| version 1.110, 2019/07/11 10:31:48 |
version 1.111, 2019/07/12 10:21:08 |
|
|
| .nr nS 1 |
.nr nS 1 |
| .Nm "openssl s_server" |
.Nm "openssl s_server" |
| .Op Fl accept Ar port |
.Op Fl accept Ar port |
| |
.Op Fl alpn Ar protocols |
| .Op Fl bugs |
.Op Fl bugs |
| .Op Fl CAfile Ar file |
.Op Fl CAfile Ar file |
| .Op Fl CApath Ar directory |
.Op Fl CApath Ar directory |
| .Op Fl cert Ar file |
.Op Fl cert Ar file |
| |
.Op Fl cert2 Ar file |
| |
.Op Fl certform Cm der | pem |
| .Op Fl cipher Ar cipherlist |
.Op Fl cipher Ar cipherlist |
| .Op Fl context Ar id |
.Op Fl context Ar id |
| .Op Fl crl_check |
.Op Fl crl_check |
| .Op Fl crl_check_all |
.Op Fl crl_check_all |
| .Op Fl crlf |
.Op Fl crlf |
| .Op Fl dcert Ar file |
.Op Fl dcert Ar file |
| |
.Op Fl dcertform Cm der | pem |
| .Op Fl debug |
.Op Fl debug |
| .Op Fl dhparam Ar file |
.Op Fl dhparam Ar file |
| .Op Fl dkey Ar file |
.Op Fl dkey Ar file |
| .Op Fl hack |
.Op Fl dkeyform Cm der | pem |
| |
.Op Fl dpass Ar arg |
| |
.Op Fl dtls1 |
| .Op Fl HTTP |
.Op Fl HTTP |
| .Op Fl id_prefix Ar arg |
.Op Fl id_prefix Ar arg |
| .Op Fl key Ar keyfile |
.Op Fl key Ar keyfile |
| |
.Op Fl key2 Ar keyfile |
| |
.Op Fl keyform Cm der | pem |
| |
.Op Fl keymatexport Ar label |
| |
.Op Fl keymatexportlen Ar len |
| .Op Fl msg |
.Op Fl msg |
| |
.Op Fl mtu Ar mtu |
| |
.Op Fl named_curve Ar arg |
| .Op Fl nbio |
.Op Fl nbio |
| .Op Fl nbio_test |
.Op Fl nbio_test |
| |
.Op Fl no_cache |
| .Op Fl no_dhe |
.Op Fl no_dhe |
| |
.Op Fl no_ecdhe |
| |
.Op Fl no_ticket |
| .Op Fl no_tls1 |
.Op Fl no_tls1 |
| .Op Fl no_tls1_1 |
.Op Fl no_tls1_1 |
| .Op Fl no_tls1_2 |
.Op Fl no_tls1_2 |
| .Op Fl no_tmp_rsa |
.Op Fl no_tmp_rsa |
| .Op Fl nocert |
.Op Fl nocert |
| .Op Fl psk Ar key |
.Op Fl pass Ar arg |
| .Op Fl psk_hint Ar hint |
.Op Fl port Ar port |
| .Op Fl quiet |
.Op Fl quiet |
| |
.Op Fl servername Ar name |
| |
.Op Fl servername_fatal |
| .Op Fl serverpref |
.Op Fl serverpref |
| .Op Fl state |
.Op Fl state |
| |
.Op Fl status |
| |
.Op Fl status_timeout Ar nsec |
| |
.Op Fl status_url Ar url |
| |
.Op Fl status_verbose |
| |
.Op Fl timeout |
| .Op Fl tls1 |
.Op Fl tls1 |
| .Op Fl tls1_1 |
.Op Fl tls1_1 |
| .Op Fl tls1_2 |
.Op Fl tls1_2 |
| |
.Op Fl tlsextdebug |
| |
.Op Fl use_srtp Ar profiles |
| .Op Fl Verify Ar depth |
.Op Fl Verify Ar depth |
| .Op Fl verify Ar depth |
.Op Fl verify Ar depth |
| |
.Op Fl verify_return_error |
| .Op Fl WWW |
.Op Fl WWW |
| .Op Fl www |
.Op Fl www |
| .nr nS 0 |
.nr nS 0 |
|
|
| .Pp |
.Pp |
| The options are as follows: |
The options are as follows: |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| .It Fl accept Ar port |
.It Fl accept Ar port , Fl port Ar port |
| Listen on TCP |
Listen on TCP |
| .Ar port |
.Ar port |
| for connections. |
for connections. |
| The default is port 4433. |
The default is port 4433. |
| |
.It Fl alpn Ar protocols |
| |
Enable the Application-Layer Protocol Negotiation. |
| |
.Ar protocols |
| |
is a comma-separated list of supported protocol names. |
| .It Fl bugs |
.It Fl bugs |
| Enable various workarounds for buggy implementations. |
Enable various workarounds for buggy implementations. |
| .It Fl CAfile Ar file |
.It Fl CAfile Ar file |
|
|
| If not specified, the file |
If not specified, the file |
| .Pa server.pem |
.Pa server.pem |
| will be used. |
will be used. |
| |
.It Fl cert2 Ar file |
| |
The certificate to use for servername. |
| |
.It Fl certform Cm der | pem |
| |
The certificate format. |
| |
The default is |
| |
.Cm pem . |
| .It Fl cipher Ar cipherlist |
.It Fl cipher Ar cipherlist |
| Modify the cipher list used by the server. |
Modify the cipher list used by the server. |
| This allows the cipher list used by the server to be modified. |
This allows the cipher list used by the server to be modified. |
|
|
| By using RSA and DSS certificates and keys, |
By using RSA and DSS certificates and keys, |
| a server can support clients which only support RSA or DSS cipher suites |
a server can support clients which only support RSA or DSS cipher suites |
| by using an appropriate certificate. |
by using an appropriate certificate. |
| |
.It Fl dcertform Cm der | pem , Fl dkeyform Cm der | pem , Fl dpass Ar arg |
| |
Additional certificate and private key format, and private key password source, |
| |
respectively. |
| .It Fl debug |
.It Fl debug |
| Print extensive debugging information, including a hex dump of all traffic. |
Print extensive debugging information, including a hex dump of all traffic. |
| .It Fl dhparam Ar file |
.It Fl dhparam Ar file |
|
|
| If this fails, a static set of parameters hard coded into the |
If this fails, a static set of parameters hard coded into the |
| .Nm s_server |
.Nm s_server |
| program will be used. |
program will be used. |
| .It Fl hack |
.It Fl dtls1 |
| Enables a further workaround for some early Netscape SSL code. |
Permit only DTLS1.0. |
| .It Fl HTTP |
.It Fl HTTP |
| Emulate a simple web server. |
Emulate a simple web server. |
| Pages are resolved relative to the current directory. |
Pages are resolved relative to the current directory. |
|
|
| .It Fl key Ar keyfile |
.It Fl key Ar keyfile |
| The private key to use. |
The private key to use. |
| If not specified, the certificate file will be used. |
If not specified, the certificate file will be used. |
| |
.It Fl key2 Ar keyfile |
| |
The private key to use for servername. |
| |
.It Fl keyform Cm der | pem |
| |
The private key format. |
| |
The default is |
| |
.Cm pem . |
| |
.It Fl keymatexport Ar label |
| |
Export keying material using label. |
| |
.It Fl keymatexportlen Ar len |
| |
Export len bytes of keying material (default 20). |
| .It Fl msg |
.It Fl msg |
| Show all protocol messages with hex dump. |
Show all protocol messages with hex dump. |
| |
.It Fl mtu Ar mtu |
| |
Set the link layer MTU. |
| |
.It Fl named_curve Ar arg |
| |
Specify the elliptic curve name to use for ephemeral ECDH keys. |
| .It Fl nbio |
.It Fl nbio |
| Turn on non-blocking I/O. |
Turn on non-blocking I/O. |
| .It Fl nbio_test |
.It Fl nbio_test |
| Test non-blocking I/O. |
Test non-blocking I/O. |
| |
.It Fl no_cache |
| |
Disable session caching. |
| .It Fl no_dhe |
.It Fl no_dhe |
| Disable ephemeral DH cipher suites. |
Disable ephemeral DH cipher suites. |
| |
.It Fl no_ecdhe |
| |
Disable ephemeral ECDH cipher suites. |
| |
.It Fl no_ticket |
| |
Disable RFC 4507 session ticket support. |
| .It Fl no_tls1 | no_tls1_1 | no_tls1_2 |
.It Fl no_tls1 | no_tls1_1 | no_tls1_2 |
| Disable the use of TLS1.0, 1.1, and 1.2, respectively. |
Disable the use of TLS1.0, 1.1, and 1.2, respectively. |
| .It Fl no_tmp_rsa |
.It Fl no_tmp_rsa |
|
|
| Do not use a certificate. |
Do not use a certificate. |
| This restricts the cipher suites available to the anonymous ones |
This restricts the cipher suites available to the anonymous ones |
| (currently just anonymous DH). |
(currently just anonymous DH). |
| .It Fl psk Ar key |
.It Fl pass Ar arg |
| Use the PSK key |
The private key password source. |
| .Ar key |
|
| when using a PSK cipher suite. |
|
| The key is given as a hexadecimal number without the leading 0x, |
|
| for example -psk 1a2b3c4d. |
|
| .It Fl psk_hint Ar hint |
|
| Use the PSK identity hint |
|
| .Ar hint |
|
| when using a PSK cipher suite. |
|
| .It Fl quiet |
.It Fl quiet |
| Inhibit printing of session and certificate information. |
Inhibit printing of session and certificate information. |
| |
.It Fl servername Ar name |
| |
Set the TLS Server Name Indication (SNI) extension with |
| |
.Ar name . |
| |
.It Fl servername_fatal |
| |
Send fatal alert if servername does not match. |
| |
The default is warning alert. |
| .It Fl serverpref |
.It Fl serverpref |
| Use server's cipher preferences. |
Use server's cipher preferences. |
| .It Fl state |
.It Fl state |
| Print the SSL session states. |
Print the SSL session states. |
| |
.It Fl status |
| |
Enables certificate status request support (OCSP stapling). |
| |
.It Fl status_timeout Ar nsec |
| |
Sets the timeout for OCSP response in seconds. |
| |
.It Fl status_url Ar url |
| |
Sets a fallback responder URL to use if no responder URL is present in the |
| |
server certificate. |
| |
Without this option, an error is returned if the server certificate does not |
| |
contain a responder address. |
| |
.It Fl status_verbose |
| |
Enables certificate status request support (OCSP stapling) and gives a verbose |
| |
printout of the OCSP response. |
| |
.It Fl timeout |
| |
Enable send/receive timeout on DTLS connections. |
| .It Fl tls1 | tls1_1 | tls1_2 |
.It Fl tls1 | tls1_1 | tls1_2 |
| Permit only TLS1.0, 1.1, or 1.2, respectively. |
Permit only TLS1.0, 1.1, or 1.2, respectively. |
| |
.It Fl tlsextdebug |
| |
Print a hex dump of any TLS extensions received from the server. |
| |
.It Fl use_srtp Ar profiles |
| |
Offer SRTP key management with a colon-separated profile list. |
| |
.It Fl verify_return_error |
| |
Return verification error. |
| .It Fl WWW |
.It Fl WWW |
| Emulate a simple web server. |
Emulate a simple web server. |
| Pages are resolved relative to the current directory. |
Pages are resolved relative to the current directory. |
![[BACK]](/icons/back.gif){kind=icon}
Return to openssl.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / openssl