[B<-CAfile filename>]
[B<-nocert>]
[B<-cipher cipherlist>]
+[B<-serverpref>]
[B<-quiet>]
[B<-no_tmp_rsa>]
[B<-ssl2>]
[B<-no_ssl3>]
[B<-no_tls1>]
[B<-no_dhe>]
+[B<-no_ecdhe>]
[B<-bugs>]
[B<-hack>]
[B<-www>]
[B<-no_ticket>]
[B<-id_prefix arg>]
[B<-rand file(s)>]
+[B<-status>]
+[B<-status_verbose>]
+[B<-status_timeout nsec>]
+[B<-status_url url>]
=head1 DESCRIPTION
=item B<-dcertform format>, B<-dkeyform format>, B<-dpass arg>
-addtional certificate and private key format and passphrase respectively.
+additional certificate and private key format and passphrase respectively.
=item B<-nocert>
if this option is set then no DH parameters will be loaded effectively
disabling the ephemeral DH cipher suites.
+=item B<-no_ecdhe>
+
+if this option is set then no ECDH parameters will be loaded effectively
+disabling the ephemeral ECDH cipher suites.
+
=item B<-no_tmp_rsa>
certain export cipher suites sometimes use a temporary RSA key, this option
client does not have to send one, with the B<-Verify> option the client
must supply a certificate or an error occurs.
+If the ciphersuite cannot request a client certificate (for example an
+anonymous ciphersuite or PSK) this option has no effect.
+
=item B<-crl_check>, B<-crl_check_all>
Check the peer certificate has not been revoked by its CA.
the preference order, the order of the server cipherlist irrelevant. See
the B<ciphers> command for more information.
+=item B<-serverpref>
+
+use the server's cipher preferences, rather than the client's preferences.
+
=item B<-tlsextdebug>
print out a hex dump of any TLS extensions received from the server.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
+=item B<-status>
+
+enables certificate status request support (aka OCSP stapling).
+
+=item B<-status_verbose>
+
+enables certificate status request support (aka OCSP stapling) and gives
+a verbose printout of the OCSP response.
+
+=item B<-status_timeout nsec>
+
+sets the timeout for OCSP response to B<nsec> seconds.
+
+=item B<-status_url url>
+
+sets a fallback responder URL to use if no responder URL is present in the
+server certificate. Without this option an error is returned if the server
+certificate does not contain a responder address.
+
=back
=head1 CONNECTED COMMANDS