--ssl (Use SSL)
In connect mode, this option transparently negotiates an SSL
session with an SSL server to securely encrypt the connection. This is
particularly handy for talking to SSL enabled HTTP servers, etc.
In server mode, this option listens for incoming SSL connections,
rather than plain untunneled traffic.
In UDP connect mode, this option enables Datagram TLS (DTLS).
This is not supported in server mode.
--ssl-verify (Verify server certificates)
In client mode,
--ssl-verify is like
--ssl except that it also requires verification of
the server certificate. Ncat comes with a default set of trusted
certificates in the file
Some operating systems provide a default list of
trusted certificates; these will also be used if available. Use
--ssl-trustfile to give a custom list. Use
-v one or more times to get details about
Ncat does not check for revoked
This option has no effect in server mode.
--ssl-cert (Specify SSL certificate)
This option gives the location of a PEM-encoded
certificate files used to authenticate the server (in listen
mode) or the client (in connect mode). Use it in combination
--ssl-key (Specify SSL private key)
This option gives the location of the PEM-encoded
private key file that goes with the certificate named with
--ssl-trustfile (List trusted certificates)
This option sets a list of certificates that are trusted for
purposes of certificate verification. It has no effect unless combined
--ssl-verify. The argument to this option is the
name of a PEM
file containing trusted certificates. Typically, the file will contain
certificates of certification authorities, though it may also contain
server certificates directly. When this option is used, Ncat does not
use its default certificates.
--ssl-ciphers (Specify SSL ciphersuites)
This option sets the list of ciphersuites that Ncat will use
when connecting to servers or when accepting SSL connections from
clients. The syntax is described in the OpenSSL ciphers(1) man
page, and defaults to
--ssl-alpn (Specify ALPN protocol list)
This option allows you to specify a comma-separated list of
protocols to send via the Application-Layer Protocol Negotiation
(ALPN) TLS extension. Not supported by all versions of OpenSSL.