gnutls-cli-debug - Linux


gnutls-cli-debug is a command-line utility for testing connections to remote servers using the GNU Transport Layer Security (GnuTLS) library. It provides detailed information about the connection establishment process, including protocol negotiation, certificate validation, and more.


gnutls-cli-debug [options] [server] [port]


  • -d or --debuglevel: Set debug level (0-9)
  • -n or --name: Set common name for server verification
  • -v or --verbose: Print additional information
  • -h or --help: Print usage information
  • -x or --hexdump: Hexdump input and output
  • -c or --conn: Connect and fail immediately
  • -f or --force: Ignore hostname mismatches
  • -t or --timeout: Set timeout in seconds
  • -k or --keyfile: Set file containing PEM private key
  • -C or --certfile: Set file containing PEM certificate
  • -S or --sessionfile: Set file containing GnuTLS session cache
  • -N or --nocache: Disable session caching


To connect to a remote server and display detailed information:

gnutls-cli-debug -v 443

To ignore hostname mismatches:

gnutls-cli-debug -f 443

To use a specific private key and certificate files:

gnutls-cli-debug -k mykey.pem -C mycert.pem 443

Common Issues

  • Ensure that the server supports the TLS protocol and the certificate is valid.
  • Check if the private key and certificate files are in the correct format and have the correct permissions.
  • Verify that the hostname matches the certificate’s Common Name (CN) unless the --force flag is used.


gnutls-cli-debug can be used to test TLS connections with scripts or chained with other commands, such as:

openssl s_client -connect | gnutls-cli-debug -x

This command connects to the server using OpenSSL and then dumps the traffic to gnutls-cli-debug for detailed analysis.

Related Commands

  • openssl
  • gnutls-serv-debug
  • tcpdump

For more information, refer to the official GnuTLS documentation: