version 1.30, 2015/12/24 16:54:37 |
version 1.31, 2016/02/08 19:29:57 |
|
|
.Op Ar arbitrary options |
.Op Ar arbitrary options |
.Sh DESCRIPTION |
.Sh DESCRIPTION |
.Nm OpenSSL |
.Nm OpenSSL |
is a cryptography toolkit implementing the Secure Sockets Layer |
is a cryptography toolkit implementing the |
.Pq SSL v3 |
Transport Layer Security |
and Transport Layer Security |
|
.Pq TLS v1 |
.Pq TLS v1 |
network protocols and related cryptography standards required by them. |
network protocol, |
|
as well as related cryptography standards. |
.Pp |
.Pp |
The |
The |
.Nm |
.Nm |
|
|
.Op Fl starttls Ar protocol |
.Op Fl starttls Ar protocol |
.Op Fl state |
.Op Fl state |
.Op Fl tls1 |
.Op Fl tls1 |
|
.Op Fl tls1_1 |
|
.Op Fl tls1_2 |
.Op Fl tlsextdebug |
.Op Fl tlsextdebug |
.Op Fl verify Ar depth |
.Op Fl verify Ar depth |
.Op Fl x509_strict |
.Op Fl x509_strict |
|
|
Turns on non-blocking I/O. |
Turns on non-blocking I/O. |
.It Fl nbio_test |
.It Fl nbio_test |
Tests non-blocking I/O. |
Tests non-blocking I/O. |
.It Fl no_tls1 | no_tls1_1 | no_tls1_2 | tls1 |
.It Fl no_tls1 | no_tls1_1 | no_tls1_2 |
These options disable the use of certain SSL or TLS protocols. |
|
By default, the initial handshake uses a method which should be compatible |
By default, the initial handshake uses a method which should be compatible |
with all servers and permit them to use SSL v3 or TLS as appropriate. |
with servers supporting any version of TLS. |
|
These options disable the use of TLS1.0, 1.1, and 1.2, respectively. |
.Pp |
.Pp |
Unfortunately there are a lot of ancient and broken servers in use which |
Unfortunately there are a lot of ancient and broken servers in use which |
cannot handle this technique and will fail to connect. |
cannot handle this technique and will fail to connect. |
Some servers only work if TLS is turned off with the |
|
.Fl no_tls |
|
option. |
|
.It Fl no_ticket |
.It Fl no_ticket |
Disable RFC 4507 session ticket support. |
Disable RFC 4507 session ticket support. |
.It Fl pause |
.It Fl pause |
|
|
.Qq xmpp . |
.Qq xmpp . |
.It Fl state |
.It Fl state |
Prints out the SSL session states. |
Prints out the SSL session states. |
|
.It Fl tls1 | tls1_1 | tls1_2 |
|
Permit only TLS1.0, 1.1, or 1.2, respectively. |
.It Fl tlsextdebug |
.It Fl tlsextdebug |
Print out a hex dump of any TLS extensions received from the server. |
Print out a hex dump of any TLS extensions received from the server. |
.It Fl verify Ar depth |
.It Fl verify Ar depth |
|
|
.Pp |
.Pp |
If the handshake fails, there are several possible causes; if it is |
If the handshake fails, there are several possible causes; if it is |
nothing obvious like no client certificate, then the |
nothing obvious like no client certificate, then the |
.Fl bugs , tls1 , no_tls1 , no_tls1_1 , |
.Fl bugs , tls1 , tls1_1, tls1_2 , no_tls1 , no_tls1_1 , |
and |
and |
.Fl no_tls1_2 |
.Fl no_tls1_2 |
options can be tried in case it is a buggy server. |
options can be tried in case it is a buggy server. |
|
|
.Op Fl serverpref |
.Op Fl serverpref |
.Op Fl state |
.Op Fl state |
.Op Fl tls1 |
.Op Fl tls1 |
|
.Op Fl tls1_1 |
|
.Op Fl tls1_2 |
.Op Fl Verify Ar depth |
.Op Fl Verify Ar depth |
.Op Fl verify Ar depth |
.Op Fl verify Ar depth |
.Op Fl WWW |
.Op Fl WWW |
|
|
.It Fl no_dhe |
.It Fl no_dhe |
If this option is set, no DH parameters will be loaded, effectively |
If this option is set, no DH parameters will be loaded, effectively |
disabling the ephemeral DH cipher suites. |
disabling the ephemeral DH cipher suites. |
.It Fl no_tls1 | no_tls1_1 | no_tls1_2 | tls1 |
.It Fl no_tls1 | no_tls1_1 | no_tls1_2 |
These options disable the use of certain SSL or TLS protocols. |
|
By default, the initial handshake uses a method which should be compatible |
By default, the initial handshake uses a method which should be compatible |
with all servers and permit them to use SSL v3 or TLS as appropriate. |
with servers supporting any version of TLS. |
|
These options disable the use of TLS1.0, 1.1, and 1.2, respectively. |
.It Fl no_tmp_rsa |
.It Fl no_tmp_rsa |
Certain export cipher suites sometimes use a temporary RSA key; this option |
Certain export cipher suites sometimes use a temporary RSA key; this option |
disables temporary RSA key generation. |
disables temporary RSA key generation. |
|
|
Use server's cipher preferences. |
Use server's cipher preferences. |
.It Fl state |
.It Fl state |
Prints out the SSL session states. |
Prints out the SSL session states. |
|
.It Fl tls1 | tls1_1 | tls1_2 |
|
Permit only TLS1.0, 1.1, or 1.2, respectively. |
.It Fl WWW |
.It Fl WWW |
Emulates a simple web server. |
Emulates a simple web server. |
Pages will be resolved relative to the current directory; |
Pages will be resolved relative to the current directory; |