1=pod 2{- OpenSSL::safe::output_do_not_edit_headers(); -} 3 4=head1 NAME 5 6openssl-s_client - SSL/TLS client program 7 8=head1 SYNOPSIS 9 10B<openssl> B<s_client> 11[B<-help>] 12[B<-ssl_config> I<section>] 13[B<-connect> I<host:port>] 14[B<-host> I<hostname>] 15[B<-port> I<port>] 16[B<-bind> I<host:port>] 17[B<-proxy> I<host:port>] 18[B<-proxy_user> I<userid>] 19[B<-proxy_pass> I<arg>] 20[B<-unix> I<path>] 21[B<-4>] 22[B<-6>] 23[B<-servername> I<name>] 24[B<-noservername>] 25[B<-verify> I<depth>] 26[B<-verify_return_error>] 27[B<-verify_quiet>] 28[B<-verifyCAfile> I<filename>] 29[B<-verifyCApath> I<dir>] 30[B<-verifyCAstore> I<uri>] 31[B<-cert> I<filename>] 32[B<-certform> B<DER>|B<PEM>|B<P12>] 33[B<-cert_chain> I<filename>] 34[B<-build_chain>] 35[B<-CRL> I<filename>] 36[B<-CRLform> B<DER>|B<PEM>] 37[B<-crl_download>] 38[B<-key> I<filename>|I<uri>] 39[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>] 40[B<-pass> I<arg>] 41[B<-chainCAfile> I<filename>] 42[B<-chainCApath> I<directory>] 43[B<-chainCAstore> I<uri>] 44[B<-requestCAfile> I<filename>] 45[B<-dane_tlsa_domain> I<domain>] 46[B<-dane_tlsa_rrdata> I<rrdata>] 47[B<-dane_ee_no_namechecks>] 48[B<-reconnect>] 49[B<-showcerts>] 50[B<-prexit>] 51[B<-debug>] 52[B<-trace>] 53[B<-nocommands>] 54[B<-security_debug>] 55[B<-security_debug_verbose>] 56[B<-msg>] 57[B<-timeout>] 58[B<-mtu> I<size>] 59[B<-no_etm>] 60[B<-keymatexport> I<label>] 61[B<-keymatexportlen> I<len>] 62[B<-msgfile> I<filename>] 63[B<-nbio_test>] 64[B<-state>] 65[B<-nbio>] 66[B<-crlf>] 67[B<-ign_eof>] 68[B<-no_ign_eof>] 69[B<-psk_identity> I<identity>] 70[B<-psk> I<key>] 71[B<-psk_session> I<file>] 72[B<-quiet>] 73[B<-sctp>] 74[B<-sctp_label_bug>] 75[B<-fallback_scsv>] 76[B<-async>] 77[B<-maxfraglen> I<len>] 78[B<-max_send_frag>] 79[B<-split_send_frag>] 80[B<-max_pipelines>] 81[B<-read_buf>] 82[B<-ignore_unexpected_eof>] 83[B<-bugs>] 84[B<-comp>] 85[B<-no_comp>] 86[B<-brief>] 87[B<-legacy_server_connect>] 88[B<-no_legacy_server_connect>] 89[B<-allow_no_dhe_kex>] 90[B<-sigalgs> I<sigalglist>] 91[B<-curves> I<curvelist>] 92[B<-cipher> I<cipherlist>] 93[B<-ciphersuites> I<val>] 94[B<-serverpref>] 95[B<-starttls> I<protocol>] 96[B<-name> I<hostname>] 97[B<-xmpphost> I<hostname>] 98[B<-name> I<hostname>] 99[B<-tlsextdebug>] 100[B<-no_ticket>] 101[B<-sess_out> I<filename>] 102[B<-serverinfo> I<types>] 103[B<-sess_in> I<filename>] 104[B<-serverinfo> I<types>] 105[B<-status>] 106[B<-alpn> I<protocols>] 107[B<-nextprotoneg> I<protocols>] 108[B<-ct>] 109[B<-noct>] 110[B<-ctlogfile>] 111[B<-keylogfile> I<file>] 112[B<-early_data> I<file>] 113[B<-enable_pha>] 114[B<-use_srtp> I<value>] 115[B<-srpuser> I<value>] 116[B<-srppass> I<value>] 117[B<-srp_lateuser>] 118[B<-srp_moregroups>] 119[B<-srp_strength> I<number>] 120{- $OpenSSL::safe::opt_name_synopsis -} 121{- $OpenSSL::safe::opt_version_synopsis -} 122{- $OpenSSL::safe::opt_x_synopsis -} 123{- $OpenSSL::safe::opt_trust_synopsis -} 124{- $OpenSSL::safe::opt_s_synopsis -} 125{- $OpenSSL::safe::opt_r_synopsis -} 126{- $OpenSSL::safe::opt_provider_synopsis -} 127{- $OpenSSL::safe::opt_engine_synopsis -}[B<-ssl_client_engine> I<id>] 128{- $OpenSSL::safe::opt_v_synopsis -} 129[I<host>:I<port>] 130 131=head1 DESCRIPTION 132 133This command implements a generic SSL/TLS client which 134connects to a remote host using SSL/TLS. It is a I<very> useful diagnostic 135tool for SSL servers. 136 137=head1 OPTIONS 138 139In addition to the options below, this command also supports the 140common and client only options documented 141in the "Supported Command Line Commands" section of the L<SSL_CONF_cmd(3)> 142manual page. 143 144=over 4 145 146=item B<-help> 147 148Print out a usage message. 149 150=item B<-ssl_config> I<section> 151 152Use the specified section of the configuration file to configure the B<SSL_CTX> object. 153 154=item B<-connect> I<host>:I<port> 155 156This specifies the host and optional port to connect to. It is possible to 157select the host and port using the optional target positional argument instead. 158If neither this nor the target positional argument are specified then an attempt 159is made to connect to the local host on port 4433. 160 161=item B<-host> I<hostname> 162 163Host to connect to; use B<-connect> instead. 164 165=item B<-port> I<port> 166 167Connect to the specified port; use B<-connect> instead. 168 169=item B<-bind> I<host:port> 170 171This specifies the host address and or port to bind as the source for the 172connection. For Unix-domain sockets the port is ignored and the host is 173used as the source socket address. 174 175=item B<-proxy> I<host:port> 176 177When used with the B<-connect> flag, the program uses the host and port 178specified with this flag and issues an HTTP CONNECT command to connect 179to the desired server. 180 181=item B<-proxy_user> I<userid> 182 183When used with the B<-proxy> flag, the program will attempt to authenticate 184with the specified proxy using basic (base64) authentication. 185NB: Basic authentication is insecure; the credentials are sent to the proxy 186in easily reversible base64 encoding before any TLS/SSL session is established. 187Therefore, these credentials are easily recovered by anyone able to sniff/trace 188the network. Use with caution. 189 190=item B<-proxy_pass> I<arg> 191 192The proxy password source, used with the B<-proxy_user> flag. 193For more information about the format of B<arg> 194see L<openssl-passphrase-options(1)>. 195 196=item B<-unix> I<path> 197 198Connect over the specified Unix-domain socket. 199 200=item B<-4> 201 202Use IPv4 only. 203 204=item B<-6> 205 206Use IPv6 only. 207 208=item B<-servername> I<name> 209 210Set the TLS SNI (Server Name Indication) extension in the ClientHello message to 211the given value. 212If B<-servername> is not provided, the TLS SNI extension will be populated with 213the name given to B<-connect> if it follows a DNS name format. If B<-connect> is 214not provided either, the SNI is set to "localhost". 215This is the default since OpenSSL 1.1.1. 216 217Even though SNI should normally be a DNS name and not an IP address, if 218B<-servername> is provided then that name will be sent, regardless of whether 219it is a DNS name or not. 220 221This option cannot be used in conjunction with B<-noservername>. 222 223=item B<-noservername> 224 225Suppresses sending of the SNI (Server Name Indication) extension in the 226ClientHello message. Cannot be used in conjunction with the B<-servername> or 227B<-dane_tlsa_domain> options. 228 229=item B<-cert> I<filename> 230 231The client certificate to use, if one is requested by the server. 232The default is not to use a certificate. 233 234The chain for the client certificate may be specified using B<-cert_chain>. 235 236=item B<-certform> B<DER>|B<PEM>|B<P12> 237 238The client certificate file format to use; unspecified by default. 239See L<openssl-format-options(1)> for details. 240 241=item B<-cert_chain> 242 243A file or URI of untrusted certificates to use when attempting to build the 244certificate chain related to the certificate specified via the B<-cert> option. 245The input can be in PEM, DER, or PKCS#12 format. 246 247=item B<-build_chain> 248 249Specify whether the application should build the client certificate chain to be 250provided to the server. 251 252=item B<-CRL> I<filename> 253 254CRL file to use to check the server's certificate. 255 256=item B<-CRLform> B<DER>|B<PEM> 257 258The CRL file format; unspecified by default. 259See L<openssl-format-options(1)> for details. 260 261=item B<-crl_download> 262 263Download CRL from distribution points in the certificate. 264 265=item B<-key> I<filename>|I<uri> 266 267The client private key to use. 268If not specified then the certificate file will be used to read also the key. 269 270=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> 271 272The key format; unspecified by default. 273See L<openssl-format-options(1)> for details. 274 275=item B<-pass> I<arg> 276 277the private key and certificate file password source. 278For more information about the format of I<arg> 279see L<openssl-passphrase-options(1)>. 280 281=item B<-verify> I<depth> 282 283The verify depth to use. This specifies the maximum length of the 284server certificate chain and turns on server certificate verification. 285Currently the verify operation continues after errors so all the problems 286with a certificate chain can be seen. As a side effect the connection 287will never fail due to a server certificate verify failure. 288 289=item B<-verify_return_error> 290 291Return verification errors instead of continuing. This will typically 292abort the handshake with a fatal error. 293 294=item B<-verify_quiet> 295 296Limit verify output to only errors. 297 298=item B<-verifyCAfile> I<filename> 299 300A file in PEM format containing trusted certificates to use 301for verifying the server's certificate. 302 303=item B<-verifyCApath> I<dir> 304 305A directory containing trusted certificates to use 306for verifying the server's certificate. 307This directory must be in "hash format", 308see L<openssl-verify(1)> for more information. 309 310=item B<-verifyCAstore> I<uri> 311 312The URI of a store containing trusted certificates to use 313for verifying the server's certificate. 314 315=item B<-chainCAfile> I<file> 316 317A file in PEM format containing trusted certificates to use 318when attempting to build the client certificate chain. 319 320=item B<-chainCApath> I<directory> 321 322A directory containing trusted certificates to use 323for building the client certificate chain provided to the server. 324This directory must be in "hash format", 325see L<openssl-verify(1)> for more information. 326 327=item B<-chainCAstore> I<uri> 328 329The URI of a store containing trusted certificates to use 330when attempting to build the client certificate chain. 331The URI may indicate a single certificate, as well as a collection of them. 332With URIs in the C<file:> scheme, this acts as B<-chainCAfile> or 333B<-chainCApath>, depending on if the URI indicates a directory or a 334single file. 335See L<ossl_store-file(7)> for more information on the C<file:> scheme. 336 337=item B<-requestCAfile> I<file> 338 339A file containing a list of certificates whose subject names will be sent 340to the server in the B<certificate_authorities> extension. Only supported 341for TLS 1.3 342 343=item B<-dane_tlsa_domain> I<domain> 344 345Enable RFC6698/RFC7671 DANE TLSA authentication and specify the 346TLSA base domain which becomes the default SNI hint and the primary 347reference identifier for hostname checks. This must be used in 348combination with at least one instance of the B<-dane_tlsa_rrdata> 349option below. 350 351When DANE authentication succeeds, the diagnostic output will include 352the lowest (closest to 0) depth at which a TLSA record authenticated 353a chain certificate. When that TLSA record is a "2 1 0" trust 354anchor public key that signed (rather than matched) the top-most 355certificate of the chain, the result is reported as "TA public key 356verified". Otherwise, either the TLSA record "matched TA certificate" 357at a positive depth or else "matched EE certificate" at depth 0. 358 359=item B<-dane_tlsa_rrdata> I<rrdata> 360 361Use one or more times to specify the RRDATA fields of the DANE TLSA 362RRset associated with the target service. The I<rrdata> value is 363specified in "presentation form", that is four whitespace separated 364fields that specify the usage, selector, matching type and associated 365data, with the last of these encoded in hexadecimal. Optional 366whitespace is ignored in the associated data field. For example: 367 368 $ openssl s_client -brief -starttls smtp \ 369 -connect smtp.example.com:25 \ 370 -dane_tlsa_domain smtp.example.com \ 371 -dane_tlsa_rrdata "2 1 1 372 B111DD8A1C2091A89BD4FD60C57F0716CCE50FEEFF8137CDBEE0326E 02CF362B" \ 373 -dane_tlsa_rrdata "2 1 1 374 60B87575447DCBA2A36B7D11AC09FB24A9DB406FEE12D2CC90180517 616E8A18" 375 ... 376 Verification: OK 377 Verified peername: smtp.example.com 378 DANE TLSA 2 1 1 ...ee12d2cc90180517616e8a18 matched TA certificate at depth 1 379 ... 380 381=item B<-dane_ee_no_namechecks> 382 383This disables server name checks when authenticating via DANE-EE(3) TLSA 384records. 385For some applications, primarily web browsers, it is not safe to disable name 386checks due to "unknown key share" attacks, in which a malicious server can 387convince a client that a connection to a victim server is instead a secure 388connection to the malicious server. 389The malicious server may then be able to violate cross-origin scripting 390restrictions. 391Thus, despite the text of RFC7671, name checks are by default enabled for 392DANE-EE(3) TLSA records, and can be disabled in applications where it is safe 393to do so. 394In particular, SMTP and XMPP clients should set this option as SRV and MX 395records already make it possible for a remote domain to redirect client 396connections to any server of its choice, and in any case SMTP and XMPP clients 397do not execute scripts downloaded from remote servers. 398 399=item B<-reconnect> 400 401Reconnects to the same server 5 times using the same session ID, this can 402be used as a test that session caching is working. 403 404=item B<-showcerts> 405 406Displays the server certificate list as sent by the server: it only consists of 407certificates the server has sent (in the order the server has sent them). It is 408B<not> a verified chain. 409 410=item B<-prexit> 411 412Print session information when the program exits. This will always attempt 413to print out information even if the connection fails. Normally information 414will only be printed out once if the connection succeeds. This option is useful 415because the cipher in use may be renegotiated or the connection may fail 416because a client certificate is required or is requested only after an 417attempt is made to access a certain URL. Note: the output produced by this 418option is not always accurate because a connection might never have been 419established. 420 421=item B<-state> 422 423Prints out the SSL session states. 424 425=item B<-debug> 426 427Print extensive debugging information including a hex dump of all traffic. 428 429=item B<-nocommands> 430 431Do not use interactive command letters. 432 433=item B<-security_debug> 434 435Enable security debug messages. 436 437=item B<-security_debug_verbose> 438 439Output more security debug output. 440 441=item B<-msg> 442 443Show protocol messages. 444 445=item B<-timeout> 446 447Enable send/receive timeout on DTLS connections. 448 449=item B<-mtu> I<size> 450 451Set MTU of the link layer to the specified size. 452 453=item B<-no_etm> 454 455Disable Encrypt-then-MAC negotiation. 456 457=item B<-keymatexport> I<label> 458 459Export keying material using the specified label. 460 461=item B<-keymatexportlen> I<len> 462 463Export the specified number of bytes of keying material; default is 20. 464 465Show all protocol messages with hex dump. 466 467=item B<-trace> 468 469Show verbose trace output of protocol messages. 470 471=item B<-msgfile> I<filename> 472 473File to send output of B<-msg> or B<-trace> to, default standard output. 474 475=item B<-nbio_test> 476 477Tests nonblocking I/O 478 479=item B<-nbio> 480 481Turns on nonblocking I/O 482 483=item B<-crlf> 484 485This option translated a line feed from the terminal into CR+LF as required 486by some servers. 487 488=item B<-ign_eof> 489 490Inhibit shutting down the connection when end of file is reached in the 491input. 492 493=item B<-quiet> 494 495Inhibit printing of session and certificate information. This implicitly 496turns on B<-ign_eof> as well. 497 498=item B<-no_ign_eof> 499 500Shut down the connection when end of file is reached in the input. 501Can be used to override the implicit B<-ign_eof> after B<-quiet>. 502 503=item B<-psk_identity> I<identity> 504 505Use the PSK identity I<identity> when using a PSK cipher suite. 506The default value is "Client_identity" (without the quotes). 507 508=item B<-psk> I<key> 509 510Use the PSK key I<key> when using a PSK cipher suite. The key is 511given as a hexadecimal number without leading 0x, for example -psk 5121a2b3c4d. 513This option must be provided in order to use a PSK cipher. 514 515=item B<-psk_session> I<file> 516 517Use the pem encoded SSL_SESSION data stored in I<file> as the basis of a PSK. 518Note that this will only work if TLSv1.3 is negotiated. 519 520=item B<-sctp> 521 522Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in 523conjunction with B<-dtls>, B<-dtls1> or B<-dtls1_2>. This option is only 524available where OpenSSL has support for SCTP enabled. 525 526=item B<-sctp_label_bug> 527 528Use the incorrect behaviour of older OpenSSL implementations when computing 529endpoint-pair shared secrets for DTLS/SCTP. This allows communication with 530older broken implementations but breaks interoperability with correct 531implementations. Must be used in conjunction with B<-sctp>. This option is only 532available where OpenSSL has support for SCTP enabled. 533 534=item B<-fallback_scsv> 535 536Send TLS_FALLBACK_SCSV in the ClientHello. 537 538=item B<-async> 539 540Switch on asynchronous mode. Cryptographic operations will be performed 541asynchronously. This will only have an effect if an asynchronous capable engine 542is also used via the B<-engine> option. For test purposes the dummy async engine 543(dasync) can be used (if available). 544 545=item B<-maxfraglen> I<len> 546 547Enable Maximum Fragment Length Negotiation; allowed values are 548C<512>, C<1024>, C<2048>, and C<4096>. 549 550=item B<-max_send_frag> I<int> 551 552The maximum size of data fragment to send. 553See L<SSL_CTX_set_max_send_fragment(3)> for further information. 554 555=item B<-split_send_frag> I<int> 556 557The size used to split data for encrypt pipelines. If more data is written in 558one go than this value then it will be split into multiple pipelines, up to the 559maximum number of pipelines defined by max_pipelines. This only has an effect if 560a suitable cipher suite has been negotiated, an engine that supports pipelining 561has been loaded, and max_pipelines is greater than 1. See 562L<SSL_CTX_set_split_send_fragment(3)> for further information. 563 564=item B<-max_pipelines> I<int> 565 566The maximum number of encrypt/decrypt pipelines to be used. This will only have 567an effect if an engine has been loaded that supports pipelining (e.g. the dasync 568engine) and a suitable cipher suite has been negotiated. The default value is 1. 569See L<SSL_CTX_set_max_pipelines(3)> for further information. 570 571=item B<-read_buf> I<int> 572 573The default read buffer size to be used for connections. This will only have an 574effect if the buffer size is larger than the size that would otherwise be used 575and pipelining is in use (see L<SSL_CTX_set_default_read_buffer_len(3)> for 576further information). 577 578=item B<-ignore_unexpected_eof> 579 580Some TLS implementations do not send the mandatory close_notify alert on 581shutdown. If the application tries to wait for the close_notify alert but the 582peer closes the connection without sending it, an error is generated. When this 583option is enabled the peer does not need to send the close_notify alert and a 584closed connection will be treated as if the close_notify alert was received. 585For more information on shutting down a connection, see L<SSL_shutdown(3)>. 586 587=item B<-bugs> 588 589There are several known bugs in SSL and TLS implementations. Adding this 590option enables various workarounds. 591 592=item B<-comp> 593 594Enables support for SSL/TLS compression. 595This option was introduced in OpenSSL 1.1.0. 596TLS compression is not recommended and is off by default as of 597OpenSSL 1.1.0. 598 599=item B<-no_comp> 600 601Disables support for SSL/TLS compression. 602TLS compression is not recommended and is off by default as of 603OpenSSL 1.1.0. 604 605=item B<-brief> 606 607Only provide a brief summary of connection parameters instead of the 608normal verbose output. 609 610=item B<-sigalgs> I<sigalglist> 611 612Specifies the list of signature algorithms that are sent by the client. 613The server selects one entry in the list based on its preferences. 614For example strings, see L<SSL_CTX_set1_sigalgs(3)> 615 616=item B<-curves> I<curvelist> 617 618Specifies the list of supported curves to be sent by the client. The curve is 619ultimately selected by the server. For a list of all curves, use: 620 621 $ openssl ecparam -list_curves 622 623=item B<-cipher> I<cipherlist> 624 625This allows the TLSv1.2 and below cipher list sent by the client to be modified. 626This list will be combined with any TLSv1.3 ciphersuites that have been 627configured. Although the server determines which ciphersuite is used it should 628take the first supported cipher in the list sent by the client. See 629L<openssl-ciphers(1)> for more information. 630 631=item B<-ciphersuites> I<val> 632 633This allows the TLSv1.3 ciphersuites sent by the client to be modified. This 634list will be combined with any TLSv1.2 and below ciphersuites that have been 635configured. Although the server determines which cipher suite is used it should 636take the first supported cipher in the list sent by the client. See 637L<openssl-ciphers(1)> for more information. The format for this list is a simple 638colon (":") separated list of TLSv1.3 ciphersuite names. 639 640=item B<-starttls> I<protocol> 641 642Send the protocol-specific message(s) to switch to TLS for communication. 643I<protocol> is a keyword for the intended protocol. Currently, the only 644supported keywords are "smtp", "pop3", "imap", "ftp", "xmpp", "xmpp-server", 645"irc", "postgres", "mysql", "lmtp", "nntp", "sieve" and "ldap". 646 647=item B<-xmpphost> I<hostname> 648 649This option, when used with "-starttls xmpp" or "-starttls xmpp-server", 650specifies the host for the "to" attribute of the stream element. 651If this option is not specified, then the host specified with "-connect" 652will be used. 653 654This option is an alias of the B<-name> option for "xmpp" and "xmpp-server". 655 656=item B<-name> I<hostname> 657 658This option is used to specify hostname information for various protocols 659used with B<-starttls> option. Currently only "xmpp", "xmpp-server", 660"smtp" and "lmtp" can utilize this B<-name> option. 661 662If this option is used with "-starttls xmpp" or "-starttls xmpp-server", 663if specifies the host for the "to" attribute of the stream element. If this 664option is not specified, then the host specified with "-connect" will be used. 665 666If this option is used with "-starttls lmtp" or "-starttls smtp", it specifies 667the name to use in the "LMTP LHLO" or "SMTP EHLO" message, respectively. If 668this option is not specified, then "mail.example.com" will be used. 669 670=item B<-tlsextdebug> 671 672Print out a hex dump of any TLS extensions received from the server. 673 674=item B<-no_ticket> 675 676Disable RFC4507bis session ticket support. 677 678=item B<-sess_out> I<filename> 679 680Output SSL session to I<filename>. 681 682=item B<-sess_in> I<filename> 683 684Load SSL session from I<filename>. The client will attempt to resume a 685connection from this session. 686 687=item B<-serverinfo> I<types> 688 689A list of comma-separated TLS Extension Types (numbers between 0 and 69065535). Each type will be sent as an empty ClientHello TLS Extension. 691The server's response (if any) will be encoded and displayed as a PEM 692file. 693 694=item B<-status> 695 696Sends a certificate status request to the server (OCSP stapling). The server 697response (if any) is printed out. 698 699=item B<-alpn> I<protocols>, B<-nextprotoneg> I<protocols> 700 701These flags enable the Enable the Application-Layer Protocol Negotiation 702or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the 703IETF standard and replaces NPN. 704The I<protocols> list is a comma-separated list of protocol names that 705the client should advertise support for. The list should contain the most 706desirable protocols first. Protocol names are printable ASCII strings, 707for example "http/1.1" or "spdy/3". 708An empty list of protocols is treated specially and will cause the 709client to advertise support for the TLS extension but disconnect just 710after receiving ServerHello with a list of server supported protocols. 711The flag B<-nextprotoneg> cannot be specified if B<-tls1_3> is used. 712 713=item B<-ct>, B<-noct> 714 715Use one of these two options to control whether Certificate Transparency (CT) 716is enabled (B<-ct>) or disabled (B<-noct>). 717If CT is enabled, signed certificate timestamps (SCTs) will be requested from 718the server and reported at handshake completion. 719 720Enabling CT also enables OCSP stapling, as this is one possible delivery method 721for SCTs. 722 723=item B<-ctlogfile> 724 725A file containing a list of known Certificate Transparency logs. See 726L<SSL_CTX_set_ctlog_list_file(3)> for the expected file format. 727 728=item B<-keylogfile> I<file> 729 730Appends TLS secrets to the specified keylog file such that external programs 731(like Wireshark) can decrypt TLS connections. 732 733=item B<-early_data> I<file> 734 735Reads the contents of the specified file and attempts to send it as early data 736to the server. This will only work with resumed sessions that support early 737data and when the server accepts the early data. 738 739=item B<-enable_pha> 740 741For TLSv1.3 only, send the Post-Handshake Authentication extension. This will 742happen whether or not a certificate has been provided via B<-cert>. 743 744=item B<-use_srtp> I<value> 745 746Offer SRTP key management, where B<value> is a colon-separated profile list. 747 748=item B<-srpuser> I<value> 749 750Set the SRP username to the specified value. This option is deprecated. 751 752=item B<-srppass> I<value> 753 754Set the SRP password to the specified value. This option is deprecated. 755 756=item B<-srp_lateuser> 757 758SRP username for the second ClientHello message. This option is deprecated. 759 760=item B<-srp_moregroups> This option is deprecated. 761 762Tolerate other than the known B<g> and B<N> values. 763 764=item B<-srp_strength> I<number> 765 766Set the minimal acceptable length, in bits, for B<N>. This option is 767deprecated. 768 769{- $OpenSSL::safe::opt_version_item -} 770 771{- $OpenSSL::safe::opt_name_item -} 772 773{- $OpenSSL::safe::opt_x_item -} 774 775{- $OpenSSL::safe::opt_trust_item -} 776 777{- $OpenSSL::safe::opt_s_item -} 778 779{- $OpenSSL::safe::opt_r_item -} 780 781{- $OpenSSL::safe::opt_provider_item -} 782 783{- $OpenSSL::safe::opt_engine_item -} 784 785{- output_off() if $disabled{"deprecated-3.0"}; "" -} 786=item B<-ssl_client_engine> I<id> 787 788Specify engine to be used for client certificate operations. 789{- output_on() if $disabled{"deprecated-3.0"}; "" -} 790 791{- $OpenSSL::safe::opt_v_item -} 792 793Verification errors are displayed, for debugging, but the command will 794proceed unless the B<-verify_return_error> option is used. 795 796=item I<host>:I<port> 797 798Rather than providing B<-connect>, the target hostname and optional port may 799be provided as a single positional argument after all options. If neither this 800nor B<-connect> are provided, falls back to attempting to connect to 801I<localhost> on port I<4433>. 802 803=back 804 805=head1 CONNECTED COMMANDS 806 807If a connection is established with an SSL server then any data received 808from the server is displayed and any key presses will be sent to the 809server. If end of file is reached then the connection will be closed down. When 810used interactively (which means neither B<-quiet> nor B<-ign_eof> have been 811given), then certain commands are also recognized which perform special 812operations. These commands are a letter which must appear at the start of a 813line. They are listed below. 814 815=over 4 816 817=item B<Q> 818 819End the current SSL connection and exit. 820 821=item B<R> 822 823Renegotiate the SSL session (TLSv1.2 and below only). 824 825=item B<k> 826 827Send a key update message to the server (TLSv1.3 only) 828 829=item B<K> 830 831Send a key update message to the server and request one back (TLSv1.3 only) 832 833=back 834 835=head1 NOTES 836 837This command can be used to debug SSL servers. To connect to an SSL HTTP 838server the command: 839 840 openssl s_client -connect servername:443 841 842would typically be used (https uses port 443). If the connection succeeds 843then an HTTP command can be given such as "GET /" to retrieve a web page. 844 845If the handshake fails then there are several possible causes, if it is 846nothing obvious like no client certificate then the B<-bugs>, 847B<-ssl3>, B<-tls1>, B<-no_ssl3>, B<-no_tls1> options can be tried 848in case it is a buggy server. In particular you should play with these 849options B<before> submitting a bug report to an OpenSSL mailing list. 850 851A frequent problem when attempting to get client certificates working 852is that a web client complains it has no certificates or gives an empty 853list to choose from. This is normally because the server is not sending 854the clients certificate authority in its "acceptable CA list" when it 855requests a certificate. By using this command, the CA list can be viewed 856and checked. However, some servers only request client authentication 857after a specific URL is requested. To obtain the list in this case it 858is necessary to use the B<-prexit> option and send an HTTP request 859for an appropriate page. 860 861If a certificate is specified on the command line using the B<-cert> 862option it will not be used unless the server specifically requests 863a client certificate. Therefore, merely including a client certificate 864on the command line is no guarantee that the certificate works. 865 866If there are problems verifying a server certificate then the 867B<-showcerts> option can be used to show all the certificates sent by the 868server. 869 870This command is a test tool and is designed to continue the 871handshake after any certificate verification errors. As a result it will 872accept any certificate chain (trusted or not) sent by the peer. Non-test 873applications should B<not> do this as it makes them vulnerable to a MITM 874attack. This behaviour can be changed by with the B<-verify_return_error> 875option: any verify errors are then returned aborting the handshake. 876 877The B<-bind> option may be useful if the server or a firewall requires 878connections to come from some particular address and or port. 879 880=head1 BUGS 881 882Because this program has a lot of options and also because some of the 883techniques used are rather old, the C source for this command is rather 884hard to read and not a model of how things should be done. 885A typical SSL client program would be much simpler. 886 887The B<-prexit> option is a bit of a hack. We should really report 888information whenever a session is renegotiated. 889 890=head1 SEE ALSO 891 892L<openssl(1)>, 893L<openssl-sess_id(1)>, 894L<openssl-s_server(1)>, 895L<openssl-ciphers(1)>, 896L<SSL_CONF_cmd(3)>, 897L<SSL_CTX_set_max_send_fragment(3)>, 898L<SSL_CTX_set_split_send_fragment(3)>, 899L<SSL_CTX_set_max_pipelines(3)>, 900L<ossl_store-file(7)> 901 902=head1 HISTORY 903 904The B<-no_alt_chains> option was added in OpenSSL 1.1.0. 905The B<-name> option was added in OpenSSL 1.1.1. 906 907The B<-certform> option has become obsolete in OpenSSL 3.0.0 and has no effect. 908 909The B<-engine> option was deprecated in OpenSSL 3.0. 910 911=head1 COPYRIGHT 912 913Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. 914 915Licensed under the Apache License 2.0 (the "License"). You may not use 916this file except in compliance with the License. You can obtain a copy 917in the file LICENSE in the source distribution or at 918L<https://www.openssl.org/source/license.html>. 919 920=cut 921