[B<-connect host:port>]
[B<-verify depth>]
[B<-cert filename>]
+[B<-certform DER|PEM>]
[B<-key filename>]
+[B<-keyform DER|PEM>]
+[B<-pass arg>]
[B<-CApath directory>]
[B<-CAfile filename>]
[B<-reconnect>]
[B<-cipher cipherlist>]
[B<-starttls protocol>]
[B<-engine id>]
+[B<-tlsextdebug>]
+[B<-no_ticket>]
+[B<-sess_out filename>]
+[B<-sess_in filename>]
[B<-rand file(s)>]
=head1 DESCRIPTION
The certificate to use, if one is requested by the server. The default is
not to use a certificate.
+=item B<-certform format>
+
+The certificate format to use: DER or PEM. PEM is the default.
+
=item B<-key keyfile>
The private key to use. If not specified then the certificate file will
be used.
+=item B<-keyform format>
+
+The private format to use: DER or PEM. PEM is the default.
+
+=item B<-pass arg>
+
+the private key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
=item B<-verify depth>
The verify depth to use. This specifies the maximum length of the
inhibit printing of session and certificate information. This implicitly
turns on B<-ign_eof> as well.
+=item B<-psk_identity identity>
+
+Use the PSK identity B<identity> when using a PSK cipher suite.
+
+=item B<-psk key>
+
+Use the PSK key B<key> when using a PSK cipher suite. The key is
+given as a hexadecimal number without leading 0x, for example -psk
+1a2b3c4d.
+
=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
these options disable the use of certain SSL or TLS protocols. By default
send the protocol-specific message(s) to switch to TLS for communication.
B<protocol> is a keyword for the intended protocol. Currently, the only
-supported keywords are "smtp" and "pop3".
+supported keywords are "smtp", "pop3", "imap", and "ftp".
+
+=item B<-tlsextdebug>
+
+print out a hex dump of any TLS extensions received from the server.
+
+=item B<-no_ticket>
+
+disable RFC4507bis session ticket support.
+
+=item B<-sess_out filename>
+
+output SSL session to B<filename>
+
+=item B<-sess_in sess.pem>
+
+load SSL session from B<filename>. The client will attempt to resume a
+connection from this session.
=item B<-engine id>
If there are problems verifying a server certificate then the
B<-showcerts> option can be used to show the whole chain.
+Since the SSLv23 client hello cannot include compression methods or extensions
+these will only be supported if its use is disabled, for example by using the
+B<-no_sslv2> option.
+
=head1 BUGS
Because this program has a lot of options and also because some of