1 =pod 2 {- OpenSSL::safe::output_do_not_edit_headers(); -} 3 4 =head1 NAME 5 6 openssl-s_client - SSL/TLS client program 7 8 =head1 SYNOPSIS 9 10 B<openssl> B<s_client> 11 [B<-help>] 12 [B<-ssl_config> I<section>] 13 [B<-connect> I<host>:I<port>] 14 [B<-host> I<hostname>] 15 [B<-port> I<port>] 16 [B<-bind> I<host>:I<port>] 17 [B<-proxy> I<host>:I<port>] 18 [B<-proxy_user> I<userid>] 19 [B<-proxy_pass> I<arg>] 20 [B<-unix> I<path>] 21 [B<-4>] 22 [B<-6>] 23 [B<-quic>] 24 [B<-servername> I<name>] 25 [B<-noservername>] 26 [B<-verify> I<depth>] 27 [B<-verify_return_error>] 28 [B<-verify_quiet>] 29 [B<-verifyCAfile> I<filename>] 30 [B<-verifyCApath> I<dir>] 31 [B<-verifyCAstore> I<uri>] 32 [B<-cert> I<filename>] 33 [B<-certform> B<DER>|B<PEM>|B<P12>] 34 [B<-cert_chain> I<filename>] 35 [B<-build_chain>] 36 [B<-CRL> I<filename>] 37 [B<-CRLform> B<DER>|B<PEM>] 38 [B<-crl_download>] 39 [B<-key> I<filename>|I<uri>] 40 [B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>] 41 [B<-pass> I<arg>] 42 [B<-chainCAfile> I<filename>] 43 [B<-chainCApath> I<directory>] 44 [B<-chainCAstore> I<uri>] 45 [B<-requestCAfile> I<filename>] 46 [B<-dane_tlsa_domain> I<domain>] 47 [B<-dane_tlsa_rrdata> I<rrdata>] 48 [B<-dane_ee_no_namechecks>] 49 [B<-reconnect>] 50 [B<-showcerts>] 51 [B<-prexit>] 52 [B<-no-interactive>] 53 [B<-debug>] 54 [B<-trace>] 55 [B<-nocommands>] 56 [B<-adv>] 57 [B<-security_debug>] 58 [B<-security_debug_verbose>] 59 [B<-msg>] 60 [B<-timeout>] 61 [B<-mtu> I<size>] 62 [B<-no_ems>] 63 [B<-keymatexport> I<label>] 64 [B<-keymatexportlen> I<len>] 65 [B<-msgfile> I<filename>] 66 [B<-nbio_test>] 67 [B<-state>] 68 [B<-nbio>] 69 [B<-crlf>] 70 [B<-ign_eof>] 71 [B<-no_ign_eof>] 72 [B<-psk_identity> I<identity>] 73 [B<-psk> I<key>] 74 [B<-psk_session> I<file>] 75 [B<-quiet>] 76 [B<-sctp>] 77 [B<-sctp_label_bug>] 78 [B<-fallback_scsv>] 79 [B<-async>] 80 [B<-maxfraglen> I<len>] 81 [B<-max_send_frag>] 82 [B<-split_send_frag>] 83 [B<-max_pipelines>] 84 [B<-read_buf>] 85 [B<-ignore_unexpected_eof>] 86 [B<-no_tx_cert_comp>] 87 [B<-no_rx_cert_comp>] 88 [B<-brief>] 89 [B<-starttls> I<protocol>] 90 [B<-xmpphost> I<hostname>] 91 [B<-name> I<hostname>] 92 [B<-tlsextdebug>] 93 [B<-sess_out> I<filename>] 94 [B<-sess_in> I<filename>] 95 [B<-serverinfo> I<types>] 96 [B<-status>] 97 [B<-alpn> I<protocols>] 98 [B<-nextprotoneg> I<protocols>] 99 [B<-ct>] 100 [B<-noct>] 101 [B<-ctlogfile>] 102 [B<-keylogfile> I<file>] 103 [B<-early_data> I<file>] 104 [B<-enable_pha>] 105 [B<-use_srtp> I<value>] 106 [B<-srpuser> I<value>] 107 [B<-srppass> I<value>] 108 [B<-srp_lateuser>] 109 [B<-srp_moregroups>] 110 [B<-srp_strength> I<number>] 111 [B<-ktls>] 112 [B<-tfo>] 113 {- $OpenSSL::safe::opt_name_synopsis -} 114 {- $OpenSSL::safe::opt_version_synopsis -} 115 {- $OpenSSL::safe::opt_x_synopsis -} 116 {- $OpenSSL::safe::opt_trust_synopsis -} 117 {- $OpenSSL::safe::opt_s_synopsis -} 118 {- $OpenSSL::safe::opt_r_synopsis -} 119 {- $OpenSSL::safe::opt_provider_synopsis -} 120 {- $OpenSSL::safe::opt_engine_synopsis -}[B<-ssl_client_engine> I<id>] 121 {- $OpenSSL::safe::opt_v_synopsis -} 122 [B<-enable_server_rpk>] 123 [B<-enable_client_rpk>] 124 [I<host>:I<port>] 125 126 =head1 DESCRIPTION 127 128 This command implements a generic SSL/TLS client which 129 connects to a remote host using SSL/TLS. It is a I<very> useful diagnostic 130 tool for SSL servers. 131 132 =head1 OPTIONS 133 134 In addition to the options below, this command also supports the 135 common and client only options documented 136 in the "Supported Command Line Commands" section of the L<SSL_CONF_cmd(3)> 137 manual page. 138 139 =over 4 140 141 =item B<-help> 142 143 Print out a usage message. 144 145 =item B<-ssl_config> I<section> 146 147 Use the specified section of the configuration file to configure the B<SSL_CTX> object. 148 149 =item B<-connect> I<host>:I<port> 150 151 This specifies the host and optional port to connect to. It is possible to 152 select the host and port using the optional target positional argument instead. 153 If neither this nor the target positional argument are specified then an attempt 154 is made to connect to the local host on port 4433. 155 If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>. 156 157 =item B<-host> I<hostname> 158 159 Host to connect to; use B<-connect> instead. 160 161 =item B<-port> I<port> 162 163 Connect to the specified port; use B<-connect> instead. 164 165 =item B<-bind> I<host>:I<port> 166 167 This specifies the host address and or port to bind as the source for the 168 connection. For Unix-domain sockets the port is ignored and the host is 169 used as the source socket address. 170 If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>. 171 172 =item B<-proxy> I<host>:I<port> 173 174 When used with the B<-connect> flag, the program uses the host and port 175 specified with this flag and issues an HTTP CONNECT command to connect 176 to the desired server. 177 If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>. 178 179 =item B<-proxy_user> I<userid> 180 181 When used with the B<-proxy> flag, the program will attempt to authenticate 182 with the specified proxy using basic (base64) authentication. 183 NB: Basic authentication is insecure; the credentials are sent to the proxy 184 in easily reversible base64 encoding before any TLS/SSL session is established. 185 Therefore, these credentials are easily recovered by anyone able to sniff/trace 186 the network. Use with caution. 187 188 =item B<-proxy_pass> I<arg> 189 190 The proxy password source, used with the B<-proxy_user> flag. 191 For more information about the format of B<arg> 192 see L<openssl-passphrase-options(1)>. 193 194 =item B<-unix> I<path> 195 196 Connect over the specified Unix-domain socket. 197 198 =item B<-4> 199 200 Use IPv4 only. 201 202 =item B<-6> 203 204 Use IPv6 only. 205 206 =item B<-quic> 207 208 Connect using the QUIC protocol. If specified then the B<-alpn> option must also 209 be provided. 210 211 =item B<-servername> I<name> 212 213 Set the TLS SNI (Server Name Indication) extension in the ClientHello message to 214 the given value. 215 If B<-servername> is not provided, the TLS SNI extension will be populated with 216 the name given to B<-connect> if it follows a DNS name format. If B<-connect> is 217 not provided either, the SNI is set to "localhost". 218 This is the default since OpenSSL 1.1.1. 219 220 Even though SNI should normally be a DNS name and not an IP address, if 221 B<-servername> is provided then that name will be sent, regardless of whether 222 it is a DNS name or not. 223 224 This option cannot be used in conjunction with B<-noservername>. 225 226 =item B<-noservername> 227 228 Suppresses sending of the SNI (Server Name Indication) extension in the 229 ClientHello message. Cannot be used in conjunction with the B<-servername> or 230 B<-dane_tlsa_domain> options. 231 232 =item B<-cert> I<filename> 233 234 The client certificate to use, if one is requested by the server. 235 The default is not to use a certificate. 236 237 The chain for the client certificate may be specified using B<-cert_chain>. 238 239 =item B<-certform> B<DER>|B<PEM>|B<P12> 240 241 The client certificate file format to use; unspecified by default. 242 See L<openssl-format-options(1)> for details. 243 244 =item B<-cert_chain> 245 246 A file or URI of untrusted certificates to use when attempting to build the 247 certificate chain related to the certificate specified via the B<-cert> option. 248 The input can be in PEM, DER, or PKCS#12 format. 249 250 =item B<-build_chain> 251 252 Specify whether the application should build the client certificate chain to be 253 provided to the server. 254 255 =item B<-CRL> I<filename> 256 257 CRL file to use to check the server's certificate. 258 259 =item B<-CRLform> B<DER>|B<PEM> 260 261 The CRL file format; unspecified by default. 262 See L<openssl-format-options(1)> for details. 263 264 =item B<-crl_download> 265 266 Download CRL from distribution points in the certificate. Note that this option 267 is ignored if B<-crl_check> option is not provided. Note that the maximum size 268 of CRL is limited by L<X509_CRL_load_http(3)> function. 269 270 =item B<-key> I<filename>|I<uri> 271 272 The client private key to use. 273 If not specified then the certificate file will be used to read also the key. 274 275 =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> 276 277 The key format; unspecified by default. 278 See L<openssl-format-options(1)> for details. 279 280 =item B<-pass> I<arg> 281 282 the private key and certificate file password source. 283 For more information about the format of I<arg> 284 see L<openssl-passphrase-options(1)>. 285 286 =item B<-verify> I<depth> 287 288 The verify depth to use. This specifies the maximum length of the 289 server certificate chain and turns on server certificate verification. 290 Unless the B<-verify_return_error> option is given, 291 the verify operation continues after errors so all the problems 292 with a certificate chain can be seen. As a side effect the connection 293 will never fail due to a server certificate verify failure. 294 295 By default, validation of server certificates and their chain 296 is done w.r.t. the (D)TLS Server (C<sslserver>) purpose. 297 For details see L<openssl-verification-options(1)/Certificate Extensions>. 298 299 =item B<-verify_return_error> 300 301 Turns on server certificate verification, like with B<-verify>, 302 but returns verification errors instead of continuing. 303 This will typically abort the handshake with a fatal error. 304 305 =item B<-verify_quiet> 306 307 Limit verify output to only errors. 308 309 =item B<-verifyCAfile> I<filename> 310 311 A file in PEM format containing trusted certificates to use 312 for verifying the server's certificate. 313 314 =item B<-verifyCApath> I<dir> 315 316 A directory containing trusted certificates to use 317 for verifying the server's certificate. 318 This directory must be in "hash format", 319 see L<openssl-verify(1)> for more information. 320 321 =item B<-verifyCAstore> I<uri> 322 323 The URI of a store containing trusted certificates to use 324 for verifying the server's certificate. 325 326 =item B<-chainCAfile> I<file> 327 328 A file in PEM format containing trusted certificates to use 329 when attempting to build the client certificate chain. 330 331 =item B<-chainCApath> I<directory> 332 333 A directory containing trusted certificates to use 334 for building the client certificate chain provided to the server. 335 This directory must be in "hash format", 336 see L<openssl-verify(1)> for more information. 337 338 =item B<-chainCAstore> I<uri> 339 340 The URI of a store containing trusted certificates to use 341 when attempting to build the client certificate chain. 342 The URI may indicate a single certificate, as well as a collection of them. 343 With URIs in the C<file:> scheme, this acts as B<-chainCAfile> or 344 B<-chainCApath>, depending on if the URI indicates a directory or a 345 single file. 346 See L<ossl_store-file(7)> for more information on the C<file:> scheme. 347 348 =item B<-requestCAfile> I<file> 349 350 A file containing a list of certificates whose subject names will be sent 351 to the server in the B<certificate_authorities> extension. Only supported 352 for TLS 1.3 353 354 =item B<-dane_tlsa_domain> I<domain> 355 356 Enable RFC6698/RFC7671 DANE TLSA authentication and specify the 357 TLSA base domain which becomes the default SNI hint and the primary 358 reference identifier for hostname checks. This must be used in 359 combination with at least one instance of the B<-dane_tlsa_rrdata> 360 option below. 361 362 When DANE authentication succeeds, the diagnostic output will include 363 the lowest (closest to 0) depth at which a TLSA record authenticated 364 a chain certificate. When that TLSA record is a "2 1 0" trust 365 anchor public key that signed (rather than matched) the top-most 366 certificate of the chain, the result is reported as "TA public key 367 verified". Otherwise, either the TLSA record "matched TA certificate" 368 at a positive depth or else "matched EE certificate" at depth 0. 369 370 =item B<-dane_tlsa_rrdata> I<rrdata> 371 372 Use one or more times to specify the RRDATA fields of the DANE TLSA 373 RRset associated with the target service. The I<rrdata> value is 374 specified in "presentation form", that is four whitespace separated 375 fields that specify the usage, selector, matching type and associated 376 data, with the last of these encoded in hexadecimal. Optional 377 whitespace is ignored in the associated data field. For example: 378 379 $ openssl s_client -brief -starttls smtp \ 380 -connect smtp.example.com:25 \ 381 -dane_tlsa_domain smtp.example.com \ 382 -dane_tlsa_rrdata "2 1 1 383 B111DD8A1C2091A89BD4FD60C57F0716CCE50FEEFF8137CDBEE0326E 02CF362B" \ 384 -dane_tlsa_rrdata "2 1 1 385 60B87575447DCBA2A36B7D11AC09FB24A9DB406FEE12D2CC90180517 616E8A18" 386 ... 387 Verification: OK 388 Verified peername: smtp.example.com 389 DANE TLSA 2 1 1 ...ee12d2cc90180517616e8a18 matched TA certificate at depth 1 390 ... 391 392 =item B<-dane_ee_no_namechecks> 393 394 This disables server name checks when authenticating via DANE-EE(3) TLSA 395 records. 396 For some applications, primarily web browsers, it is not safe to disable name 397 checks due to "unknown key share" attacks, in which a malicious server can 398 convince a client that a connection to a victim server is instead a secure 399 connection to the malicious server. 400 The malicious server may then be able to violate cross-origin scripting 401 restrictions. 402 Thus, despite the text of RFC7671, name checks are by default enabled for 403 DANE-EE(3) TLSA records, and can be disabled in applications where it is safe 404 to do so. 405 In particular, SMTP and XMPP clients should set this option as SRV and MX 406 records already make it possible for a remote domain to redirect client 407 connections to any server of its choice, and in any case SMTP and XMPP clients 408 do not execute scripts downloaded from remote servers. 409 410 =item B<-reconnect> 411 412 Reconnects to the same server 5 times using the same session ID, this can 413 be used as a test that session caching is working. 414 415 =item B<-showcerts> 416 417 Displays the server certificate list as sent by the server: it only consists of 418 certificates the server has sent (in the order the server has sent them). It is 419 B<not> a verified chain. 420 421 =item B<-prexit> 422 423 Print session information when the program exits. This will always attempt 424 to print out information even if the connection fails. Normally information 425 will only be printed out once if the connection succeeds. This option is useful 426 because the cipher in use may be renegotiated or the connection may fail 427 because a client certificate is required or is requested only after an 428 attempt is made to access a certain URL. Note: the output produced by this 429 option is not always accurate because a connection might never have been 430 established. 431 432 =item B<-no-interactive> 433 434 This flag can be used to run the client in a non-interactive mode. 435 436 =item B<-state> 437 438 Prints out the SSL session states. 439 440 =item B<-debug> 441 442 Print extensive debugging information including a hex dump of all traffic. 443 444 =item B<-nocommands> 445 446 Do not use interactive command letters. 447 448 =item B<-adv> 449 450 Use advanced command mode. 451 452 =item B<-security_debug> 453 454 Enable security debug messages. 455 456 =item B<-security_debug_verbose> 457 458 Output more security debug output. 459 460 =item B<-msg> 461 462 Show protocol messages. 463 464 =item B<-timeout> 465 466 Enable send/receive timeout on DTLS connections. 467 468 =item B<-mtu> I<size> 469 470 Set MTU of the link layer to the specified size. 471 472 =item B<-no_ems> 473 474 Disable Extended master secret negotiation. 475 476 =item B<-keymatexport> I<label> 477 478 Export keying material using the specified label. 479 480 =item B<-keymatexportlen> I<len> 481 482 Export the specified number of bytes of keying material; default is 20. 483 484 Show all protocol messages with hex dump. 485 486 =item B<-trace> 487 488 Show verbose trace output of protocol messages. 489 490 =item B<-msgfile> I<filename> 491 492 File to send output of B<-msg> or B<-trace> to, default standard output. 493 494 =item B<-nbio_test> 495 496 Tests nonblocking I/O 497 498 =item B<-nbio> 499 500 Turns on nonblocking I/O 501 502 =item B<-crlf> 503 504 This option translated a line feed from the terminal into CR+LF as required 505 by some servers. 506 507 =item B<-ign_eof> 508 509 Inhibit shutting down the connection when end of file is reached in the 510 input. This implicitly turns on B<-nocommands> as well. 511 512 =item B<-quiet> 513 514 Inhibit printing of session and certificate information. This implicitly 515 turns on B<-ign_eof> and B<-nocommands> as well. 516 517 =item B<-no_ign_eof> 518 519 Shut down the connection when end of file is reached in the input. 520 Can be used to override the implicit B<-ign_eof> after B<-quiet>. 521 522 =item B<-psk_identity> I<identity> 523 524 Use the PSK identity I<identity> when using a PSK cipher suite. 525 The default value is "Client_identity" (without the quotes). 526 527 =item B<-psk> I<key> 528 529 Use the PSK key I<key> when using a PSK cipher suite. The key is 530 given as a hexadecimal number without leading 0x, for example -psk 531 1a2b3c4d. 532 This option must be provided in order to use a PSK cipher. 533 534 =item B<-psk_session> I<file> 535 536 Use the pem encoded SSL_SESSION data stored in I<file> as the basis of a PSK. 537 Note that this will only work if TLSv1.3 is negotiated. 538 539 =item B<-sctp> 540 541 Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in 542 conjunction with B<-dtls>, B<-dtls1> or B<-dtls1_2>. This option is only 543 available where OpenSSL has support for SCTP enabled. 544 545 =item B<-sctp_label_bug> 546 547 Use the incorrect behaviour of older OpenSSL implementations when computing 548 endpoint-pair shared secrets for DTLS/SCTP. This allows communication with 549 older broken implementations but breaks interoperability with correct 550 implementations. Must be used in conjunction with B<-sctp>. This option is only 551 available where OpenSSL has support for SCTP enabled. 552 553 =item B<-fallback_scsv> 554 555 Send TLS_FALLBACK_SCSV in the ClientHello. 556 557 =item B<-async> 558 559 Switch on asynchronous mode. Cryptographic operations will be performed 560 asynchronously. This will only have an effect if an asynchronous capable engine 561 is also used via the B<-engine> option. For test purposes the dummy async engine 562 (dasync) can be used (if available). 563 564 =item B<-maxfraglen> I<len> 565 566 Enable Maximum Fragment Length Negotiation; allowed values are 567 C<512>, C<1024>, C<2048>, and C<4096>. 568 569 =item B<-max_send_frag> I<int> 570 571 The maximum size of data fragment to send. 572 See L<SSL_CTX_set_max_send_fragment(3)> for further information. 573 574 =item B<-split_send_frag> I<int> 575 576 The size used to split data for encrypt pipelines. If more data is written in 577 one go than this value then it will be split into multiple pipelines, up to the 578 maximum number of pipelines defined by max_pipelines. This only has an effect if 579 a suitable cipher suite has been negotiated, an engine that supports pipelining 580 has been loaded, and max_pipelines is greater than 1. See 581 L<SSL_CTX_set_split_send_fragment(3)> for further information. 582 583 =item B<-max_pipelines> I<int> 584 585 The maximum number of encrypt/decrypt pipelines to be used. This will only have 586 an effect if an engine has been loaded that supports pipelining (e.g. the dasync 587 engine) and a suitable cipher suite has been negotiated. The default value is 1. 588 See L<SSL_CTX_set_max_pipelines(3)> for further information. 589 590 =item B<-read_buf> I<int> 591 592 The default read buffer size to be used for connections. This will only have an 593 effect if the buffer size is larger than the size that would otherwise be used 594 and pipelining is in use (see L<SSL_CTX_set_default_read_buffer_len(3)> for 595 further information). 596 597 =item B<-ignore_unexpected_eof> 598 599 Some TLS implementations do not send the mandatory close_notify alert on 600 shutdown. If the application tries to wait for the close_notify alert but the 601 peer closes the connection without sending it, an error is generated. When this 602 option is enabled the peer does not need to send the close_notify alert and a 603 closed connection will be treated as if the close_notify alert was received. 604 For more information on shutting down a connection, see L<SSL_shutdown(3)>. 605 606 =item B<-no_tx_cert_comp> 607 608 Disables support for sending TLSv1.3 compressed certificates. 609 610 =item B<-no_rx_cert_comp> 611 612 Disables support for receiving TLSv1.3 compressed certificate. 613 614 =item B<-brief> 615 616 Only provide a brief summary of connection parameters instead of the 617 normal verbose output. 618 619 =item B<-starttls> I<protocol> 620 621 Send the protocol-specific message(s) to switch to TLS for communication. 622 I<protocol> is a keyword for the intended protocol. Currently, the only 623 supported keywords are "smtp", "pop3", "imap", "ftp", "xmpp", "xmpp-server", 624 "irc", "postgres", "mysql", "lmtp", "nntp", "sieve" and "ldap". 625 626 =item B<-xmpphost> I<hostname> 627 628 This option, when used with "-starttls xmpp" or "-starttls xmpp-server", 629 specifies the host for the "to" attribute of the stream element. 630 If this option is not specified, then the host specified with "-connect" 631 will be used. 632 633 This option is an alias of the B<-name> option for "xmpp" and "xmpp-server". 634 635 =item B<-name> I<hostname> 636 637 This option is used to specify hostname information for various protocols 638 used with B<-starttls> option. Currently only "xmpp", "xmpp-server", 639 "smtp" and "lmtp" can utilize this B<-name> option. 640 641 If this option is used with "-starttls xmpp" or "-starttls xmpp-server", 642 if specifies the host for the "to" attribute of the stream element. If this 643 option is not specified, then the host specified with "-connect" will be used. 644 645 If this option is used with "-starttls lmtp" or "-starttls smtp", it specifies 646 the name to use in the "LMTP LHLO" or "SMTP EHLO" message, respectively. If 647 this option is not specified, then "mail.example.com" will be used. 648 649 =item B<-tlsextdebug> 650 651 Print out a hex dump of any TLS extensions received from the server. 652 653 =item B<-sess_out> I<filename> 654 655 Output SSL session to I<filename>. 656 657 =item B<-sess_in> I<filename> 658 659 Load SSL session from I<filename>. The client will attempt to resume a 660 connection from this session. 661 662 =item B<-serverinfo> I<types> 663 664 A list of comma-separated TLS Extension Types (numbers between 0 and 665 65535). Each type will be sent as an empty ClientHello TLS Extension. 666 The server's response (if any) will be encoded and displayed as a PEM 667 file. 668 669 =item B<-status> 670 671 Sends a certificate status request to the server (OCSP stapling). The server 672 response (if any) is printed out. 673 674 =item B<-alpn> I<protocols>, B<-nextprotoneg> I<protocols> 675 676 These flags enable the Enable the Application-Layer Protocol Negotiation 677 or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the 678 IETF standard and replaces NPN. 679 The I<protocols> list is a comma-separated list of protocol names that 680 the client should advertise support for. The list should contain the most 681 desirable protocols first. Protocol names are printable ASCII strings, 682 for example "http/1.1" or "spdy/3". 683 An empty list of protocols is treated specially and will cause the 684 client to advertise support for the TLS extension but disconnect just 685 after receiving ServerHello with a list of server supported protocols. 686 The flag B<-nextprotoneg> cannot be specified if B<-tls1_3> is used. 687 688 =item B<-ct>, B<-noct> 689 690 Use one of these two options to control whether Certificate Transparency (CT) 691 is enabled (B<-ct>) or disabled (B<-noct>). 692 If CT is enabled, signed certificate timestamps (SCTs) will be requested from 693 the server and reported at handshake completion. 694 695 Enabling CT also enables OCSP stapling, as this is one possible delivery method 696 for SCTs. 697 698 =item B<-ctlogfile> 699 700 A file containing a list of known Certificate Transparency logs. See 701 L<SSL_CTX_set_ctlog_list_file(3)> for the expected file format. 702 703 =item B<-keylogfile> I<file> 704 705 Appends TLS secrets to the specified keylog file such that external programs 706 (like Wireshark) can decrypt TLS connections. 707 708 =item B<-early_data> I<file> 709 710 Reads the contents of the specified file and attempts to send it as early data 711 to the server. This will only work with resumed sessions that support early 712 data and when the server accepts the early data. 713 714 =item B<-enable_pha> 715 716 For TLSv1.3 only, send the Post-Handshake Authentication extension. This will 717 happen whether or not a certificate has been provided via B<-cert>. 718 719 =item B<-use_srtp> I<value> 720 721 Offer SRTP key management, where B<value> is a colon-separated profile list. 722 723 =item B<-srpuser> I<value> 724 725 Set the SRP username to the specified value. This option is deprecated. 726 727 =item B<-srppass> I<value> 728 729 Set the SRP password to the specified value. This option is deprecated. 730 731 =item B<-srp_lateuser> 732 733 SRP username for the second ClientHello message. This option is deprecated. 734 735 =item B<-srp_moregroups> This option is deprecated. 736 737 Tolerate other than the known B<g> and B<N> values. 738 739 =item B<-srp_strength> I<number> 740 741 Set the minimal acceptable length, in bits, for B<N>. This option is 742 deprecated. 743 744 =item B<-ktls> 745 746 Enable Kernel TLS for sending and receiving. 747 This option was introduced in OpenSSL 3.2.0. 748 Kernel TLS is off by default as of OpenSSL 3.2.0. 749 750 =item B<-tfo> 751 752 Enable creation of connections via TCP fast open (RFC7413). 753 754 {- $OpenSSL::safe::opt_version_item -} 755 756 {- $OpenSSL::safe::opt_name_item -} 757 758 {- $OpenSSL::safe::opt_x_item -} 759 760 {- $OpenSSL::safe::opt_trust_item -} 761 762 {- $OpenSSL::safe::opt_s_item -} 763 764 {- $OpenSSL::safe::opt_r_item -} 765 766 {- $OpenSSL::safe::opt_provider_item -} 767 768 {- $OpenSSL::safe::opt_engine_item -} 769 770 {- output_off() if $disabled{"deprecated-3.0"}; "" -} 771 =item B<-ssl_client_engine> I<id> 772 773 Specify engine to be used for client certificate operations. 774 {- output_on() if $disabled{"deprecated-3.0"}; "" -} 775 776 {- $OpenSSL::safe::opt_v_item -} 777 778 Verification errors are displayed, for debugging, but the command will 779 proceed unless the B<-verify_return_error> option is used. 780 781 =item B<-enable_server_rpk> 782 783 Enable support for receiving raw public keys (RFC7250) from the server. 784 Use of X.509 certificates by the server becomes optional, and servers that 785 support raw public keys may elect to use them. 786 Servers that don't support raw public keys or prefer to use X.509 787 certificates can still elect to send X.509 certificates as usual. 788 789 =item B<-enable_client_rpk> 790 791 Enable support for sending raw public keys (RFC7250) to the server. 792 A raw public key will be sent by the client, if solicited by the server, 793 provided a suitable key and public certificate pair is configured. 794 Some servers may nevertheless not request any client credentials, 795 or may request a certificate. 796 797 =item I<host>:I<port> 798 799 Rather than providing B<-connect>, the target host and optional port may 800 be provided as a single positional argument after all options. If neither this 801 nor B<-connect> are provided, falls back to attempting to connect to 802 I<localhost> on port I<4433>. 803 If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>. 804 805 =back 806 807 =head1 CONNECTED COMMANDS (BASIC) 808 809 If a connection is established with an SSL/TLS server then any data received 810 from the server is displayed and any key presses will be sent to the 811 server. If end of file is reached then the connection will be closed down. 812 813 When used interactively (which means neither B<-quiet> nor B<-ign_eof> have been 814 given), and neither of B<-adv> or B<-nocommands> are given then "Basic" command 815 mode is entered. In this mode certain commands are recognized which perform 816 special operations. These commands are a letter which must appear at the start 817 of a line. All further data after the initial letter on the line is ignored. 818 The commands are listed below. 819 820 =over 4 821 822 =item B<Q> 823 824 End the current SSL connection and exit. 825 826 =item B<R> 827 828 Renegotiate the SSL session (TLSv1.2 and below only). 829 830 =item B<C> 831 832 Attempt to reconnect to the server using a resumption handshake. 833 834 =item B<k> 835 836 Send a key update message to the server (TLSv1.3 only) 837 838 =item B<K> 839 840 Send a key update message to the server and request one back (TLSv1.3 only) 841 842 =back 843 844 =head1 CONNECTED COMMANDS (ADVANCED) 845 846 If B<-adv> has been given then "advanced" command mode is entered. As with basic 847 mode, if a connection is established with an SSL/TLS server then any data 848 received from the server is displayed and any key presses will be sent to the 849 server. If end of file is reached then the connection will be closed down. 850 851 Special commands can be supplied by enclosing them in braces, e.g. "{help}" or 852 "{quit}". These commands can appear anywhere in the text entered into s_client, 853 but they are not sent to the server. Some commands can take an argument by 854 ending the command name with ":" and then providing the argument, e.g. 855 "{keyup:req}". Some commands are only available when certain protocol versions 856 have been negotiated. 857 858 If a newline appears at the end of a line entered into s_client then this is 859 also sent to the server. If a command appears on a line on its own with no other 860 text on the same line, then the newline is suppressed and not sent to the 861 server. 862 863 The following commands are recognised. 864 865 =over 4 866 867 =item B<help> 868 869 Prints out summary help text about the available commands. 870 871 =item B<quit> 872 873 Close the connection to the peer 874 875 =item B<reconnect> 876 877 Reconnect to the peer and attempt a resumption handshake 878 879 =item B<keyup> 880 881 Send a Key Update message. TLSv1.3 only. This command takes an optional 882 argument. If the argument "req" is supplied then the peer is also requested to 883 update its keys. Otherwise if "noreq" is supplied the peer is not requested 884 to update its keys. The default is "req". 885 886 =item B<reneg> 887 888 Initiate a renegotiation with the server. (D)TLSv1.2 or below only. 889 890 =item B<fin> 891 892 Indicate FIN on the current stream. QUIC only. Once FIN has been sent any 893 further text entered for this stream is ignored. 894 895 =back 896 897 =head1 NOTES 898 899 This command can be used to debug SSL servers. To connect to an SSL HTTP 900 server the command: 901 902 openssl s_client -connect servername:443 903 904 would typically be used (https uses port 443). If the connection succeeds 905 then an HTTP command can be given such as "GET /" to retrieve a web page. 906 907 If the handshake fails then there are several possible causes, if it is 908 nothing obvious like no client certificate then the B<-bugs>, 909 B<-ssl3>, B<-tls1>, B<-no_ssl3>, B<-no_tls1> options can be tried 910 in case it is a buggy server. In particular you should play with these 911 options B<before> submitting a bug report to an OpenSSL mailing list. 912 913 A frequent problem when attempting to get client certificates working 914 is that a web client complains it has no certificates or gives an empty 915 list to choose from. This is normally because the server is not sending 916 the clients certificate authority in its "acceptable CA list" when it 917 requests a certificate. By using this command, the CA list can be viewed 918 and checked. However, some servers only request client authentication 919 after a specific URL is requested. To obtain the list in this case it 920 is necessary to use the B<-prexit> option and send an HTTP request 921 for an appropriate page. 922 923 If a certificate is specified on the command line using the B<-cert> 924 option it will not be used unless the server specifically requests 925 a client certificate. Therefore, merely including a client certificate 926 on the command line is no guarantee that the certificate works. 927 928 If there are problems verifying a server certificate then the 929 B<-showcerts> option can be used to show all the certificates sent by the 930 server. 931 932 This command is a test tool and is designed to continue the 933 handshake after any certificate verification errors. As a result it will 934 accept any certificate chain (trusted or not) sent by the peer. Non-test 935 applications should B<not> do this as it makes them vulnerable to a MITM 936 attack. This behaviour can be changed by with the B<-verify_return_error> 937 option: any verify errors are then returned aborting the handshake. 938 939 The B<-bind> option may be useful if the server or a firewall requires 940 connections to come from some particular address and or port. 941 942 =head2 Note on Non-Interactive Use 943 944 When B<s_client> is run in a non-interactive environment (e.g., a cron job or 945 a script without a valid I<stdin>), it may close the connection prematurely, 946 especially with TLS 1.3. To prevent this, you can use the B<-ign_eof> flag, 947 which keeps B<s_client> running even after reaching EOF from I<stdin>. 948 949 For example: 950 951 openssl s_client -connect <server address>:443 -tls1_3 952 -sess_out /path/to/tls_session_params_file 953 -ign_eof </dev/null 954 955 However, relying solely on B<-ign_eof> can lead to issues if the server keeps 956 the connection open, expecting the client to close first. In such cases, the 957 client may hang indefinitely. This behavior is not uncommon, particularly with 958 protocols where the server waits for a graceful disconnect from the client. 959 960 For example, when connecting to an SMTP server, the session may pause if the 961 server expects a QUIT command before closing: 962 963 $ openssl s_client -brief -ign_eof -starttls smtp 964 -connect <server address>:25 </dev/null 965 CONNECTION ESTABLISHED 966 Protocol version: TLSv1.3 967 Ciphersuite: TLS_AES_256_GCM_SHA384 968 ... 969 250 CHUNKING 970 [long pause] 971 972 To avoid such hangs, it's better to use an application-level command to 973 initiate a clean disconnect. For SMTP, you can send a QUIT command: 974 975 printf 'QUIT\r\n' | openssl s_client -connect <server address>:25 976 -starttls smtp -brief -ign_eof 977 978 Similarly, for HTTP/1.1 connections, including a `Connection: close` header 979 ensures the server closes the connection after responding: 980 981 printf 'GET / HTTP/1.1\r\nHost: <server address>\r\nConnection: close\r\n\r\n' 982 | openssl s_client -connect <server address>:443 -brief 983 984 These approaches help manage the connection closure gracefully and prevent 985 hangs caused by the server waiting for the client to initiate the disconnect. 986 987 =head1 BUGS 988 989 Because this program has a lot of options and also because some of the 990 techniques used are rather old, the C source for this command is rather 991 hard to read and not a model of how things should be done. 992 A typical SSL client program would be much simpler. 993 994 The B<-prexit> option is a bit of a hack. We should really report 995 information whenever a session is renegotiated. 996 997 =head1 SEE ALSO 998 999 L<openssl(1)>, 1000 L<openssl-sess_id(1)>, 1001 L<openssl-s_server(1)>, 1002 L<openssl-ciphers(1)>, 1003 L<SSL_CONF_cmd(3)>, 1004 L<SSL_CTX_set_max_send_fragment(3)>, 1005 L<SSL_CTX_set_split_send_fragment(3)>, 1006 L<SSL_CTX_set_max_pipelines(3)>, 1007 L<ossl_store-file(7)> 1008 1009 =head1 HISTORY 1010 1011 The B<-no_alt_chains> option was added in OpenSSL 1.1.0. 1012 The B<-name> option was added in OpenSSL 1.1.1. 1013 1014 The B<-certform> option has become obsolete in OpenSSL 3.0.0 and has no effect. 1015 1016 The B<-engine> option was deprecated in OpenSSL 3.0. 1017 1018 The 1019 B<-enable_client_rpk>, 1020 B<-enable_server_rpk>, 1021 B<-no_rx_cert_comp>, 1022 B<-no_tx_cert_comp>, 1023 and B<-tfo> 1024 options were added in OpenSSL 3.2. 1025 1026 =head1 COPYRIGHT 1027 1028 Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. 1029 1030 Licensed under the Apache License 2.0 (the "License"). You may not use 1031 this file except in compliance with the License. You can obtain a copy 1032 in the file LICENSE in the source distribution or at 1033 L<https://www.openssl.org/source/license.html>. 1034 1035 =cut 1036
Indexes created Sun May 03 00:22:47 UTC 2026