]>
Commit | Line | Data |
---|---|---|
a2151c5b | 1 | =pod |
625c781d | 2 | {- OpenSSL::safe::output_do_not_edit_headers(); -} |
9fcb9702 | 3 | |
a2151c5b DSH |
4 | =head1 NAME |
5 | ||
b6b66573 | 6 | openssl-s_server - SSL/TLS server program |
a2151c5b DSH |
7 | |
8 | =head1 SYNOPSIS | |
9 | ||
a2bbe594 | 10 | B<openssl> B<s_server> |
169394d4 | 11 | [B<-help>] |
e8769719 RS |
12 | [B<-port> I<+int>] |
13 | [B<-accept> I<val>] | |
14 | [B<-unix> I<val>] | |
a22f9c84 E |
15 | [B<-4>] |
16 | [B<-6>] | |
0bae1960 | 17 | [B<-unlink>] |
e8769719 RS |
18 | [B<-context> I<val>] |
19 | [B<-verify> I<int>] | |
20 | [B<-Verify> I<int>] | |
21 | [B<-cert> I<infile>] | |
2b264aee | 22 | [B<-cert2> I<infile>] |
6d382c74 | 23 | [B<-certform> B<DER>|B<PEM>|B<P12>] |
2b264aee DDO |
24 | [B<-cert_chain> I<infile>] |
25 | [B<-build_chain>] | |
26 | [B<-serverinfo> I<val>] | |
f91d003a RL |
27 | [B<-key> I<filename>|I<uri>] |
28 | [B<-key2> I<filename>|I<uri>] | |
6d382c74 | 29 | [B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>] |
e8769719 RS |
30 | [B<-pass> I<val>] |
31 | [B<-dcert> I<infile>] | |
6d382c74 | 32 | [B<-dcertform> B<DER>|B<PEM>|B<P12>] |
2b264aee | 33 | [B<-dcert_chain> I<infile>] |
f91d003a | 34 | [B<-dkey> I<filename>|I<uri>] |
6d382c74 | 35 | [B<-dkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>] |
e8769719 | 36 | [B<-dpass> I<val>] |
a2151c5b DSH |
37 | [B<-nbio_test>] |
38 | [B<-crlf>] | |
39 | [B<-debug>] | |
1d8634b1 | 40 | [B<-msg>] |
e8769719 | 41 | [B<-msgfile> I<outfile>] |
a2151c5b | 42 | [B<-state>] |
0bae1960 MC |
43 | [B<-nocert>] |
44 | [B<-quiet>] | |
45 | [B<-no_resume_ephemeral>] | |
46 | [B<-www>] | |
47 | [B<-WWW>] | |
8b3efb53 | 48 | [B<-http_server_binmode>] |
90fc2c26 | 49 | [B<-no_ca_names>] |
09b90e0e | 50 | [B<-ignore_unexpected_eof>] |
0bae1960 MC |
51 | [B<-servername>] |
52 | [B<-servername_fatal>] | |
0bae1960 MC |
53 | [B<-tlsextdebug>] |
54 | [B<-HTTP>] | |
e8769719 | 55 | [B<-id_prefix> I<val>] |
e8769719 RS |
56 | [B<-keymatexport> I<val>] |
57 | [B<-keymatexportlen> I<+int>] | |
58 | [B<-CRL> I<infile>] | |
2b264aee | 59 | [B<-CRLform> B<DER>|B<PEM>] |
0bae1960 | 60 | [B<-crl_download>] |
2b264aee | 61 | [B<-chainCAfile> I<infile>] |
e8769719 | 62 | [B<-chainCApath> I<dir>] |
fd3397fc | 63 | [B<-chainCAstore> I<uri>] |
2b264aee DDO |
64 | [B<-verifyCAfile> I<infile>] |
65 | [B<-verifyCApath> I<dir>] | |
fd3397fc | 66 | [B<-verifyCAstore> I<uri>] |
0bae1960 MC |
67 | [B<-no_cache>] |
68 | [B<-ext_cache>] | |
0bae1960 MC |
69 | [B<-verify_return_error>] |
70 | [B<-verify_quiet>] | |
0bae1960 MC |
71 | [B<-ign_eof>] |
72 | [B<-no_ign_eof>] | |
4832560b | 73 | [B<-no_etm>] |
a829d53a | 74 | [B<-no_ems>] |
0bae1960 MC |
75 | [B<-status>] |
76 | [B<-status_verbose>] | |
e8769719 | 77 | [B<-status_timeout> I<int>] |
80a4ac57 DDO |
78 | [B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>] |
79 | [B<-no_proxy> I<addresses>] | |
e8769719 RS |
80 | [B<-status_url> I<val>] |
81 | [B<-status_file> I<infile>] | |
359efeac | 82 | [B<-ssl_config> I<val>] |
0bae1960 MC |
83 | [B<-trace>] |
84 | [B<-security_debug>] | |
85 | [B<-security_debug_verbose>] | |
86 | [B<-brief>] | |
87 | [B<-rev>] | |
88 | [B<-async>] | |
e8769719 RS |
89 | [B<-max_send_frag> I<+int>] |
90 | [B<-split_send_frag> I<+int>] | |
91 | [B<-max_pipelines> I<+int>] | |
2b264aee | 92 | [B<-naccept> I<+int>] |
e8769719 | 93 | [B<-read_buf> I<+int>] |
0bae1960 MC |
94 | [B<-bugs>] |
95 | [B<-no_comp>] | |
96 | [B<-comp>] | |
97 | [B<-no_ticket>] | |
98 | [B<-serverpref>] | |
99 | [B<-legacy_renegotiation>] | |
100 | [B<-no_renegotiation>] | |
0bae1960 MC |
101 | [B<-no_resumption_on_reneg>] |
102 | [B<-no_legacy_server_connect>] | |
4e2bd9cb | 103 | [B<-allow_no_dhe_kex>] |
e1c7871d | 104 | [B<-prioritize_chacha>] |
0bae1960 | 105 | [B<-strict>] |
e8769719 RS |
106 | [B<-sigalgs> I<val>] |
107 | [B<-client_sigalgs> I<val>] | |
108 | [B<-groups> I<val>] | |
109 | [B<-curves> I<val>] | |
110 | [B<-named_curve> I<val>] | |
111 | [B<-cipher> I<val>] | |
112 | [B<-ciphersuites> I<val>] | |
113 | [B<-dhparam> I<infile>] | |
114 | [B<-record_padding> I<val>] | |
0bae1960 | 115 | [B<-debug_broken_protocol>] |
0bae1960 | 116 | [B<-nbio>] |
e8769719 RS |
117 | [B<-psk_identity> I<val>] |
118 | [B<-psk_hint> I<val>] | |
119 | [B<-psk> I<val>] | |
120 | [B<-psk_session> I<file>] | |
121 | [B<-srpvfile> I<infile>] | |
122 | [B<-srpuserseed> I<val>] | |
0bae1960 | 123 | [B<-timeout>] |
e8769719 | 124 | [B<-mtu> I<+int>] |
0bae1960 | 125 | [B<-listen>] |
19044d3c | 126 | [B<-sctp>] |
09d62b33 | 127 | [B<-sctp_label_bug>] |
359efeac | 128 | [B<-use_srtp> I<val>] |
a2151c5b | 129 | [B<-no_dhe>] |
e8769719 | 130 | [B<-nextprotoneg> I<val>] |
e8769719 | 131 | [B<-alpn> I<val>] |
e2ef7f12 | 132 | [B<-ktls>] |
cd81ac7b | 133 | [B<-sendfile>] |
e8769719 | 134 | [B<-keylogfile> I<outfile>] |
65718c51 | 135 | [B<-recv_max_early_data> I<int>] |
8b3efb53 | 136 | [B<-max_early_data> I<int>] |
6437b802 | 137 | [B<-early_data>] |
65718c51 | 138 | [B<-stateless>] |
3bb5e5b0 MC |
139 | [B<-anti_replay>] |
140 | [B<-no_anti_replay>] | |
8b3efb53 | 141 | [B<-num_tickets>] |
a3e53d56 | 142 | [B<-tfo>] |
bc24e3ee | 143 | {- $OpenSSL::safe::opt_name_synopsis -} |
d4bff20d | 144 | {- $OpenSSL::safe::opt_version_synopsis -} |
21d08b9e | 145 | {- $OpenSSL::safe::opt_v_synopsis -} |
8b3efb53 | 146 | {- $OpenSSL::safe::opt_s_synopsis -} |
9fcb9702 RS |
147 | {- $OpenSSL::safe::opt_x_synopsis -} |
148 | {- $OpenSSL::safe::opt_trust_synopsis -} | |
149 | {- $OpenSSL::safe::opt_r_synopsis -} | |
d55e4487 | 150 | {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -} |
7efd0e77 | 151 | |
a2151c5b DSH |
152 | =head1 DESCRIPTION |
153 | ||
35a810bb RL |
154 | This command implements a generic SSL/TLS server which |
155 | listens for connections on a given port using SSL/TLS. | |
a2151c5b DSH |
156 | |
157 | =head1 OPTIONS | |
158 | ||
35a810bb RL |
159 | In addition to the options below, this command also supports |
160 | the common and server only options documented | |
f5c14c63 | 161 | L<SSL_CONF_cmd(3)/Supported Command Line Commands> |
765b4137 | 162 | |
a2151c5b DSH |
163 | =over 4 |
164 | ||
169394d4 MR |
165 | =item B<-help> |
166 | ||
167 | Print out a usage message. | |
168 | ||
e8769719 | 169 | =item B<-port> I<+int> |
a2151c5b | 170 | |
8c73aeb6 | 171 | The TCP port to listen on for connections. If not specified 4433 is used. |
a2151c5b | 172 | |
e8769719 | 173 | =item B<-accept> I<val> |
a22f9c84 E |
174 | |
175 | The optional TCP host and port to listen on for connections. If not specified, *:4433 is used. | |
176 | ||
e8769719 | 177 | =item B<-unix> I<val> |
a22f9c84 E |
178 | |
179 | Unix domain socket to accept on. | |
180 | ||
a22f9c84 E |
181 | =item B<-4> |
182 | ||
183 | Use IPv4 only. | |
184 | ||
185 | =item B<-6> | |
186 | ||
187 | Use IPv6 only. | |
188 | ||
0bae1960 MC |
189 | =item B<-unlink> |
190 | ||
191 | For -unix, unlink any existing socket first. | |
192 | ||
e8769719 | 193 | =item B<-context> I<val> |
a2151c5b | 194 | |
8c73aeb6 | 195 | Sets the SSL context id. It can be given any string value. If this option |
cc8709a0 | 196 | is not present a default value will be used. |
a2151c5b | 197 | |
e8769719 | 198 | =item B<-verify> I<int>, B<-Verify> I<int> |
0bae1960 MC |
199 | |
200 | The verify depth to use. This specifies the maximum length of the | |
201 | client certificate chain and makes the server request a certificate from | |
202 | the client. With the B<-verify> option a certificate is requested but the | |
203 | client does not have to send one, with the B<-Verify> option the client | |
204 | must supply a certificate or an error occurs. | |
205 | ||
206 | If the cipher suite cannot request a client certificate (for example an | |
207 | anonymous cipher suite or PSK) this option has no effect. | |
208 | ||
e8769719 | 209 | =item B<-cert> I<infile> |
a2151c5b DSH |
210 | |
211 | The certificate to use, most servers cipher suites require the use of a | |
212 | certificate and some require a certificate with a certain public key type: | |
213 | for example the DSS cipher suites require a certificate containing a DSS | |
1948394d | 214 | (DSA) key. If not specified then the filename F<server.pem> will be used. |
a2151c5b | 215 | |
f91d003a RL |
216 | =item B<-cert2> I<infile> |
217 | ||
218 | The certificate file to use for servername; default is C<server2.pem>. | |
219 | ||
6d382c74 | 220 | =item B<-certform> B<DER>|B<PEM>|B<P12> |
2b264aee | 221 | |
bee3f389 TM |
222 | The server certificate file format; unspecified by default. |
223 | See L<openssl-format-options(1)> for details. | |
2b264aee | 224 | |
7cacbe9d DB |
225 | =item B<-cert_chain> |
226 | ||
b3c5aadf | 227 | A file or URI of untrusted certificates to use when attempting to build the |
2b264aee | 228 | certificate chain related to the certificate specified via the B<-cert> option. |
b3c5aadf | 229 | The input can be in PEM, DER, or PKCS#12 format. |
7cacbe9d DB |
230 | |
231 | =item B<-build_chain> | |
232 | ||
2b264aee | 233 | Specify whether the application should build the server certificate chain to be |
7cacbe9d DB |
234 | provided to the client. |
235 | ||
e8769719 | 236 | =item B<-serverinfo> I<val> |
0bae1960 MC |
237 | |
238 | A file containing one or more blocks of PEM data. Each PEM block | |
239 | must encode a TLS ServerHello extension (2 bytes type, 2 bytes length, | |
240 | followed by "length" bytes of extension data). If the client sends | |
241 | an empty TLS ClientHello extension matching the type, the corresponding | |
242 | ServerHello extension will be returned. | |
243 | ||
f91d003a | 244 | =item B<-key> I<filename>|I<uri> |
a2151c5b DSH |
245 | |
246 | The private key to use. If not specified then the certificate file will | |
247 | be used. | |
248 | ||
f91d003a RL |
249 | =item B<-key2> I<filename>|I<uri> |
250 | ||
251 | The private Key file to use for servername if not given via B<-cert2>. | |
252 | ||
6d382c74 | 253 | =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> |
826a42a0 | 254 | |
bee3f389 | 255 | The key format; unspecified by default. |
46949153 | 256 | See L<openssl-format-options(1)> for details. |
826a42a0 | 257 | |
e8769719 | 258 | =item B<-pass> I<val> |
826a42a0 | 259 | |
2a33470b | 260 | The private key and certificate file password source. |
777182a0 | 261 | For more information about the format of I<val>, |
46949153 | 262 | see L<openssl-passphrase-options(1)>. |
826a42a0 | 263 | |
f91d003a | 264 | =item B<-dcert> I<infile>, B<-dkey> I<filename>|I<uri> |
a2151c5b | 265 | |
8c73aeb6 | 266 | Specify an additional certificate and private key, these behave in the |
a2151c5b DSH |
267 | same manner as the B<-cert> and B<-key> options except there is no default |
268 | if they are not specified (no additional certificate and key is used). As | |
269 | noted above some cipher suites require a certificate containing a key of | |
270 | a certain type. Some cipher suites need a certificate carrying an RSA key | |
271 | and some a DSS (DSA) key. By using RSA and DSS certificates and keys | |
272 | a server can support clients which only support RSA or DSS cipher suites | |
273 | by using an appropriate certificate. | |
274 | ||
7cacbe9d DB |
275 | =item B<-dcert_chain> |
276 | ||
b3c5aadf | 277 | A file or URI of untrusted certificates to use when attempting to build the |
7cacbe9d DB |
278 | server certificate chain when a certificate specified via the B<-dcert> option |
279 | is in use. | |
b3c5aadf | 280 | The input can be in PEM, DER, or PKCS#12 format. |
7cacbe9d | 281 | |
6d382c74 | 282 | =item B<-dcertform> B<DER>|B<PEM>|B<P12> |
2b264aee | 283 | |
bee3f389 TM |
284 | The format of the additional certificate file; unspecified by default. |
285 | See L<openssl-format-options(1)> for details. | |
2b264aee | 286 | |
6d382c74 | 287 | =item B<-dkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> |
777182a0 | 288 | |
bee3f389 TM |
289 | The format of the additional private key; unspecified by default. |
290 | See L<openssl-format-options(1)> for details. | |
826a42a0 | 291 | |
777182a0 RS |
292 | =item B<-dpass> I<val> |
293 | ||
2a33470b | 294 | The passphrase for the additional private key and certificate. |
777182a0 | 295 | For more information about the format of I<val>, |
46949153 | 296 | see L<openssl-passphrase-options(1)>. |
826a42a0 | 297 | |
0bae1960 | 298 | =item B<-nbio_test> |
a2151c5b | 299 | |
0bae1960 | 300 | Tests non blocking I/O. |
a2151c5b | 301 | |
0bae1960 | 302 | =item B<-crlf> |
a2151c5b | 303 | |
0bae1960 | 304 | This option translated a line feed from the terminal into CR+LF. |
a2151c5b | 305 | |
0bae1960 | 306 | =item B<-debug> |
a2151c5b | 307 | |
0bae1960 | 308 | Print extensive debugging information including a hex dump of all traffic. |
a2151c5b | 309 | |
359efeac DDO |
310 | =item B<-security_debug> |
311 | ||
312 | Print output from SSL/TLS security framework. | |
313 | ||
314 | =item B<-security_debug_verbose> | |
315 | ||
316 | Print more output from SSL/TLS security framework | |
317 | ||
0bae1960 | 318 | =item B<-msg> |
51e00db2 | 319 | |
0bae1960 | 320 | Show all protocol messages with hex dump. |
51e00db2 | 321 | |
e8769719 | 322 | =item B<-msgfile> I<outfile> |
a2151c5b | 323 | |
0bae1960 | 324 | File to send output of B<-msg> or B<-trace> to, default standard output. |
a2151c5b | 325 | |
0bae1960 MC |
326 | =item B<-state> |
327 | ||
328 | Prints the SSL session states. | |
329 | ||
2b264aee DDO |
330 | =item B<-CRL> I<infile> |
331 | ||
332 | The CRL file to use. | |
333 | ||
334 | =item B<-CRLform> B<DER>|B<PEM> | |
335 | ||
bee3f389 | 336 | The CRL file format; unspecified by default. |
46949153 | 337 | See L<openssl-format-options(1)> for details. |
2b264aee DDO |
338 | |
339 | =item B<-crl_download> | |
340 | ||
341 | Download CRLs from distribution points given in CDP extensions of certificates | |
7cacbe9d | 342 | |
2b264aee DDO |
343 | =item B<-verifyCAfile> I<filename> |
344 | ||
345 | A file in PEM format CA containing trusted certificates to use | |
346 | for verifying client certificates. | |
347 | ||
348 | =item B<-verifyCApath> I<dir> | |
349 | ||
350 | A directory containing trusted certificates to use | |
351 | for verifying client certificates. | |
352 | This directory must be in "hash format", | |
353 | see L<openssl-verify(1)> for more information. | |
354 | ||
355 | =item B<-verifyCAstore> I<uri> | |
356 | ||
357 | The URI of a store containing trusted certificates to use | |
358 | for verifying client certificates. | |
7cacbe9d | 359 | |
e8769719 | 360 | =item B<-chainCAfile> I<file> |
7cacbe9d | 361 | |
2b264aee DDO |
362 | A file in PEM format containing trusted certificates to use |
363 | when attempting to build the server certificate chain. | |
364 | ||
365 | =item B<-chainCApath> I<dir> | |
366 | ||
367 | A directory containing trusted certificates to use | |
368 | for building the server certificate chain provided to the client. | |
369 | This directory must be in "hash format", | |
370 | see L<openssl-verify(1)> for more information. | |
7cacbe9d | 371 | |
fd3397fc RL |
372 | =item B<-chainCAstore> I<uri> |
373 | ||
2b264aee DDO |
374 | The URI of a store containing trusted certificates to use |
375 | for building the server certificate chain provided to the client. | |
376 | The URI may indicate a single certificate, as well as a collection of them. | |
fd3397fc RL |
377 | With URIs in the C<file:> scheme, this acts as B<-chainCAfile> or |
378 | B<-chainCApath>, depending on if the URI indicates a directory or a | |
379 | single file. | |
380 | See L<ossl_store-file(7)> for more information on the C<file:> scheme. | |
381 | ||
0bae1960 | 382 | =item B<-nocert> |
8d419330 | 383 | |
0bae1960 MC |
384 | If this option is set then no certificate is used. This restricts the |
385 | cipher suites available to the anonymous ones (currently just anonymous | |
386 | DH). | |
8d419330 | 387 | |
0bae1960 | 388 | =item B<-quiet> |
a2151c5b | 389 | |
0bae1960 | 390 | Inhibit printing of session and certificate information. |
a2151c5b | 391 | |
359efeac DDO |
392 | =item B<-no_resume_ephemeral> |
393 | ||
394 | Disable caching and tickets if ephemeral (EC)DH is used. | |
395 | ||
0b3b2b33 RS |
396 | =item B<-tlsextdebug> |
397 | ||
398 | Print a hex dump of any TLS extensions received from the server. | |
399 | ||
0bae1960 | 400 | =item B<-www> |
a2151c5b | 401 | |
0bae1960 MC |
402 | Sends a status message back to the client when it connects. This includes |
403 | information about the ciphers used and various session parameters. | |
0b3b2b33 RS |
404 | The output is in HTML format so this option can be used with a web browser. |
405 | The special URL C</renegcert> turns on client cert validation, and C</reneg> | |
406 | tells the server to request renegotiation. | |
407 | The B<-early_data> option cannot be used with this option. | |
a2151c5b | 408 | |
0b3b2b33 | 409 | =item B<-WWW>, B<-HTTP> |
1d8634b1 | 410 | |
0bae1960 | 411 | Emulates a simple web server. Pages will be resolved relative to the |
0b3b2b33 RS |
412 | current directory, for example if the URL C<https://myhost/page.html> is |
413 | requested the file F<./page.html> will be sent. | |
414 | If the B<-HTTP> flag is used, the files are sent directly, and should contain | |
415 | any HTTP response headers (including status response line). | |
416 | If the B<-WWW> option is used, | |
417 | the response headers are generated by the server, and the file extension is | |
418 | examined to determine the B<Content-Type> header. | |
419 | Extensions of C<html>, C<htm>, and C<php> are C<text/html> and all others are | |
420 | C<text/plain>. | |
421 | In addition, the special URL C</stats> will return status | |
422 | information like the B<-www> option. | |
423 | Neither of these options can be used in conjunction with B<-early_data>. | |
8dbeb110 | 424 | |
8b3efb53 RS |
425 | =item B<-http_server_binmode> |
426 | ||
427 | When acting as web-server (using option B<-WWW> or B<-HTTP>) open files requested | |
428 | by the client in binary mode. | |
429 | ||
90fc2c26 NM |
430 | =item B<-no_ca_names> |
431 | ||
432 | Disable TLS Extension CA Names. You may want to disable it for security reasons | |
433 | or for compatibility with some Windows TLS implementations crashing when this | |
434 | extension is larger than 1024 bytes. | |
435 | ||
09b90e0e DB |
436 | =item B<-ignore_unexpected_eof> |
437 | ||
438 | Some TLS implementations do not send the mandatory close_notify alert on | |
439 | shutdown. If the application tries to wait for the close_notify alert but the | |
440 | peer closes the connection without sending it, an error is generated. When this | |
441 | option is enabled the peer does not need to send the close_notify alert and a | |
442 | closed connection will be treated as if the close_notify alert was received. | |
443 | For more information on shutting down a connection, see L<SSL_shutdown(3)>. | |
444 | ||
359efeac DDO |
445 | =item B<-servername> |
446 | ||
447 | Servername for HostName TLS extension. | |
448 | ||
449 | =item B<-servername_fatal> | |
450 | ||
451 | On servername mismatch send fatal alert (default: warning alert). | |
452 | ||
e8769719 | 453 | =item B<-id_prefix> I<val> |
a2151c5b | 454 | |
2f0ea936 | 455 | Generate SSL/TLS session IDs prefixed by I<val>. This is mostly useful |
8c1cbc72 | 456 | for testing any SSL/TLS code (e.g. proxies) that wish to deal with multiple |
0bae1960 | 457 | servers, when each of which might be generating a unique range of session |
8c1cbc72 | 458 | IDs (e.g. with a certain prefix). |
a2151c5b | 459 | |
359efeac DDO |
460 | =item B<-keymatexport> |
461 | ||
462 | Export keying material using label. | |
463 | ||
464 | =item B<-keymatexportlen> | |
465 | ||
466 | Export the given number of bytes of keying material; default 20. | |
467 | ||
468 | =item B<-no_cache> | |
469 | ||
470 | Disable session cache. | |
471 | ||
472 | =item B<-ext_cache>. | |
473 | ||
474 | Disable internal cache, set up and use external cache. | |
475 | ||
0bae1960 | 476 | =item B<-verify_return_error> |
a2151c5b | 477 | |
0bae1960 MC |
478 | Verification errors normally just print a message but allow the |
479 | connection to continue, for debugging purposes. | |
480 | If this option is used, then verification errors close the connection. | |
a2151c5b | 481 | |
359efeac DDO |
482 | =item B<-verify_quiet> |
483 | ||
484 | No verify output except verify errors. | |
485 | ||
486 | =item B<-ign_eof> | |
487 | ||
488 | Ignore input EOF (default: when B<-quiet>). | |
489 | ||
490 | =item B<-no_ign_eof> | |
491 | ||
492 | Do not ignore input EOF. | |
493 | ||
4832560b DB |
494 | =item B<-no_etm> |
495 | ||
496 | Disable Encrypt-then-MAC negotiation. | |
497 | ||
a829d53a | 498 | =item B<-no_ems> |
499 | ||
500 | Disable Extended master secret negotiation. | |
501 | ||
0bae1960 | 502 | =item B<-status> |
a2151c5b | 503 | |
0bae1960 | 504 | Enables certificate status request support (aka OCSP stapling). |
a2151c5b | 505 | |
0bae1960 | 506 | =item B<-status_verbose> |
ddac1974 | 507 | |
0bae1960 MC |
508 | Enables certificate status request support (aka OCSP stapling) and gives |
509 | a verbose printout of the OCSP response. | |
ddac1974 | 510 | |
e8769719 | 511 | =item B<-status_timeout> I<int> |
720b6cbe | 512 | |
2f0ea936 | 513 | Sets the timeout for OCSP response to I<int> seconds. |
720b6cbe | 514 | |
80a4ac57 DDO |
515 | =item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]> |
516 | ||
517 | The HTTP(S) proxy server to use for reaching the OCSP server unless B<-no_proxy> | |
518 | applies, see below. | |
519 | The proxy port defaults to 80 or 443 if the scheme is C<https>; apart from that | |
520 | the optional C<http://> or C<https://> prefix is ignored, | |
521 | as well as any userinfo and path components. | |
522 | Defaults to the environment variable C<http_proxy> if set, else C<HTTP_PROXY> | |
523 | in case no TLS is used, otherwise C<https_proxy> if set, else C<HTTPS_PROXY>. | |
524 | ||
525 | =item B<-no_proxy> I<addresses> | |
526 | ||
527 | List of IP addresses and/or DNS names of servers | |
528 | not to use an HTTP(S) proxy for, separated by commas and/or whitespace | |
529 | (where in the latter case the whole argument must be enclosed in "..."). | |
530 | Default is from the environment variable C<no_proxy> if set, else C<NO_PROXY>. | |
531 | ||
e8769719 | 532 | =item B<-status_url> I<val> |
ddac1974 | 533 | |
0bae1960 MC |
534 | Sets a fallback responder URL to use if no responder URL is present in the |
535 | server certificate. Without this option an error is returned if the server | |
536 | certificate does not contain a responder address. | |
7932982b DDO |
537 | The optional userinfo and fragment URL components are ignored. |
538 | Any given query component is handled as part of the path component. | |
ddac1974 | 539 | |
e8769719 | 540 | =item B<-status_file> I<infile> |
a2151c5b | 541 | |
0bae1960 MC |
542 | Overrides any OCSP responder URLs from the certificate and always provides the |
543 | OCSP Response stored in the file. The file must be in DER format. | |
a2151c5b | 544 | |
359efeac DDO |
545 | =item B<-ssl_config> I<val> |
546 | ||
547 | Configure SSL_CTX using the given configuration value. | |
548 | ||
0bae1960 | 549 | =item B<-trace> |
35d15a39 | 550 | |
726f92e0 | 551 | Show verbose trace output of protocol messages. |
35d15a39 | 552 | |
0bae1960 | 553 | =item B<-brief> |
35d15a39 | 554 | |
0bae1960 MC |
555 | Provide a brief summary of connection parameters instead of the normal verbose |
556 | output. | |
35d15a39 | 557 | |
0bae1960 | 558 | =item B<-rev> |
19044d3c | 559 | |
04fb4ec8 HK |
560 | Simple echo server that sends back received text reversed. Also sets B<-brief>. |
561 | Cannot be used in conjunction with B<-early_data>. | |
19044d3c | 562 | |
bc8857bf MC |
563 | =item B<-async> |
564 | ||
8c73aeb6 | 565 | Switch on asynchronous mode. Cryptographic operations will be performed |
bc8857bf MC |
566 | asynchronously. This will only have an effect if an asynchronous capable engine |
567 | is also used via the B<-engine> option. For test purposes the dummy async engine | |
568 | (dasync) can be used (if available). | |
569 | ||
e8769719 | 570 | =item B<-max_send_frag> I<+int> |
28e5ea88 F |
571 | |
572 | The maximum size of data fragment to send. | |
573 | See L<SSL_CTX_set_max_send_fragment(3)> for further information. | |
574 | ||
e8769719 | 575 | =item B<-split_send_frag> I<+int> |
0df80881 MC |
576 | |
577 | The size used to split data for encrypt pipelines. If more data is written in | |
578 | one go than this value then it will be split into multiple pipelines, up to the | |
579 | maximum number of pipelines defined by max_pipelines. This only has an effect if | |
c4de074e | 580 | a suitable cipher suite has been negotiated, an engine that supports pipelining |
0df80881 MC |
581 | has been loaded, and max_pipelines is greater than 1. See |
582 | L<SSL_CTX_set_split_send_fragment(3)> for further information. | |
583 | ||
e8769719 | 584 | =item B<-max_pipelines> I<+int> |
0df80881 MC |
585 | |
586 | The maximum number of encrypt/decrypt pipelines to be used. This will only have | |
587 | an effect if an engine has been loaded that supports pipelining (e.g. the dasync | |
c4de074e | 588 | engine) and a suitable cipher suite has been negotiated. The default value is 1. |
0df80881 MC |
589 | See L<SSL_CTX_set_max_pipelines(3)> for further information. |
590 | ||
2b264aee DDO |
591 | =item B<-naccept> I<+int> |
592 | ||
593 | The server will exit after receiving the specified number of connections, | |
594 | default unlimited. | |
595 | ||
e8769719 | 596 | =item B<-read_buf> I<+int> |
0df80881 MC |
597 | |
598 | The default read buffer size to be used for connections. This will only have an | |
599 | effect if the buffer size is larger than the size that would otherwise be used | |
600 | and pipelining is in use (see L<SSL_CTX_set_default_read_buffer_len(3)> for | |
601 | further information). | |
602 | ||
a2151c5b DSH |
603 | =item B<-bugs> |
604 | ||
fc4e500b | 605 | There are several known bugs in SSL and TLS implementations. Adding this |
a2151c5b DSH |
606 | option enables various workarounds. |
607 | ||
0bae1960 MC |
608 | =item B<-no_comp> |
609 | ||
610 | Disable negotiation of TLS compression. | |
611 | TLS compression is not recommended and is off by default as of | |
612 | OpenSSL 1.1.0. | |
613 | ||
cc5a9ba4 VD |
614 | =item B<-comp> |
615 | ||
616 | Enable negotiation of TLS compression. | |
617 | This option was introduced in OpenSSL 1.1.0. | |
618 | TLS compression is not recommended and is off by default as of | |
619 | OpenSSL 1.1.0. | |
620 | ||
0bae1960 | 621 | =item B<-no_ticket> |
cc5a9ba4 | 622 | |
7ffb7fbe MC |
623 | Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3 |
624 | is negotiated. See B<-num_tickets>. | |
625 | ||
626 | =item B<-num_tickets> | |
627 | ||
628 | Control the number of tickets that will be sent to the client after a full | |
629 | handshake in TLSv1.3. The default number of tickets is 2. This option does not | |
630 | affect the number of tickets sent after a resumption handshake. | |
cc5a9ba4 | 631 | |
0bae1960 | 632 | =item B<-serverpref> |
765b4137 | 633 | |
0bae1960 MC |
634 | Use the server's cipher preferences, rather than the client's preferences. |
635 | ||
e1c7871d TS |
636 | =item B<-prioritize_chacha> |
637 | ||
638 | Prioritize ChaCha ciphers when preferred by clients. Requires B<-serverpref>. | |
639 | ||
0bae1960 MC |
640 | =item B<-no_resumption_on_reneg> |
641 | ||
642 | Set the B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> option. | |
765b4137 | 643 | |
e8769719 | 644 | =item B<-client_sigalgs> I<val> |
254b58fd SC |
645 | |
646 | Signature algorithms to support for client certificate authentication | |
c4de074e | 647 | (colon-separated list). |
254b58fd | 648 | |
e8769719 | 649 | =item B<-named_curve> I<val> |
254b58fd SC |
650 | |
651 | Specifies the elliptic curve to use. NOTE: this is single curve, not a list. | |
652 | For a list of all possible curves, use: | |
653 | ||
654 | $ openssl ecparam -list_curves | |
655 | ||
e8769719 | 656 | =item B<-cipher> I<val> |
a2151c5b | 657 | |
9d2674cd MC |
658 | This allows the list of TLSv1.2 and below ciphersuites used by the server to be |
659 | modified. This list is combined with any TLSv1.3 ciphersuites that have been | |
660 | configured. When the client sends a list of supported ciphers the first client | |
661 | cipher also included in the server list is used. Because the client specifies | |
662 | the preference order, the order of the server cipherlist is irrelevant. See | |
35a810bb | 663 | L<openssl-ciphers(1)> for more information. |
a2151c5b | 664 | |
e8769719 | 665 | =item B<-ciphersuites> I<val> |
9d2674cd MC |
666 | |
667 | This allows the list of TLSv1.3 ciphersuites used by the server to be modified. | |
668 | This list is combined with any TLSv1.2 and below ciphersuites that have been | |
669 | configured. When the client sends a list of supported ciphers the first client | |
670 | cipher also included in the server list is used. Because the client specifies | |
671 | the preference order, the order of the server cipherlist is irrelevant. See | |
35a810bb RL |
672 | L<openssl-ciphers(1)> command for more information. The format for this list is |
673 | a simple colon (":") separated list of TLSv1.3 ciphersuite names. | |
9d2674cd | 674 | |
e8769719 | 675 | =item B<-dhparam> I<infile> |
7b825005 | 676 | |
0bae1960 MC |
677 | The DH parameter file to use. The ephemeral DH cipher suites generate keys |
678 | using a set of DH parameters. If not specified then an attempt is made to | |
679 | load the parameters from the server certificate file. | |
35a810bb RL |
680 | If this fails then a static set of parameters hard coded into this command |
681 | will be used. | |
765b4137 | 682 | |
0bae1960 | 683 | =item B<-nbio> |
52b621db | 684 | |
0bae1960 | 685 | Turns on non blocking I/O. |
52b621db | 686 | |
359efeac DDO |
687 | =item B<-timeout> |
688 | ||
689 | Enable timeouts. | |
690 | ||
691 | =item B<-mtu> | |
692 | ||
693 | Set link-layer MTU. | |
694 | ||
e8769719 | 695 | =item B<-psk_identity> I<val> |
9cd50f73 | 696 | |
2f0ea936 | 697 | Expect the client to send PSK identity I<val> when using a PSK |
0bae1960 MC |
698 | cipher suite, and warn if they do not. By default, the expected PSK |
699 | identity is the string "Client_identity". | |
9cd50f73 | 700 | |
e8769719 | 701 | =item B<-psk_hint> I<val> |
36086186 | 702 | |
2f0ea936 | 703 | Use the PSK identity hint I<val> when using a PSK cipher suite. |
36086186 | 704 | |
e8769719 | 705 | =item B<-psk> I<val> |
cba3f1c7 | 706 | |
2f0ea936 | 707 | Use the PSK key I<val> when using a PSK cipher suite. The key is |
0bae1960 MC |
708 | given as a hexadecimal number without leading 0x, for example -psk |
709 | 1a2b3c4d. | |
710 | This option must be provided in order to use a PSK cipher. | |
cba3f1c7 | 711 | |
e8769719 | 712 | =item B<-psk_session> I<file> |
9e064bc1 | 713 | |
2f0ea936 | 714 | Use the pem encoded SSL_SESSION data stored in I<file> as the basis of a PSK. |
9e064bc1 MC |
715 | Note that this will only work if TLSv1.3 is negotiated. |
716 | ||
359efeac DDO |
717 | =item B<-srpvfile> |
718 | ||
719 | The verifier file for SRP. | |
720 | This option is deprecated. | |
721 | ||
722 | =item B<-srpuserseed> | |
723 | ||
724 | A seed string for a default user salt. | |
725 | This option is deprecated. | |
726 | ||
0bae1960 | 727 | =item B<-listen> |
cba3f1c7 | 728 | |
0bae1960 | 729 | This option can only be used in conjunction with one of the DTLS options above. |
35a810bb RL |
730 | With this option, this command will listen on a UDP port for incoming |
731 | connections. | |
0bae1960 MC |
732 | Any ClientHellos that arrive will be checked to see if they have a cookie in |
733 | them or not. | |
734 | Any without a cookie will be responded to with a HelloVerifyRequest. | |
35a810bb RL |
735 | If a ClientHello with a cookie is received then this command will |
736 | connect to that peer and complete the handshake. | |
cba3f1c7 | 737 | |
0bae1960 | 738 | =item B<-sctp> |
cba3f1c7 | 739 | |
0bae1960 MC |
740 | Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in |
741 | conjunction with B<-dtls>, B<-dtls1> or B<-dtls1_2>. This option is only | |
742 | available where OpenSSL has support for SCTP enabled. | |
cba3f1c7 | 743 | |
09d62b33 MT |
744 | =item B<-sctp_label_bug> |
745 | ||
746 | Use the incorrect behaviour of older OpenSSL implementations when computing | |
747 | endpoint-pair shared secrets for DTLS/SCTP. This allows communication with | |
748 | older broken implementations but breaks interoperability with correct | |
749 | implementations. Must be used in conjunction with B<-sctp>. This option is only | |
750 | available where OpenSSL has support for SCTP enabled. | |
751 | ||
359efeac DDO |
752 | =item B<-use_srtp> |
753 | ||
754 | Offer SRTP key management with a colon-separated profile list. | |
755 | ||
0bae1960 | 756 | =item B<-no_dhe> |
acf65ae5 | 757 | |
0bae1960 MC |
758 | If this option is set then no DH parameters will be loaded effectively |
759 | disabling the ephemeral DH cipher suites. | |
acf65ae5 | 760 | |
e8769719 | 761 | =item B<-alpn> I<val>, B<-nextprotoneg> I<val> |
7efd0e77 | 762 | |
dd28d1c4 | 763 | These flags enable the Application-Layer Protocol Negotiation |
c4de074e P |
764 | or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the |
765 | IETF standard and replaces NPN. | |
2f0ea936 | 766 | The I<val> list is a comma-separated list of supported protocol |
c4de074e | 767 | names. The list should contain the most desirable protocols first. |
7efd0e77 HK |
768 | Protocol names are printable ASCII strings, for example "http/1.1" or |
769 | "spdy/3". | |
837f87c2 | 770 | The flag B<-nextprotoneg> cannot be specified if B<-tls1_3> is used. |
7efd0e77 | 771 | |
e2ef7f12 TZ |
772 | =item B<-ktls> |
773 | ||
774 | Enable Kernel TLS for sending and receiving. | |
775 | This option was introduced in OpenSSL 3.1.0. | |
776 | Kernel TLS is off by default as of OpenSSL 3.1.0. | |
777 | ||
cd81ac7b TZ |
778 | =item B<-sendfile> |
779 | ||
780 | If this option is set and KTLS is enabled, SSL_sendfile() will be used | |
781 | instead of BIO_write() to send the HTTP response requested by a client. | |
e2ef7f12 TZ |
782 | This option is only valid when B<-ktls> along with B<-WWW> or B<-HTTP> |
783 | are specified. | |
cd81ac7b | 784 | |
e8769719 | 785 | =item B<-keylogfile> I<outfile> |
39176d44 PW |
786 | |
787 | Appends TLS secrets to the specified keylog file such that external programs | |
788 | (like Wireshark) can decrypt TLS connections. | |
789 | ||
e8769719 | 790 | =item B<-max_early_data> I<int> |
6437b802 MC |
791 | |
792 | Change the default maximum early data bytes that are specified for new sessions | |
793 | and any incoming early data (when used in conjunction with the B<-early_data> | |
83750d9b MC |
794 | flag). The default value is approximately 16k. The argument must be an integer |
795 | greater than or equal to 0. | |
6437b802 | 796 | |
65718c51 RS |
797 | =item B<-recv_max_early_data> I<int> |
798 | ||
799 | Specify the hard limit on the maximum number of early data bytes that will | |
800 | be accepted. | |
801 | ||
6437b802 MC |
802 | =item B<-early_data> |
803 | ||
6ef40f1f MC |
804 | Accept early data where possible. Cannot be used in conjunction with B<-www>, |
805 | B<-WWW>, B<-HTTP> or B<-rev>. | |
6437b802 | 806 | |
65718c51 RS |
807 | =item B<-stateless> |
808 | ||
809 | Require TLSv1.3 cookies. | |
810 | ||
3bb5e5b0 MC |
811 | =item B<-anti_replay>, B<-no_anti_replay> |
812 | ||
813 | Switches replay protection on or off, respectively. Replay protection is on by | |
814 | default unless overridden by a configuration file. When it is on, OpenSSL will | |
815 | automatically detect if a session ticket has been used more than once, TLSv1.3 | |
816 | has been negotiated, and early data is enabled on the server. A full handshake | |
817 | is forced if a session ticket is used a second or subsequent time. Any early | |
818 | data that was sent will be rejected. | |
819 | ||
a3e53d56 TS |
820 | =item B<-tfo> |
821 | ||
822 | Enable acceptance of TCP Fast Open (RFC7413) connections. | |
823 | ||
824 | ||
bc24e3ee RS |
825 | {- $OpenSSL::safe::opt_name_item -} |
826 | ||
d4bff20d RS |
827 | {- $OpenSSL::safe::opt_version_item -} |
828 | ||
8b3efb53 RS |
829 | {- $OpenSSL::safe::opt_s_item -} |
830 | ||
9fcb9702 RS |
831 | {- $OpenSSL::safe::opt_x_item -} |
832 | ||
833 | {- $OpenSSL::safe::opt_trust_item -} | |
834 | ||
835 | {- $OpenSSL::safe::opt_r_item -} | |
836 | ||
018aaeb4 RS |
837 | {- $OpenSSL::safe::opt_engine_item -} |
838 | ||
6bd4e3f2 P |
839 | {- $OpenSSL::safe::opt_provider_item -} |
840 | ||
21d08b9e RS |
841 | {- $OpenSSL::safe::opt_v_item -} |
842 | ||
843 | If the server requests a client certificate, then | |
844 | verification errors are displayed, for debugging, but the command will | |
845 | proceed unless the B<-verify_return_error> option is used. | |
846 | ||
a2151c5b DSH |
847 | =back |
848 | ||
849 | =head1 CONNECTED COMMANDS | |
850 | ||
851 | If a connection request is established with an SSL client and neither the | |
4b08eaf5 | 852 | B<-www> nor the B<-WWW> option has been used then normally any data received |
8c73aeb6 | 853 | from the client is displayed and any key presses will be sent to the client. |
4b08eaf5 | 854 | |
3d0dde84 MC |
855 | Certain commands are also recognized which perform special operations. These |
856 | commands are a letter which must appear at the start of a line. They are listed | |
857 | below. | |
4b08eaf5 DSH |
858 | |
859 | =over 4 | |
860 | ||
861 | =item B<q> | |
862 | ||
c4de074e | 863 | End the current SSL connection but still accept new connections. |
4b08eaf5 DSH |
864 | |
865 | =item B<Q> | |
866 | ||
c4de074e | 867 | End the current SSL connection and exit. |
4b08eaf5 DSH |
868 | |
869 | =item B<r> | |
870 | ||
3d0dde84 | 871 | Renegotiate the SSL session (TLSv1.2 and below only). |
4b08eaf5 DSH |
872 | |
873 | =item B<R> | |
874 | ||
3d0dde84 MC |
875 | Renegotiate the SSL session and request a client certificate (TLSv1.2 and below |
876 | only). | |
4b08eaf5 DSH |
877 | |
878 | =item B<P> | |
879 | ||
c4de074e | 880 | Send some plain text down the underlying TCP connection: this should |
4b08eaf5 DSH |
881 | cause the client to disconnect due to a protocol violation. |
882 | ||
883 | =item B<S> | |
884 | ||
c4de074e | 885 | Print out some session cache status information. |
4b08eaf5 | 886 | |
3d0dde84 MC |
887 | =item B<k> |
888 | ||
889 | Send a key update message to the client (TLSv1.3 only) | |
890 | ||
891 | =item B<K> | |
892 | ||
893 | Send a key update message to the client and request one back (TLSv1.3 only) | |
894 | ||
895 | =item B<c> | |
896 | ||
897 | Send a certificate request to the client (TLSv1.3 only) | |
898 | ||
4b08eaf5 | 899 | =back |
a2151c5b DSH |
900 | |
901 | =head1 NOTES | |
902 | ||
35a810bb RL |
903 | This command can be used to debug SSL clients. To accept connections |
904 | from a web browser the command: | |
a2151c5b DSH |
905 | |
906 | openssl s_server -accept 443 -www | |
907 | ||
908 | can be used for example. | |
909 | ||
a2151c5b | 910 | Although specifying an empty list of CAs when requesting a client certificate |
4b08eaf5 DSH |
911 | is strictly speaking a protocol violation, some SSL clients interpret this to |
912 | mean any CA is acceptable. This is useful for debugging purposes. | |
a2151c5b | 913 | |
35a810bb | 914 | The session parameters can printed out using the L<openssl-sess_id(1)> command. |
a2151c5b DSH |
915 | |
916 | =head1 BUGS | |
917 | ||
8c73aeb6 | 918 | Because this program has a lot of options and also because some of the |
35a810bb RL |
919 | techniques used are rather old, the C source for this command is rather |
920 | hard to read and not a model of how things should be done. | |
8c73aeb6 | 921 | A typical SSL server program would be much simpler. |
a2151c5b DSH |
922 | |
923 | The output of common ciphers is wrong: it just gives the list of ciphers that | |
4b08eaf5 | 924 | OpenSSL recognizes and the client supports. |
a2151c5b | 925 | |
35a810bb RL |
926 | There should be a way for this command to print out details |
927 | of any unknown cipher suites a client says it supports. | |
a2151c5b DSH |
928 | |
929 | =head1 SEE ALSO | |
930 | ||
b6b66573 DMSP |
931 | L<openssl(1)>, |
932 | L<openssl-sess_id(1)>, | |
933 | L<openssl-s_client(1)>, | |
934 | L<openssl-ciphers(1)>, | |
935 | L<SSL_CONF_cmd(3)>, | |
dfee8626 RS |
936 | L<SSL_CTX_set_max_send_fragment(3)>, |
937 | L<SSL_CTX_set_split_send_fragment(3)>, | |
fd3397fc RL |
938 | L<SSL_CTX_set_max_pipelines(3)>, |
939 | L<ossl_store-file(7)> | |
a2151c5b | 940 | |
fa7b0111 MC |
941 | =head1 HISTORY |
942 | ||
fc5ecadd | 943 | The -no_alt_chains option was added in OpenSSL 1.1.0. |
e1c7871d | 944 | |
fc5ecadd DMSP |
945 | The |
946 | -allow-no-dhe-kex and -prioritize_chacha options were added in OpenSSL 1.1.1. | |
fa7b0111 | 947 | |
359efeac DDO |
948 | The B<-srpvfile>, B<-srpuserseed>, and B<-engine> |
949 | option were deprecated in OpenSSL 3.0. | |
0f221d9c | 950 | |
a3e53d56 TS |
951 | The -tfo option was added in OpenSSL 3.1. |
952 | ||
e2f92610 RS |
953 | =head1 COPYRIGHT |
954 | ||
8020d79b | 955 | Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 956 | |
449040b4 | 957 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
958 | this file except in compliance with the License. You can obtain a copy |
959 | in the file LICENSE in the source distribution or at | |
960 | L<https://www.openssl.org/source/license.html>. | |
961 | ||
962 | =cut |