gnutls-cli-debug - Linux

Overview

gnutls-cli-debug is a command-line utility for testing connections to remote servers using the GNU Transport Layer Security (GnuTLS) library. It provides detailed information about the connection establishment process, including protocol negotiation, certificate validation, and more.

Syntax

gnutls-cli-debug [options] [server] [port]

Options/Flags

• -d or --debuglevel: Set debug level (0-9)
• -n or --name: Set common name for server verification
• -v or --verbose: Print additional information
• -h or --help: Print usage information
• -x or --hexdump: Hexdump input and output
• -c or --conn: Connect and fail immediately
• -f or --force: Ignore hostname mismatches
• -t or --timeout: Set timeout in seconds
• -k or --keyfile: Set file containing PEM private key
• -C or --certfile: Set file containing PEM certificate
• -S or --sessionfile: Set file containing GnuTLS session cache
• -N or --nocache: Disable session caching

Examples

To connect to a remote server and display detailed information:

gnutls-cli-debug -v example.com 443

To ignore hostname mismatches:

gnutls-cli-debug -f example.com 443

To use a specific private key and certificate files:

gnutls-cli-debug -k mykey.pem -C mycert.pem example.com 443

Common Issues

• Ensure that the server supports the TLS protocol and the certificate is valid.
• Check if the private key and certificate files are in the correct format and have the correct permissions.
• Verify that the hostname matches the certificate’s Common Name (CN) unless the --force flag is used.

Integration

gnutls-cli-debug can be used to test TLS connections with scripts or chained with other commands, such as:

openssl s_client -connect example.com:443 | gnutls-cli-debug -x

This command connects to the server using OpenSSL and then dumps the traffic to gnutls-cli-debug for detailed analysis.

Related Commands

• openssl
• gnutls-serv-debug
• tcpdump

For more information, refer to the official GnuTLS documentation: https://gnutls.org/