSv1.3 only, send the Post-Handshake Authentication extension. This will 746happen whether or not a certificate has been provided via B<-cert>. 747 748=item B<-use_srtp> I<value> 749 750Offer SRTP key management, where B<value> is a colon-separated profile list. 751 752=item B<-srpuser> I<value> 753 754Set the SRP username to the specified value. This option is deprecated. 755 756=item B<-srppass> I<value> 757 758Set the SRP password to the specified value. This option is deprecated. 759 760=item B<-srp_lateuser> 761 762SRP username for the second ClientHello message. This option is deprecated. 763 764=item B<-srp_moregroups> This option is deprecated. 765 766Tolerate other than the known B<g> and B<N> values. 767 768=item B<-srp_strength> I<number> 769 770Set the minimal acceptable length, in bits, for B<N>. This option is 771deprecated. 772 773{- $OpenSSL::safe::opt_version_item -} 774 775{- $OpenSSL::safe::opt_name_item -} 776 777{- $OpenSSL::safe::opt_x_item -} 778 779{- $OpenSSL::safe::opt_trust_item -} 780 781{- $OpenSSL::safe::opt_s_item -} 782 783{- $OpenSSL::safe::opt_r_item -} 784 785{- $OpenSSL::safe::opt_provider_item -} 786 787{- $OpenSSL::safe::opt_engine_item -} 788 789{- output_off() if $disabled{"deprecated-3.0"}; "" -} 790=item B<-ssl_client_engine> I<id> 791 792Specify engine to be used for client certificate operations. 793{- output_on() if $disabled{"deprecated-3.0"}; "" -} 794 795{- $OpenSSL::safe::opt_v_item -} 796 797Verification errors are displayed, for debugging, but the command will 798proceed unless the B<-verify_return_error> option is used. 799 800=item I<host>:I<port> 801 802Rather than providing B<-connect>, the target hostname and optional port may 803be provided as a single positional argument after all options. If neither this 804nor B<-connect> are provided, falls back to attempting to connect to 805I<localhost> on port I<4433>. 806 807=back 808 809=head1 CONNECTED COMMANDS 810 811If a connection is established with an SSL server then any data received 812from the server is displayed and any key presses will be sent to the 813server. If end of file is reached then the connection will be closed down. When 814used interactively (which means neither B<-quiet> nor B<-ign_eof> have been 815given), then certain commands are also recognized which perform special 816operations. These commands are a letter which must appear at the start of a 817line. They are listed below. 818 819=over 4 820 821=item B<Q> 822 823End the current SSL connection and exit. 824 825=item B<R> 826 827Renegotiate the SSL session (TLSv1.2 and below only). 828 829=item B<k> 830 831Send a key update message to the server (TLSv1.3 only) 832 833=item B<K> 834 835Send a key update message to the server and request one back (TLSv1.3 only) 836 837=back 838 839=head1 NOTES 840 841This command can be used to debug SSL servers. To connect to an SSL HTTP 842server the command: 843 844 openssl s_client -connect servername:443 845 846would typically be used (https uses port 443). If the connection succeeds 847then an HTTP command can be given such as "GET /" to retrieve a web page. 848 849If the handshake fails then there are several possible causes, if it is 850nothing obvious like no client certificate then the B<-bugs>, 851B<-ssl3>, B<-tls1>, B<-no_ssl3>, B<-no_tls1> options can be tried 852in case it is a buggy server. In particular you should play with these 853options B<before> submitting a bug report to an OpenSSL mailing list. 854 855A frequent problem when attempting to get client certificates working 856is that a web client complains it has no certificates or gives an empty 857list to choose from. This is normally because the server is not sending 858the clients certificate authority in its "acceptable CA list" when it 859requests a certificate. By using this command, the CA list can be viewed 860and checked. However, some servers only request client authentication 861after a specific URL is requested. To obtain the list in this case it 862is necessary to use the B<-prexit> option and send an HTTP request 863for an appropriate page. 864 865If a certificate is specified on the command line using the B<-cert> 866option it will not be used unless the server specifically requests 867a client certificate. Therefore, merely including a client certificate 868on the command line is no guarantee that the certificate works. 869 870If there are problems verifying a server certificate then the 871B<-showcerts> option can be used to show all the certificates sent by the 872server. 873 874This command is a test tool and is designed to continue the 875handshake after any certificate verification errors. As a result it will 876accept any certificate chain (trusted or not) sent by the peer. Non-test 877applications should B<not> do this as it makes them vulnerable to a MITM 878attack. This behaviour can be changed by with the B<-verify_return_error> 879option: any verify errors are then returned aborting the handshake. 880 881The B<-bind> option may be useful if the server or a firewall requires 882connections to come from some particular address and or port. 883 884=head1 BUGS 885 886Because this program has a lot of options and also because some of the 887techniques used are rather old, the C source for this command is rather 888hard to read and not a model of how things should be done. 889A typical SSL client program would be much simpler. 890 891The B<-prexit> option is a bit of a hack. We should really report 892information whenever a session is renegotiated. 893 894=head1 SEE ALSO 895 896L<openssl(1)>, 897L<openssl-sess_id(1)>, 898L<openssl-s_server(1)>, 899L<openssl-ciphers(1)>, 900L<SSL_CONF_cmd(3)>, 901L<SSL_CTX_set_max_send_fragment(3)>, 902L<SSL_CTX_set_split_send_fragment(3)>, 903L<SSL_CTX_set_max_pipelines(3)>, 904L<ossl_store-file(7)> 905 906=head1 HISTORY 907 908The B<-no_alt_chains> option was added in OpenSSL 1.1.0. 909The B<-name> option was added in OpenSSL 1.1.1. 910 911The B<-certform> option has become obsolete in OpenSSL 3.0.0 and has no effect. 912 913The B<-engine> option was deprecated in OpenSSL 3.0. 914 915=head1 COPYRIGHT 916 917Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. 918 919Licensed under the Apache License 2.0 (the "License"). You may not use 920this file except in compliance with the License. You can obtain a copy 921in the file LICENSE in the source distribution or at 922L<https://www.openssl.org/source/license.html>. 923 924=cut 925