File: //usr/local/rvm/rubies/default/share/man/cat1/sslclient.0
sslclient(1) General Commands Manual sslclient(1)
�[1mNAME�[0m
sslclient - setup a TLS client connection
�[1mSYNOPSIS�[0m
�[1msslclient �[22m[ �[4mopts�[24m ] �[4mhost�[24m �[4mport�[24m �[4mprog�[0m
�[1mDESCRIPTION�[0m
�[4mopts�[24m is a series of getopt-style options, �[4mhost�[24m is a host name for the
client to connect to, and �[4mprog�[24m is one or more arguments specifying a
program to run for each successful connection.
�[1msslclient �[22mattempts to connect to a TCP server at �[4mhost�[24m �[4mport�[24m. The
server's address is given by �[4mhost�[24m and �[4mport�[24m. �[4mhost�[24m may be �[4m0�[24m, which is
identical to �[4m127.0.0.1�[24m, or �[4m::1�[24m referring to the IPv6 loopback address,
a compactified IPv6 address, a dotted-decimal IPv4 address, or a host
name. If a host name is given, �[1msslclient �[22mfacilitates a DNS lookup and
tries each address in turn.
If the connection succeeds, �[1msslclient �[22mruns �[4mprog�[24m, with file descriptors
6 and 7 reading from and writing to a child process ssl. The ssl
process attempts an SSL connect via the network. If it succeeds, it
translates data between �[4mprog�[24m and the network, performing any necessary
SSL encoding and decoding.
Before running �[4mprog,�[24m �[1msslclient �[22msets certain environment variables.
�[1mOPTIONS�[0m
�[1mGeneral Options:�[0m
�[1m-q �[22mQuiet. Do not print error messages.
�[1m-Q �[22m(Default.) Print error messages.
�[1m-v �[22mVerbose. Print error messages and status messages.
�[1mConnection options:�[0m
�[1m-4 �[22mUse IPv4 sockets for connections and DNS queries.
�[1m-6 �[22mForce IPv6 mode for connections and set up in UCSPI environment
variables.
�[1m-T �[4m�[22mx+y�[24m Give up on the connection attempt or SSL connection attempt
after �[4mx+y�[24m seconds. The default value is: 2+58. When a �[4mhost�[24m has
several IP addresses, �[1msslclient �[22mtries to connect to the first IP
address, waits �[4mx�[24m seconds, tries to connect to the second IP
address, waits - Ix seconds, etc.; then it retries each address
that timed out, waiting �[4my�[24m seconds per address. You may omit �[4m+y�[0m
to skip the second try.
�[1m-i �[4m�[22mlocalip�[0m
Use �[4mlocalip�[24m as the IP address for the local side of the connec‐
tion; quit if �[4mlocalip�[24m is not available. Normally �[1msslclient �[22mlets
the operating system choose an address.
�[1m-p �[4m�[22mlocalport�[0m
Use �[4mlocalport�[24m as the TCP port for the local side of the connec‐
tion; quit if �[4mlocalport�[24m is not available. Normally �[1msslclient�[0m
lets the operating system choose a port.
�[1m-d �[22mDelay sending data for a fraction of a second whenever the
remote host is responding slowly. This is currently the
default, but it may not be in the future; if you want it, set it
explicitly.
�[1m-D �[22mNever delay sending data; enable TCP_NODELAY.
�[1m-I �[4m�[22mifname�[0m
Use �[4mifname�[24m as the local network interface. This is only defined
for IPv6 sockets and needed if you use link-local IPv6
addresses.
�[1m-M �[22m(Default.) No Server Name Indications are present.
�[1m-m �[22mEmploy Server Name Indication (SNI) for the given �[4mhostname�[24m in
the Client Helo.
�[4mNote�[24m: You can use �[4mDNSCACHEIP�[24m to set the DNS resolver IP dynami‐
cally.
�[1mX509 certificate handling:�[0m
�[1m-3 �[22mRead a null-terminated �[4mkey�[24m �[4mpassword�[24m from file descriptor 3.
�[1m-a �[4m�[22mcafile�[0m
Override the compiled-in CA file name. The CA file contains the
list of CAs used to verify the server certificate.
�[1m-A �[4m�[22mcadir�[0m
Override the compiled-in CA directory name. The CA directory
contains certificates files used to verify the client certifi‐
cate. This list augments the list from �[4m-a�[24m �[4mcafile.�[0m
�[1m-c �[4m�[22mcertfile�[0m
Use the client certificate in �[4mcertfile�[24m.
�[1m-k �[4m�[22mkeyfile�[0m
Use the client certificate key in �[4mkeyfile�[24m.
�[1m-V �[4m�[22mverifydepth�[0m
Verify the server certificate chain to depth �[4mverifydepth�[24m. The
default value is 1.
�[1m-z �[4m�[22mciphers�[0m
Use the cipher list specified in �[4mciphers�[24m.
�[1m-x �[22m(Default.) Verify the server certificate.
�[1m-X �[22mDo not verify the server certificate.
�[1m-n �[22m(Default.) Verify that the server host name matches the FQDN
provided in the certificate.
�[1m-N �[22mDo not verify that the server host name matches the FQDN pro‐
vided in the certificate.
�[1mData-gathering options:�[0m
�[1m-h �[22m(Default.) Look up the remote host name in DNS to set the envi‐
ronment variable $SSLREMOTEHOST.
�[1m-H �[22mDo not look up the remote host name in DNS; remove the environ‐
ment variable $SSLREMOTEHOST.
�[1m-l �[4m�[22mlocalname�[0m
Do not look up the local host name in DNS; use �[4mlocalname�[24m for the
environment variable $SSLLOCALHOST. A common choice for �[4mlocal‐�[0m
�[4mname�[24m is �[4m0�[24m or �[4m::�[24m.
�[1m-r �[22mAttempt to obtain $SSLREMOTEINFO from the remote host.
�[1m-R �[22m(Default.) Do not attempt to obtain $SSLREMOTEINFO from the
remote host.
�[1m-t �[4m�[22mn�[24m Give up on the $SSLREMOTEINFO connection attempt after �[4mn�[24m sec‐
onds. The default value is: 26.
�[1m-w �[4m�[22mn�[24m Give up on a connection or program after waiting �[4mn�[24m seconds for
read or write. The default value is: 3600.
�[1m-s �[22mStore client and server certificate information in the environ‐
ment, a la mod_ssl.
�[1m-S �[22m(Default.) Do not store client and server certificate informa‐
tion in the environment.
�[1m-e �[22mSet protocol environment a la �[1mtcpserver�[22m. Set $PROTO, $TCPLO‐
CALIP, $TCPLOCALPORT, $TCPLOCALHOST, $TCPREMOTEIP, $TCPRE‐
MOTEPORT, $TCPREMOTEHOST, and $TCPREMOTEINFO from the corre‐
sponding $SSL variables.
�[1m-E �[22m(Default.) Do not set any �[1mtcpserver �[22menvironment variables.
�[1mSEE ALSO�[0m
sslserver(1), sslhandle(1), sslconnect(1), sslcat(1), https@(1), ucspi-
tls(2), tcpclient(1), tcpserver(1), tcp-environ(5).
�[1mREFERENCE�[0m
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html
sslclient(1)