=pod =head1 NAME s_client - SSL/TLS client program =head1 SYNOPSIS B B [B<-help>] [B<-connect host:port>] [B<-proxy host:port>] [B<-unix path>] [B<-4>] [B<-6>] [B<-servername name>] [B<-verify depth>] [B<-verify_return_error>] [B<-cert filename>] [B<-certform DER|PEM>] [B<-key filename>] [B<-keyform DER|PEM>] [B<-pass arg>] [B<-CApath directory>] [B<-CAfile filename>] [B<-no-CAfile>] [B<-no-CApath>] [B<-requestCAfile filename>] [B<-dane_tlsa_domain domain>] [B<-dane_tlsa_rrdata rrdata>] [B<-dane_ee_no_namechecks>] [B<-attime timestamp>] [B<-check_ss_sig>] [B<-crl_check>] [B<-crl_check_all>] [B<-explicit_policy>] [B<-extended_crl>] [B<-ignore_critical>] [B<-inhibit_any>] [B<-inhibit_map>] [B<-no_check_time>] [B<-partial_chain>] [B<-policy arg>] [B<-policy_check>] [B<-policy_print>] [B<-purpose purpose>] [B<-suiteB_128>] [B<-suiteB_128_only>] [B<-suiteB_192>] [B<-trusted_first>] [B<-no_alt_chains>] [B<-use_deltas>] [B<-auth_level num>] [B<-nameopt option>] [B<-verify_depth num>] [B<-verify_email email>] [B<-verify_hostname hostname>] [B<-verify_ip ip>] [B<-verify_name name>] [B<-x509_strict>] [B<-reconnect>] [B<-showcerts>] [B<-debug>] [B<-msg>] [B<-nbio_test>] [B<-state>] [B<-nbio>] [B<-crlf>] [B<-ign_eof>] [B<-no_ign_eof>] [B<-quiet>] [B<-ssl3>] [B<-tls1>] [B<-tls1_1>] [B<-tls1_2>] [B<-tls1_3>] [B<-no_ssl3>] [B<-no_tls1>] [B<-no_tls1_1>] [B<-no_tls1_2>] [B<-no_tls1_3>] [B<-dtls>] [B<-dtls1>] [B<-dtls1_2>] [B<-sctp>] [B<-fallback_scsv>] [B<-async>] [B<-split_send_frag>] [B<-max_pipelines>] [B<-read_buf>] [B<-bugs>] [B<-comp>] [B<-no_comp>] [B<-sigalgs sigalglist>] [B<-curves curvelist>] [B<-cipher cipherlist>] [B<-serverpref>] [B<-starttls protocol>] [B<-xmpphost hostname>] [B<-engine id>] [B<-tlsextdebug>] [B<-no_ticket>] [B<-sess_out filename>] [B<-sess_in filename>] [B<-rand file(s)>] [B<-serverinfo types>] [B<-status>] [B<-alpn protocols>] [B<-nextprotoneg protocols>] [B<-ct|noct>] [B<-ctlogfile>] [B<-keylogfile file>] [B<-early_data file>] =head1 DESCRIPTION The B command implements a generic SSL/TLS client which connects to a remote host using SSL/TLS. It is a I useful diagnostic tool for SSL servers. =head1 OPTIONS In addition to the options below the B utility also supports the common and client only options documented in the in the "Supported Command Line Commands" section of the L manual page. =over 4 =item B<-help> Print out a usage message. =item B<-connect host:port> This specifies the host and optional port to connect to. If not specified then an attempt is made to connect to the local host on port 4433. =item B<-proxy host:port> When used with the B<-connect> flag, the program uses the host and port specified with this flag and issues an HTTP CONNECT command to connect to the desired server. =item B<-unix path> Connect over the specified Unix-domain socket. =item B<-4> Use IPv4 only. =item B<-6> Use IPv6 only. =item B<-servername name> Set the TLS SNI (Server Name Indication) extension in the ClientHello message. =item B<-cert certname> The certificate to use, if one is requested by the server. The default is not to use a certificate. =item B<-certform format> The certificate format to use: DER or PEM. PEM is the default. =item B<-key keyfile> The private key to use. If not specified then the certificate file will be used. =item B<-keyform format> The private format to use: DER or PEM. PEM is the default. =item B<-pass arg> the private key password source. For more information about the format of B see the B section in L. =item B<-verify depth> The verify depth to use. This specifies the maximum length of the server certificate chain and turns on server certificate verification. Currently the verify operation continues after errors so all the problems with a certificate chain can be seen. As a side effect the connection will never fail due to a server certificate verify failure. =item B<-verify_return_error> Return verification errors instead of continuing. This will typically abort the handshake with a fatal error. =item B<-nameopt option> Option which determines how the subject or issuer names are displayed. The B