summaryrefslogtreecommitdiffstats
path: root/doc/gnutls-cli-debug-examples.texi
diff options
context:
space:
mode:
Diffstat (limited to 'doc/gnutls-cli-debug-examples.texi')
-rw-r--r--doc/gnutls-cli-debug-examples.texi56
1 files changed, 56 insertions, 0 deletions
diff --git a/doc/gnutls-cli-debug-examples.texi b/doc/gnutls-cli-debug-examples.texi
new file mode 100644
index 0000000..5114fc0
--- /dev/null
+++ b/doc/gnutls-cli-debug-examples.texi
@@ -0,0 +1,56 @@
+@example
+$ gnutls-cli-debug localhost
+GnuTLS debug client 3.5.0
+Checking localhost:443
+ for SSL 3.0 (RFC6101) support... yes
+ whether we need to disable TLS 1.2... no
+ whether we need to disable TLS 1.1... no
+ whether we need to disable TLS 1.0... no
+ whether %NO_EXTENSIONS is required... no
+ whether %COMPAT is required... no
+ for TLS 1.0 (RFC2246) support... yes
+ for TLS 1.1 (RFC4346) support... yes
+ for TLS 1.2 (RFC5246) support... yes
+ fallback from TLS 1.6 to... TLS1.2
+ for RFC7507 inappropriate fallback... yes
+ for HTTPS server name... Local
+ for certificate chain order... sorted
+ for safe renegotiation (RFC5746) support... yes
+ for Safe renegotiation support (SCSV)... no
+ for encrypt-then-MAC (RFC7366) support... no
+ for ext master secret (RFC7627) support... no
+ for heartbeat (RFC6520) support... no
+ for version rollback bug in RSA PMS... dunno
+ for version rollback bug in Client Hello... no
+ whether the server ignores the RSA PMS version... yes
+whether small records (512 bytes) are tolerated on handshake... yes
+ whether cipher suites not in SSL 3.0 spec are accepted... yes
+whether a bogus TLS record version in the client hello is accepted... yes
+ whether the server understands TLS closure alerts... partially
+ whether the server supports session resumption... yes
+ for anonymous authentication support... no
+ for ephemeral Diffie-Hellman support... no
+ for ephemeral EC Diffie-Hellman support... yes
+ ephemeral EC Diffie-Hellman group info... SECP256R1
+ for AES-128-GCM cipher (RFC5288) support... yes
+ for AES-128-CCM cipher (RFC6655) support... no
+ for AES-128-CCM-8 cipher (RFC6655) support... no
+ for AES-128-CBC cipher (RFC3268) support... yes
+ for CAMELLIA-128-GCM cipher (RFC6367) support... no
+ for CAMELLIA-128-CBC cipher (RFC5932) support... no
+ for 3DES-CBC cipher (RFC2246) support... yes
+ for ARCFOUR 128 cipher (RFC2246) support... yes
+ for MD5 MAC support... yes
+ for SHA1 MAC support... yes
+ for SHA256 MAC support... yes
+ for ZLIB compression support... no
+ for max record size (RFC6066) support... no
+ for OCSP status response (RFC6066) support... no
+ for OpenPGP authentication (RFC6091) support... no
+@end example
+
+You could also use the client to debug services with starttls capability.
+@example
+$ gnutls-cli-debug --starttls-proto smtp --port 25 localhost
+@end example
+