src/cli-debug-args.def

   1 AutoGen Definitions options;
   2 prog-name     = gnutls-cli-debug;
   3 prog-title    = "GnuTLS debug client";
   4 prog-desc     = "Simple client program to check TLS server capabilities.";
   5 short-usage   = "Usage: gnutls-cli-debug [options] hostname\n"
   6                 "gnutls-cli --help for usage instructions.\n";
   7 explain       = "";
   8 detail        = "TLS debug client. It sets up multiple TLS connections to
   9 a server and queries its capabilities. It was created to assist in debugging
  10 GnuTLS, but it might be useful to extract a TLS server's capabilities.
  11 It connects to a TLS server, performs tests and print the server's
  12 capabilities. If called with the `-v' parameter more checks will be performed.
  13 Can be used to check for servers with special needs or bugs.";
  14 reorder-args;
  15 argument;
  16
  17 #define  VERBOSE_OPT 1
  18 #include args-std.def
  19
  20 flag = {
  21     name      = port;
  22     value     = p;
  23     arg-type  = number;
  24     arg-range = "0 -> 65536";
  25     descrip   = "The port to connect to";
  26     doc      = "";
  27 };
  28
  29 doc-section = {
  30   ds-type   = 'SEE ALSO'; // or anything else
  31   ds-format = 'texi';      // or texi or mdoc format
  32   ds-text   = <<-_EOText_
  33 gnutls-cli(1), gnutls-serv(1)
  34 _EOText_;
  35 };
  36
  37 doc-section = {
  38   ds-type = 'EXAMPLES';
  39   ds-format = 'texi';
  40   ds-text   = <<-_EOF_
  41 @example
  42 $ ../src/gnutls-cli-debug localhost
  43 Resolving 'localhost'...
  44 Connecting to '127.0.0.1:443'...
  45 Checking for SSL 3.0 support... yes
  46 Checking whether %COMPAT is required... no
  47 Checking for TLS 1.0 support... yes
  48 Checking for TLS 1.1 support... no
  49 Checking fallback from TLS 1.1 to... TLS 1.0
  50 Checking for TLS 1.2 support... no
  51 Checking whether we need to disable TLS 1.0... N/A
  52 Checking for Safe renegotiation support... yes
  53 Checking for Safe renegotiation support (SCSV)... yes
  54 Checking for HTTPS server name... not checked
  55 Checking for version rollback bug in RSA PMS... no
  56 Checking for version rollback bug in Client Hello... no
  57 Checking whether the server ignores the RSA PMS version... no
  58 Checking whether the server can accept Hello Extensions... yes
  59 Checking whether the server can accept small records (512 bytes)... yes
  60 Checking whether the server can accept cipher suites not in SSL 3.0 spec... yes
  61 Checking whether the server can accept a bogus TLS record version in the client hello... yes
  62 Checking for certificate information... N/A
  63 Checking for trusted CAs... N/A
  64 Checking whether the server understands TLS closure alerts... partially
  65 Checking whether the server supports session resumption... yes
  66 Checking for export-grade ciphersuite support... no
  67 Checking RSA-export ciphersuite info... N/A
  68 Checking for anonymous authentication support... no
  69 Checking anonymous Diffie-Hellman group info... N/A
  70 Checking for ephemeral Diffie-Hellman support... no
  71 Checking ephemeral Diffie-Hellman group info... N/A
  72 Checking for ephemeral EC Diffie-Hellman support... yes
  73 Checking ephemeral EC Diffie-Hellman group info...
  74  Curve SECP256R1
  75 Checking for AES-GCM cipher support... no
  76 Checking for AES-CBC cipher support... yes
  77 Checking for CAMELLIA cipher support... no
  78 Checking for 3DES-CBC cipher support... yes
  79 Checking for ARCFOUR 128 cipher support... yes
  80 Checking for ARCFOUR 40 cipher support... no
  81 Checking for MD5 MAC support... yes
  82 Checking for SHA1 MAC support... yes
  83 Checking for SHA256 MAC support... no
  84 Checking for ZLIB compression support... no
  85 Checking for max record size... no
  86 Checking for OpenPGP authentication support... no
  87 @end example
  88 _EOF_;
  89 };
  90