| version 1.30, 2015/12/24 16:54:37 |
version 1.31, 2016/02/08 19:29:57 |
|
|
| .Op Ar arbitrary options |
.Op Ar arbitrary options |
| .Sh DESCRIPTION |
.Sh DESCRIPTION |
| .Nm OpenSSL |
.Nm OpenSSL |
| is a cryptography toolkit implementing the Secure Sockets Layer |
is a cryptography toolkit implementing the |
| .Pq SSL v3 |
Transport Layer Security |
| and Transport Layer Security |
|
| .Pq TLS v1 |
.Pq TLS v1 |
| network protocols and related cryptography standards required by them. |
network protocol, |
| |
as well as related cryptography standards. |
| .Pp |
.Pp |
| The |
The |
| .Nm |
.Nm |
|
|
| .Op Fl starttls Ar protocol |
.Op Fl starttls Ar protocol |
| .Op Fl state |
.Op Fl state |
| .Op Fl tls1 |
.Op Fl tls1 |
| |
.Op Fl tls1_1 |
| |
.Op Fl tls1_2 |
| .Op Fl tlsextdebug |
.Op Fl tlsextdebug |
| .Op Fl verify Ar depth |
.Op Fl verify Ar depth |
| .Op Fl x509_strict |
.Op Fl x509_strict |
|
|
| Turns on non-blocking I/O. |
Turns on non-blocking I/O. |
| .It Fl nbio_test |
.It Fl nbio_test |
| Tests non-blocking I/O. |
Tests non-blocking I/O. |
| .It Fl no_tls1 | no_tls1_1 | no_tls1_2 | tls1 |
.It Fl no_tls1 | no_tls1_1 | no_tls1_2 |
| These options disable the use of certain SSL or TLS protocols. |
|
| By default, the initial handshake uses a method which should be compatible |
By default, the initial handshake uses a method which should be compatible |
| with all servers and permit them to use SSL v3 or TLS as appropriate. |
with servers supporting any version of TLS. |
| |
These options disable the use of TLS1.0, 1.1, and 1.2, respectively. |
| .Pp |
.Pp |
| Unfortunately there are a lot of ancient and broken servers in use which |
Unfortunately there are a lot of ancient and broken servers in use which |
| cannot handle this technique and will fail to connect. |
cannot handle this technique and will fail to connect. |
| Some servers only work if TLS is turned off with the |
|
| .Fl no_tls |
|
| option. |
|
| .It Fl no_ticket |
.It Fl no_ticket |
| Disable RFC 4507 session ticket support. |
Disable RFC 4507 session ticket support. |
| .It Fl pause |
.It Fl pause |
|
|
| .Qq xmpp . |
.Qq xmpp . |
| .It Fl state |
.It Fl state |
| Prints out the SSL session states. |
Prints out the SSL session states. |
| |
.It Fl tls1 | tls1_1 | tls1_2 |
| |
Permit only TLS1.0, 1.1, or 1.2, respectively. |
| .It Fl tlsextdebug |
.It Fl tlsextdebug |
| Print out a hex dump of any TLS extensions received from the server. |
Print out a hex dump of any TLS extensions received from the server. |
| .It Fl verify Ar depth |
.It Fl verify Ar depth |
|
|
| .Pp |
.Pp |
| If the handshake fails, there are several possible causes; if it is |
If the handshake fails, there are several possible causes; if it is |
| nothing obvious like no client certificate, then the |
nothing obvious like no client certificate, then the |
| .Fl bugs , tls1 , no_tls1 , no_tls1_1 , |
.Fl bugs , tls1 , tls1_1, tls1_2 , no_tls1 , no_tls1_1 , |
| and |
and |
| .Fl no_tls1_2 |
.Fl no_tls1_2 |
| options can be tried in case it is a buggy server. |
options can be tried in case it is a buggy server. |
|
|
| .Op Fl serverpref |
.Op Fl serverpref |
| .Op Fl state |
.Op Fl state |
| .Op Fl tls1 |
.Op Fl tls1 |
| |
.Op Fl tls1_1 |
| |
.Op Fl tls1_2 |
| .Op Fl Verify Ar depth |
.Op Fl Verify Ar depth |
| .Op Fl verify Ar depth |
.Op Fl verify Ar depth |
| .Op Fl WWW |
.Op Fl WWW |
|
|
| .It Fl no_dhe |
.It Fl no_dhe |
| If this option is set, no DH parameters will be loaded, effectively |
If this option is set, no DH parameters will be loaded, effectively |
| disabling the ephemeral DH cipher suites. |
disabling the ephemeral DH cipher suites. |
| .It Fl no_tls1 | no_tls1_1 | no_tls1_2 | tls1 |
.It Fl no_tls1 | no_tls1_1 | no_tls1_2 |
| These options disable the use of certain SSL or TLS protocols. |
|
| By default, the initial handshake uses a method which should be compatible |
By default, the initial handshake uses a method which should be compatible |
| with all servers and permit them to use SSL v3 or TLS as appropriate. |
with servers supporting any version of TLS. |
| |
These options disable the use of TLS1.0, 1.1, and 1.2, respectively. |
| .It Fl no_tmp_rsa |
.It Fl no_tmp_rsa |
| Certain export cipher suites sometimes use a temporary RSA key; this option |
Certain export cipher suites sometimes use a temporary RSA key; this option |
| disables temporary RSA key generation. |
disables temporary RSA key generation. |
|
|
| Use server's cipher preferences. |
Use server's cipher preferences. |
| .It Fl state |
.It Fl state |
| Prints out the SSL session states. |
Prints out the SSL session states. |
| |
.It Fl tls1 | tls1_1 | tls1_2 |
| |
Permit only TLS1.0, 1.1, or 1.2, respectively. |
| .It Fl WWW |
.It Fl WWW |
| Emulates a simple web server. |
Emulates a simple web server. |
| Pages will be resolved relative to the current directory; |
Pages will be resolved relative to the current directory; |
![[BACK]](/icons/back.gif){kind=icon}
Return to openssl.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / openssl