Путеводитель по Руководству Linux

  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |



   ncat    ( 1 )

объединение и перенаправление сокетов (Concatenate and redirect sockets)

SSL OPTIONS

--ssl (Use SSL)
           In connect mode, this option transparently negotiates an SSL
           session with an SSL server to securely encrypt the
           connection. This is particularly handy for talking to SSL
           enabled HTTP servers, etc.

In server mode, this option listens for incoming SSL connections, rather than plain untunneled traffic.

In UDP connect mode, this option enables Datagram TLS (DTLS). This is not supported in server mode.

--ssl-verify (Verify server certificates) In client mode, --ssl-verify is like --ssl except that it also requires verification of the server certificate. Ncat comes with a default set of trusted certificates in the file ca-bundle.crt. Some operating systems provide a default list of trusted certificates; these will also be used if available. Use --ssl-trustfile to give a custom list. Use -v one or more times to get details about verification failures. Ncat does not check for revoked certificates.

This option has no effect in server mode.

--ssl-cert certfile.pem (Specify SSL certificate) This option gives the location of a PEM-encoded certificate files used to authenticate the server (in listen mode) or the client (in connect mode). Use it in combination with --ssl-key.

--ssl-key keyfile.pem (Specify SSL private key) This option gives the location of the PEM-encoded private key file that goes with the certificate named with --ssl-cert.

--ssl-trustfile cert.pem (List trusted certificates) This option sets a list of certificates that are trusted for purposes of certificate verification. It has no effect unless combined with --ssl-verify. The argument to this option is the name of a PEM file containing trusted certificates. Typically, the file will contain certificates of certification authorities, though it may also contain server certificates directly. When this option is used, Ncat does not use its default certificates.

--ssl-ciphers cipherlist (Specify SSL ciphersuites) This option sets the list of ciphersuites that Ncat will use when connecting to servers or when accepting SSL connections from clients. The syntax is described in the OpenSSL ciphers(1) man page, and defaults to ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!MD5:@STRENGTH

--ssl-servername name (Request distinct server name) In client mode, this option sets the TLS SNI (Server Name Indication) extension, which tells the server the name of the logical server Ncat is contacting. This is important when the target server hosts multiple virtual servers at a single underlying network address. If the option is not provided, the TLS SNI extension will be populated with the target server hostname.

--ssl-alpn ALPN list (Specify ALPN protocol list) This option allows you to specify a comma-separated list of protocols to send via the Application-Layer Protocol Negotiation (ALPN) TLS extension. Not supported by all versions of OpenSSL.