diff options
Diffstat (limited to 'doc/gnutls-cli-debug-examples.texi')
-rw-r--r-- | doc/gnutls-cli-debug-examples.texi | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/doc/gnutls-cli-debug-examples.texi b/doc/gnutls-cli-debug-examples.texi new file mode 100644 index 0000000..5114fc0 --- /dev/null +++ b/doc/gnutls-cli-debug-examples.texi @@ -0,0 +1,56 @@ +@example +$ gnutls-cli-debug localhost +GnuTLS debug client 3.5.0 +Checking localhost:443 + for SSL 3.0 (RFC6101) support... yes + whether we need to disable TLS 1.2... no + whether we need to disable TLS 1.1... no + whether we need to disable TLS 1.0... no + whether %NO_EXTENSIONS is required... no + whether %COMPAT is required... no + for TLS 1.0 (RFC2246) support... yes + for TLS 1.1 (RFC4346) support... yes + for TLS 1.2 (RFC5246) support... yes + fallback from TLS 1.6 to... TLS1.2 + for RFC7507 inappropriate fallback... yes + for HTTPS server name... Local + for certificate chain order... sorted + for safe renegotiation (RFC5746) support... yes + for Safe renegotiation support (SCSV)... no + for encrypt-then-MAC (RFC7366) support... no + for ext master secret (RFC7627) support... no + for heartbeat (RFC6520) support... no + for version rollback bug in RSA PMS... dunno + for version rollback bug in Client Hello... no + whether the server ignores the RSA PMS version... yes +whether small records (512 bytes) are tolerated on handshake... yes + whether cipher suites not in SSL 3.0 spec are accepted... yes +whether a bogus TLS record version in the client hello is accepted... yes + whether the server understands TLS closure alerts... partially + whether the server supports session resumption... yes + for anonymous authentication support... no + for ephemeral Diffie-Hellman support... no + for ephemeral EC Diffie-Hellman support... yes + ephemeral EC Diffie-Hellman group info... SECP256R1 + for AES-128-GCM cipher (RFC5288) support... yes + for AES-128-CCM cipher (RFC6655) support... no + for AES-128-CCM-8 cipher (RFC6655) support... no + for AES-128-CBC cipher (RFC3268) support... yes + for CAMELLIA-128-GCM cipher (RFC6367) support... no + for CAMELLIA-128-CBC cipher (RFC5932) support... no + for 3DES-CBC cipher (RFC2246) support... yes + for ARCFOUR 128 cipher (RFC2246) support... yes + for MD5 MAC support... yes + for SHA1 MAC support... yes + for SHA256 MAC support... yes + for ZLIB compression support... no + for max record size (RFC6066) support... no + for OCSP status response (RFC6066) support... no + for OpenPGP authentication (RFC6091) support... no +@end example + +You could also use the client to debug services with starttls capability. +@example +$ gnutls-cli-debug --starttls-proto smtp --port 25 localhost +@end example + |