B<openssl> B<s_client>
[B<-connect host:port>]
+[B<-servername name>]
[B<-verify depth>]
[B<-verify_return_error>]
[B<-cert filename>]
[B<-nbio>]
[B<-crlf>]
[B<-ign_eof>]
+[B<-no_ign_eof>]
[B<-quiet>]
[B<-ssl2>]
[B<-ssl3>]
[B<-no_tls1>]
[B<-bugs>]
[B<-cipher cipherlist>]
+[B<-serverpref>]
[B<-starttls protocol>]
[B<-engine id>]
[B<-tlsextdebug>]
[B<-sess_in filename>]
[B<-rand file(s)>]
[B<-serverinfo types>]
-[B<-auth>]
-[B<-auth_require_reneg>]
=head1 DESCRIPTION
This specifies the host and optional port to connect to. If not specified
then an attempt is made to connect to the local host on port 4433.
+=item B<-servername name>
+
+Set the TLS SNI (Server Name Indication) extension in the ClientHello message.
+
=item B<-cert certname>
The certificate to use, if one is requested by the server. The default is
inhibit printing of session and certificate information. This implicitly
turns on B<-ign_eof> as well.
+=item B<-no_ign_eof>
+
+shut down the connection when end of file is reached in the input.
+Can be used to override the implicit B<-ign_eof> after B<-quiet>.
+
=item B<-psk_identity identity>
Use the PSK identity B<identity> when using a PSK cipher suite.
supported cipher in the list sent by the client. See the B<ciphers>
command for more information.
+=item B<-serverpref>
+
+use the server's cipher preferences; only used for SSLV2.
+
=item B<-starttls protocol>
send the protocol-specific message(s) to switch to TLS for communication.
The server's response (if any) will be encoded and displayed as a PEM
file.
-=item B<-auth>
-
-send RFC 5878 client and server authorization extensions in the Client Hello as well as
-supplemental data if the server also sent the authorization extensions in the Server Hello.
-
-=item B<-auth_require_reneg>
-
-only send RFC 5878 client and server authorization extensions during renegotiation.
-
=back
=head1 CONNECTED COMMANDS