Openssl s_client Command

First, Introduction

S_client is a SSL/TLS client program that corresponds to S_server and communicates not only with S_server, but also with any other service program that uses the SSL protocol

Second, the grammar

OpenSSL s_client [-host host] [-port port] [-connect host:port] [-verify depth] [-cert filename] [-certform der|p EM] [-key filename] [-keyform der| PEM] [-pass arg] [-capath directory] [-cafile filename] [-reconnect][-pause] [-showcerts] [-debug] [-msg] [-stat E] [-nbio_test] [-NBIO][-CRLF] [-ign_eof] [-no_ign_eof][-quiet] [-SSL2] [-SSL3] [-tls1_1] [-tls1_2] [-TLS1] [-D TLS1] [-NO_SSL2][-NO_SSL3] [-NO_TLS1] [-no_tls1_1][ID] [-tlsextdebug] [-no_ticket] [  File(s)]

Options

-host Host-use-Connect instead-port Port-use-Connect instead-connect Host:port-W.H.O.To connect to (default is localhost:4433) -verify Arg-turn on peer certificate verification-cert arg-certificatefileto use, PEM format assumed-certform Arg-certificate Format (PEM or DER) PEM default-key arg-private KeyfileTo use,inchCertfile ifNot specified but CertfileIs .-keyform Arg-key Format (PEM or DER) PEM default-pass arg-private KeyfilePass phrase source-capath ARG-PEM Format Directory of CAs's-cafile ARG-PEM Formatfileof CA's-trusted_first-use Trusted CA's first when building the trust chain-reconnect-drop and re- MakeThe connection with the same session-ID-pause-Sleep(1) after each read (2) andWrite(2) System Call-showcerts-show All certificatesinchThe chain-debug-Extra Output-msg-Show Protocol Messages-nbio_test- MoreSSL Protocol Testing-state-print the'SSL'states-nbio-run with non-Blocking IO-CRLF-convert LF from terminal to CRLF-quiet-No s_client output-ign_eof-ignore input EOF (default when-quiet)-no_ign_eof-don't ignore input eof-psk_identity Arg-PSK Identity-PSK ARG-PSKinchHex (without 0x)-SSL2-just use SSLv2-SSL3-just use SSLv3-tls1_2-just use TLSV1.2-tls1_1-just use TLSV1.1-TLS1-just use TLSv1-DTLS1-just use DTLSv1-MTU-set the link layer MTU-NO_TLS1_2/-NO_TLS1_1/-NO_TLS1/-NO_SSL3/-NO_SSL2-turn off that protocol-bugs-Switch on all SSL implementation bug Workarounds-serverpref-use Server'S cipher preferences (only SSLv2)-cipher-preferred cipher to use, use the'OpenSSL ciphers'command to see what is available-starttls Prot-Use the STARTTLS command before starting TLS forthose protocols that support it, where'Prot'DefineswhichOne to assume. Currently, only"SMTP","POP3","IMAP","FTP"and"XMPP"is supported.-engineID-Initialise and use the specified engine-randfile:file:... -sess_out Arg-fileToWriteSSL Session to-sess_in Arg-fileTo read the SSL session from-servername host-set TLS extension servernameinchClientHello-tlsextdebug-hex dump of all TLS extensions received-status-Request Certificate status from server-no_ticket-disable use of Rfc4507bis session tickets-nextprotoneg arg-enable NPN Extension, considering named protocols supported (comma-separated list)-legacy_renegotiation-enable use of legacy renegotiation (dangerous)-USE_SRTP Profiles-offer SRTP Key Management with a colon-separated profile list-keymatexport Label-Export keying material using label-keymatexportlen len-export len bytes of keying material (default -)

Third, examples

Reference: http://blog.csdn.net/as3luyuan123/article/details/16812071

Openssl s_client Command