]>
Commit | Line | Data |
---|---|---|
a2151c5b | 1 | =pod |
625c781d | 2 | {- OpenSSL::safe::output_do_not_edit_headers(); -} |
9fcb9702 | 3 | |
a2151c5b DSH |
4 | =head1 NAME |
5 | ||
b6b66573 | 6 | openssl-s_server - SSL/TLS server program |
a2151c5b DSH |
7 | |
8 | =head1 SYNOPSIS | |
9 | ||
a2bbe594 | 10 | B<openssl> B<s_server> |
169394d4 | 11 | [B<-help>] |
e8769719 RS |
12 | [B<-port> I<+int>] |
13 | [B<-accept> I<val>] | |
14 | [B<-unix> I<val>] | |
a22f9c84 E |
15 | [B<-4>] |
16 | [B<-6>] | |
0bae1960 | 17 | [B<-unlink>] |
e8769719 RS |
18 | [B<-context> I<val>] |
19 | [B<-verify> I<int>] | |
20 | [B<-Verify> I<int>] | |
21 | [B<-cert> I<infile>] | |
e8769719 RS |
22 | [B<-naccept> I<+int>] |
23 | [B<-serverinfo> I<val>] | |
24 | [B<-certform> B<DER>|B<PEM>] | |
25 | [B<-key> I<infile>] | |
777182a0 | 26 | [B<-keyform> B<DER>|B<PEM>] |
e8769719 RS |
27 | [B<-pass> I<val>] |
28 | [B<-dcert> I<infile>] | |
29 | [B<-dcertform> B<DER>|B<PEM>] | |
30 | [B<-dkey> I<infile>] | |
31 | [B<-dkeyform> B<DER>|B<PEM>] | |
32 | [B<-dpass> I<val>] | |
a2151c5b DSH |
33 | [B<-nbio_test>] |
34 | [B<-crlf>] | |
35 | [B<-debug>] | |
1d8634b1 | 36 | [B<-msg>] |
e8769719 | 37 | [B<-msgfile> I<outfile>] |
a2151c5b | 38 | [B<-state>] |
0bae1960 MC |
39 | [B<-nocert>] |
40 | [B<-quiet>] | |
41 | [B<-no_resume_ephemeral>] | |
42 | [B<-www>] | |
43 | [B<-WWW>] | |
44 | [B<-servername>] | |
45 | [B<-servername_fatal>] | |
8dc57d76 RL |
46 | [B<-cert2> I<infile>] |
47 | [B<-key2> I<infile>] | |
0bae1960 MC |
48 | [B<-tlsextdebug>] |
49 | [B<-HTTP>] | |
e8769719 | 50 | [B<-id_prefix> I<val>] |
e8769719 RS |
51 | [B<-keymatexport> I<val>] |
52 | [B<-keymatexportlen> I<+int>] | |
53 | [B<-CRL> I<infile>] | |
0bae1960 | 54 | [B<-crl_download>] |
e8769719 RS |
55 | [B<-cert_chain> I<infile>] |
56 | [B<-dcert_chain> I<infile>] | |
57 | [B<-chainCApath> I<dir>] | |
58 | [B<-verifyCApath> I<dir>] | |
fd3397fc RL |
59 | [B<-chainCAstore> I<uri>] |
60 | [B<-verifyCAstore> I<uri>] | |
0bae1960 MC |
61 | [B<-no_cache>] |
62 | [B<-ext_cache>] | |
0bae1960 MC |
63 | [B<-verify_return_error>] |
64 | [B<-verify_quiet>] | |
65 | [B<-build_chain>] | |
e8769719 RS |
66 | [B<-chainCAfile> I<infile>] |
67 | [B<-verifyCAfile> I<infile>] | |
0bae1960 MC |
68 | [B<-ign_eof>] |
69 | [B<-no_ign_eof>] | |
70 | [B<-status>] | |
71 | [B<-status_verbose>] | |
e8769719 RS |
72 | [B<-status_timeout> I<int>] |
73 | [B<-status_url> I<val>] | |
74 | [B<-status_file> I<infile>] | |
0bae1960 MC |
75 | [B<-trace>] |
76 | [B<-security_debug>] | |
77 | [B<-security_debug_verbose>] | |
78 | [B<-brief>] | |
79 | [B<-rev>] | |
80 | [B<-async>] | |
e8769719 RS |
81 | [B<-ssl_config> I<val>] |
82 | [B<-max_send_frag> I<+int>] | |
83 | [B<-split_send_frag> I<+int>] | |
84 | [B<-max_pipelines> I<+int>] | |
85 | [B<-read_buf> I<+int>] | |
0bae1960 MC |
86 | [B<-bugs>] |
87 | [B<-no_comp>] | |
88 | [B<-comp>] | |
89 | [B<-no_ticket>] | |
7ffb7fbe | 90 | [B<-num_tickets>] |
0bae1960 MC |
91 | [B<-serverpref>] |
92 | [B<-legacy_renegotiation>] | |
93 | [B<-no_renegotiation>] | |
94 | [B<-legacy_server_connect>] | |
95 | [B<-no_resumption_on_reneg>] | |
96 | [B<-no_legacy_server_connect>] | |
4e2bd9cb | 97 | [B<-allow_no_dhe_kex>] |
e1c7871d | 98 | [B<-prioritize_chacha>] |
0bae1960 | 99 | [B<-strict>] |
e8769719 RS |
100 | [B<-sigalgs> I<val>] |
101 | [B<-client_sigalgs> I<val>] | |
102 | [B<-groups> I<val>] | |
103 | [B<-curves> I<val>] | |
104 | [B<-named_curve> I<val>] | |
105 | [B<-cipher> I<val>] | |
106 | [B<-ciphersuites> I<val>] | |
107 | [B<-dhparam> I<infile>] | |
108 | [B<-record_padding> I<val>] | |
0bae1960 | 109 | [B<-debug_broken_protocol>] |
e8769719 RS |
110 | [B<-policy> I<val>] |
111 | [B<-purpose> I<val>] | |
112 | [B<-verify_name> I<val>] | |
113 | [B<-verify_depth> I<int>] | |
114 | [B<-auth_level> I<int>] | |
115 | [B<-attime> I<intmax>] | |
116 | [B<-verify_hostname> I<val>] | |
117 | [B<-verify_email> I<val>] | |
0bae1960 | 118 | [B<-verify_ip>] |
e42d84be | 119 | [B<-ignore_critical>] |
0bae1960 MC |
120 | [B<-issuer_checks>] |
121 | [B<-crl_check>] | |
122 | [B<-crl_check_all>] | |
123 | [B<-policy_check>] | |
124 | [B<-explicit_policy>] | |
e42d84be HK |
125 | [B<-inhibit_any>] |
126 | [B<-inhibit_map>] | |
0bae1960 MC |
127 | [B<-x509_strict>] |
128 | [B<-extended_crl>] | |
129 | [B<-use_deltas>] | |
e42d84be | 130 | [B<-policy_print>] |
0bae1960 MC |
131 | [B<-check_ss_sig>] |
132 | [B<-trusted_first>] | |
e42d84be | 133 | [B<-suiteB_128_only>] |
0bae1960 | 134 | [B<-suiteB_128>] |
e42d84be | 135 | [B<-suiteB_192>] |
0bae1960 | 136 | [B<-partial_chain>] |
fa7b0111 | 137 | [B<-no_alt_chains>] |
0bae1960 MC |
138 | [B<-no_check_time>] |
139 | [B<-allow_proxy_certs>] | |
0bae1960 | 140 | [B<-nbio>] |
e8769719 RS |
141 | [B<-psk_identity> I<val>] |
142 | [B<-psk_hint> I<val>] | |
143 | [B<-psk> I<val>] | |
144 | [B<-psk_session> I<file>] | |
145 | [B<-srpvfile> I<infile>] | |
146 | [B<-srpuserseed> I<val>] | |
0bae1960 | 147 | [B<-timeout>] |
e8769719 | 148 | [B<-mtu> I<+int>] |
0bae1960 | 149 | [B<-listen>] |
19044d3c | 150 | [B<-sctp>] |
09d62b33 | 151 | [B<-sctp_label_bug>] |
a2151c5b | 152 | [B<-no_dhe>] |
e8769719 RS |
153 | [B<-nextprotoneg> I<val>] |
154 | [B<-use_srtp> I<val>] | |
155 | [B<-alpn> I<val>] | |
e8769719 RS |
156 | [B<-keylogfile> I<outfile>] |
157 | [B<-max_early_data> I<int>] | |
6437b802 | 158 | [B<-early_data>] |
3bb5e5b0 MC |
159 | [B<-anti_replay>] |
160 | [B<-no_anti_replay>] | |
c3be39f2 | 161 | [B<-http_server_binmode>] |
bc24e3ee | 162 | {- $OpenSSL::safe::opt_name_synopsis -} |
d4bff20d | 163 | {- $OpenSSL::safe::opt_version_synopsis -} |
9fcb9702 RS |
164 | {- $OpenSSL::safe::opt_x_synopsis -} |
165 | {- $OpenSSL::safe::opt_trust_synopsis -} | |
166 | {- $OpenSSL::safe::opt_r_synopsis -} | |
018aaeb4 | 167 | {- $OpenSSL::safe::opt_engine_synopsis -} |
7efd0e77 | 168 | |
9f3c076b | 169 | =for openssl ifdef unix 4 6 unlink no_dhe nextprotoneg use_srtp engine |
1738c0ce | 170 | |
9f3c076b | 171 | =for openssl ifdef status status_verbose status_timeout status_url status_file |
1738c0ce | 172 | |
9f3c076b | 173 | =for openssl ifdef psk_hint srpvfile srpuserseed sctp sctp_label_bug |
1738c0ce | 174 | |
9f3c076b | 175 | =for openssl ifdef sctp sctp_label_bug trace mtu timeout listen |
1738c0ce | 176 | |
9f3c076b | 177 | =for openssl ifdef ssl3 tls1 tls1_1 tls1_2 tls1_3 dtls mtu dtls1 dtls1_2 |
1738c0ce | 178 | |
a2151c5b DSH |
179 | =head1 DESCRIPTION |
180 | ||
35a810bb RL |
181 | This command implements a generic SSL/TLS server which |
182 | listens for connections on a given port using SSL/TLS. | |
a2151c5b DSH |
183 | |
184 | =head1 OPTIONS | |
185 | ||
35a810bb RL |
186 | In addition to the options below, this command also supports |
187 | the common and server only options documented | |
f5c14c63 | 188 | L<SSL_CONF_cmd(3)/Supported Command Line Commands> |
765b4137 | 189 | |
a2151c5b DSH |
190 | =over 4 |
191 | ||
169394d4 MR |
192 | =item B<-help> |
193 | ||
194 | Print out a usage message. | |
195 | ||
e8769719 | 196 | =item B<-port> I<+int> |
a2151c5b | 197 | |
8c73aeb6 | 198 | The TCP port to listen on for connections. If not specified 4433 is used. |
a2151c5b | 199 | |
e8769719 | 200 | =item B<-accept> I<val> |
a22f9c84 E |
201 | |
202 | The optional TCP host and port to listen on for connections. If not specified, *:4433 is used. | |
203 | ||
e8769719 | 204 | =item B<-unix> I<val> |
a22f9c84 E |
205 | |
206 | Unix domain socket to accept on. | |
207 | ||
a22f9c84 E |
208 | =item B<-4> |
209 | ||
210 | Use IPv4 only. | |
211 | ||
212 | =item B<-6> | |
213 | ||
214 | Use IPv6 only. | |
215 | ||
0bae1960 MC |
216 | =item B<-unlink> |
217 | ||
218 | For -unix, unlink any existing socket first. | |
219 | ||
e8769719 | 220 | =item B<-context> I<val> |
a2151c5b | 221 | |
8c73aeb6 | 222 | Sets the SSL context id. It can be given any string value. If this option |
cc8709a0 | 223 | is not present a default value will be used. |
a2151c5b | 224 | |
e8769719 | 225 | =item B<-verify> I<int>, B<-Verify> I<int> |
0bae1960 MC |
226 | |
227 | The verify depth to use. This specifies the maximum length of the | |
228 | client certificate chain and makes the server request a certificate from | |
229 | the client. With the B<-verify> option a certificate is requested but the | |
230 | client does not have to send one, with the B<-Verify> option the client | |
231 | must supply a certificate or an error occurs. | |
232 | ||
233 | If the cipher suite cannot request a client certificate (for example an | |
234 | anonymous cipher suite or PSK) this option has no effect. | |
235 | ||
e8769719 | 236 | =item B<-cert> I<infile> |
a2151c5b DSH |
237 | |
238 | The certificate to use, most servers cipher suites require the use of a | |
239 | certificate and some require a certificate with a certain public key type: | |
240 | for example the DSS cipher suites require a certificate containing a DSS | |
1948394d | 241 | (DSA) key. If not specified then the filename F<server.pem> will be used. |
a2151c5b | 242 | |
7cacbe9d DB |
243 | =item B<-cert_chain> |
244 | ||
245 | A file containing trusted certificates to use when attempting to build the | |
246 | client/server certificate chain related to the certificate specified via the | |
247 | B<-cert> option. | |
248 | ||
249 | =item B<-build_chain> | |
250 | ||
251 | Specify whether the application should build the certificate chain to be | |
252 | provided to the client. | |
253 | ||
e8769719 | 254 | =item B<-naccept> I<+int> |
0bae1960 MC |
255 | |
256 | The server will exit after receiving the specified number of connections, | |
257 | default unlimited. | |
258 | ||
e8769719 | 259 | =item B<-serverinfo> I<val> |
0bae1960 MC |
260 | |
261 | A file containing one or more blocks of PEM data. Each PEM block | |
262 | must encode a TLS ServerHello extension (2 bytes type, 2 bytes length, | |
263 | followed by "length" bytes of extension data). If the client sends | |
264 | an empty TLS ClientHello extension matching the type, the corresponding | |
265 | ServerHello extension will be returned. | |
266 | ||
777182a0 | 267 | =item B<-certform> B<DER>|B<PEM>, B<-CRLForm> B<DER>|B<PEM> |
826a42a0 | 268 | |
777182a0 RS |
269 | The certificate and CRL format; the default is PEM. |
270 | See L<openssl(1)/Format Options> for details. | |
826a42a0 | 271 | |
e8769719 | 272 | =item B<-key> I<infile> |
a2151c5b DSH |
273 | |
274 | The private key to use. If not specified then the certificate file will | |
275 | be used. | |
276 | ||
9fcb9702 | 277 | =item B<-keyform> B<DER>|B<PEM> |
826a42a0 | 278 | |
777182a0 RS |
279 | The key format; the default is B<PEM>. |
280 | See L<openssl(1)/Format Options> for details. | |
826a42a0 | 281 | |
e8769719 | 282 | =item B<-pass> I<val> |
826a42a0 | 283 | |
777182a0 RS |
284 | The private key password source. |
285 | For more information about the format of I<val>, | |
3a4e43de | 286 | see L<openssl(1)/Pass Phrase Options>. |
826a42a0 | 287 | |
e8769719 | 288 | =item B<-dcert> I<infile>, B<-dkey> I<infile> |
a2151c5b | 289 | |
8c73aeb6 | 290 | Specify an additional certificate and private key, these behave in the |
a2151c5b DSH |
291 | same manner as the B<-cert> and B<-key> options except there is no default |
292 | if they are not specified (no additional certificate and key is used). As | |
293 | noted above some cipher suites require a certificate containing a key of | |
294 | a certain type. Some cipher suites need a certificate carrying an RSA key | |
295 | and some a DSS (DSA) key. By using RSA and DSS certificates and keys | |
296 | a server can support clients which only support RSA or DSS cipher suites | |
297 | by using an appropriate certificate. | |
298 | ||
7cacbe9d DB |
299 | =item B<-dcert_chain> |
300 | ||
301 | A file containing trusted certificates to use when attempting to build the | |
302 | server certificate chain when a certificate specified via the B<-dcert> option | |
303 | is in use. | |
304 | ||
777182a0 RS |
305 | =item B<-dcertform> B<DER>|B<PEM>, B<-dkeyform> B<DER>|B<PEM> |
306 | ||
307 | The format of the certificate and private key; the default is B<PEM> | |
308 | see L<openssl(1)/Format Options>. | |
826a42a0 | 309 | |
777182a0 RS |
310 | =item B<-dpass> I<val> |
311 | ||
312 | The passphrase for the additional private key. | |
313 | For more information about the format of I<val>, | |
314 | see L<openssl(1)/Pass Phrase Options>. | |
826a42a0 | 315 | |
0bae1960 | 316 | =item B<-nbio_test> |
a2151c5b | 317 | |
0bae1960 | 318 | Tests non blocking I/O. |
a2151c5b | 319 | |
0bae1960 | 320 | =item B<-crlf> |
a2151c5b | 321 | |
0bae1960 | 322 | This option translated a line feed from the terminal into CR+LF. |
a2151c5b | 323 | |
0bae1960 | 324 | =item B<-debug> |
a2151c5b | 325 | |
0bae1960 | 326 | Print extensive debugging information including a hex dump of all traffic. |
a2151c5b | 327 | |
0bae1960 | 328 | =item B<-msg> |
51e00db2 | 329 | |
0bae1960 | 330 | Show all protocol messages with hex dump. |
51e00db2 | 331 | |
e8769719 | 332 | =item B<-msgfile> I<outfile> |
a2151c5b | 333 | |
0bae1960 | 334 | File to send output of B<-msg> or B<-trace> to, default standard output. |
a2151c5b | 335 | |
0bae1960 MC |
336 | =item B<-state> |
337 | ||
338 | Prints the SSL session states. | |
339 | ||
e8769719 | 340 | =item B<-chainCApath> I<dir> |
7cacbe9d DB |
341 | |
342 | The directory to use for building the chain provided to the client. This | |
8bc93d2f RL |
343 | directory must be in "hash format", see L<openssl-verify(1)> for more |
344 | information. | |
7cacbe9d | 345 | |
e8769719 | 346 | =item B<-chainCAfile> I<file> |
7cacbe9d DB |
347 | |
348 | A file containing trusted certificates to use when attempting to build the | |
349 | server certificate chain. | |
350 | ||
fd3397fc RL |
351 | =item B<-chainCAstore> I<uri> |
352 | ||
353 | The URI to a store to use for building the chain provided to the client. | |
354 | The URI may indicate a single certificate, as well as a collection of | |
355 | them. | |
356 | With URIs in the C<file:> scheme, this acts as B<-chainCAfile> or | |
357 | B<-chainCApath>, depending on if the URI indicates a directory or a | |
358 | single file. | |
359 | See L<ossl_store-file(7)> for more information on the C<file:> scheme. | |
360 | ||
0bae1960 | 361 | =item B<-nocert> |
8d419330 | 362 | |
0bae1960 MC |
363 | If this option is set then no certificate is used. This restricts the |
364 | cipher suites available to the anonymous ones (currently just anonymous | |
365 | DH). | |
8d419330 | 366 | |
0bae1960 | 367 | =item B<-quiet> |
a2151c5b | 368 | |
0bae1960 | 369 | Inhibit printing of session and certificate information. |
a2151c5b | 370 | |
0bae1960 | 371 | =item B<-www> |
a2151c5b | 372 | |
0bae1960 MC |
373 | Sends a status message back to the client when it connects. This includes |
374 | information about the ciphers used and various session parameters. | |
375 | The output is in HTML format so this option will normally be used with a | |
6ef40f1f | 376 | web browser. Cannot be used in conjunction with B<-early_data>. |
a2151c5b | 377 | |
0bae1960 | 378 | =item B<-WWW> |
1d8634b1 | 379 | |
0bae1960 MC |
380 | Emulates a simple web server. Pages will be resolved relative to the |
381 | current directory, for example if the URL https://myhost/page.html is | |
d4bff20d RS |
382 | requested the file F<./page.html> will be loaded. |
383 | The files loaded are | |
384 | assumed to contain a complete and correct HTTP response (lines that | |
385 | are part of the HTTP response line and headers must end with CRLF). Cannot be | |
386 | used in conjunction with B<-early_data>. | |
387 | Cannot be used in conjunction | |
6ef40f1f | 388 | with B<-early_data>. |
1d8634b1 | 389 | |
0bae1960 | 390 | =item B<-tlsextdebug> |
8dbeb110 | 391 | |
0bae1960 | 392 | Print a hex dump of any TLS extensions received from the server. |
8dbeb110 | 393 | |
e8769719 | 394 | =item B<-id_prefix> I<val> |
a2151c5b | 395 | |
2f0ea936 | 396 | Generate SSL/TLS session IDs prefixed by I<val>. This is mostly useful |
0bae1960 MC |
397 | for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple |
398 | servers, when each of which might be generating a unique range of session | |
399 | IDs (eg. with a certain prefix). | |
a2151c5b | 400 | |
0bae1960 | 401 | =item B<-verify_return_error> |
a2151c5b | 402 | |
0bae1960 MC |
403 | Verification errors normally just print a message but allow the |
404 | connection to continue, for debugging purposes. | |
405 | If this option is used, then verification errors close the connection. | |
a2151c5b | 406 | |
0bae1960 | 407 | =item B<-status> |
a2151c5b | 408 | |
0bae1960 | 409 | Enables certificate status request support (aka OCSP stapling). |
a2151c5b | 410 | |
0bae1960 | 411 | =item B<-status_verbose> |
ddac1974 | 412 | |
0bae1960 MC |
413 | Enables certificate status request support (aka OCSP stapling) and gives |
414 | a verbose printout of the OCSP response. | |
ddac1974 | 415 | |
e8769719 | 416 | =item B<-status_timeout> I<int> |
720b6cbe | 417 | |
2f0ea936 | 418 | Sets the timeout for OCSP response to I<int> seconds. |
720b6cbe | 419 | |
e8769719 | 420 | =item B<-status_url> I<val> |
ddac1974 | 421 | |
0bae1960 MC |
422 | Sets a fallback responder URL to use if no responder URL is present in the |
423 | server certificate. Without this option an error is returned if the server | |
424 | certificate does not contain a responder address. | |
ddac1974 | 425 | |
e8769719 | 426 | =item B<-status_file> I<infile> |
a2151c5b | 427 | |
0bae1960 MC |
428 | Overrides any OCSP responder URLs from the certificate and always provides the |
429 | OCSP Response stored in the file. The file must be in DER format. | |
a2151c5b | 430 | |
0bae1960 | 431 | =item B<-trace> |
35d15a39 | 432 | |
0bae1960 MC |
433 | Show verbose trace output of protocol messages. OpenSSL needs to be compiled |
434 | with B<enable-ssl-trace> for this option to work. | |
35d15a39 | 435 | |
0bae1960 | 436 | =item B<-brief> |
35d15a39 | 437 | |
0bae1960 MC |
438 | Provide a brief summary of connection parameters instead of the normal verbose |
439 | output. | |
35d15a39 | 440 | |
0bae1960 | 441 | =item B<-rev> |
19044d3c | 442 | |
0bae1960 | 443 | Simple test server which just reverses the text received from the client |
6ef40f1f MC |
444 | and sends it back to the server. Also sets B<-brief>. Cannot be used in |
445 | conjunction with B<-early_data>. | |
19044d3c | 446 | |
bc8857bf MC |
447 | =item B<-async> |
448 | ||
8c73aeb6 | 449 | Switch on asynchronous mode. Cryptographic operations will be performed |
bc8857bf MC |
450 | asynchronously. This will only have an effect if an asynchronous capable engine |
451 | is also used via the B<-engine> option. For test purposes the dummy async engine | |
452 | (dasync) can be used (if available). | |
453 | ||
e8769719 | 454 | =item B<-max_send_frag> I<+int> |
28e5ea88 F |
455 | |
456 | The maximum size of data fragment to send. | |
457 | See L<SSL_CTX_set_max_send_fragment(3)> for further information. | |
458 | ||
e8769719 | 459 | =item B<-split_send_frag> I<+int> |
0df80881 MC |
460 | |
461 | The size used to split data for encrypt pipelines. If more data is written in | |
462 | one go than this value then it will be split into multiple pipelines, up to the | |
463 | maximum number of pipelines defined by max_pipelines. This only has an effect if | |
c4de074e | 464 | a suitable cipher suite has been negotiated, an engine that supports pipelining |
0df80881 MC |
465 | has been loaded, and max_pipelines is greater than 1. See |
466 | L<SSL_CTX_set_split_send_fragment(3)> for further information. | |
467 | ||
e8769719 | 468 | =item B<-max_pipelines> I<+int> |
0df80881 MC |
469 | |
470 | The maximum number of encrypt/decrypt pipelines to be used. This will only have | |
471 | an effect if an engine has been loaded that supports pipelining (e.g. the dasync | |
c4de074e | 472 | engine) and a suitable cipher suite has been negotiated. The default value is 1. |
0df80881 MC |
473 | See L<SSL_CTX_set_max_pipelines(3)> for further information. |
474 | ||
e8769719 | 475 | =item B<-read_buf> I<+int> |
0df80881 MC |
476 | |
477 | The default read buffer size to be used for connections. This will only have an | |
478 | effect if the buffer size is larger than the size that would otherwise be used | |
479 | and pipelining is in use (see L<SSL_CTX_set_default_read_buffer_len(3)> for | |
480 | further information). | |
481 | ||
a2151c5b DSH |
482 | =item B<-bugs> |
483 | ||
fc4e500b | 484 | There are several known bugs in SSL and TLS implementations. Adding this |
a2151c5b DSH |
485 | option enables various workarounds. |
486 | ||
0bae1960 MC |
487 | =item B<-no_comp> |
488 | ||
489 | Disable negotiation of TLS compression. | |
490 | TLS compression is not recommended and is off by default as of | |
491 | OpenSSL 1.1.0. | |
492 | ||
cc5a9ba4 VD |
493 | =item B<-comp> |
494 | ||
495 | Enable negotiation of TLS compression. | |
496 | This option was introduced in OpenSSL 1.1.0. | |
497 | TLS compression is not recommended and is off by default as of | |
498 | OpenSSL 1.1.0. | |
499 | ||
0bae1960 | 500 | =item B<-no_ticket> |
cc5a9ba4 | 501 | |
7ffb7fbe MC |
502 | Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3 |
503 | is negotiated. See B<-num_tickets>. | |
504 | ||
505 | =item B<-num_tickets> | |
506 | ||
507 | Control the number of tickets that will be sent to the client after a full | |
508 | handshake in TLSv1.3. The default number of tickets is 2. This option does not | |
509 | affect the number of tickets sent after a resumption handshake. | |
cc5a9ba4 | 510 | |
0bae1960 | 511 | =item B<-serverpref> |
765b4137 | 512 | |
0bae1960 MC |
513 | Use the server's cipher preferences, rather than the client's preferences. |
514 | ||
e1c7871d TS |
515 | =item B<-prioritize_chacha> |
516 | ||
517 | Prioritize ChaCha ciphers when preferred by clients. Requires B<-serverpref>. | |
518 | ||
0bae1960 MC |
519 | =item B<-no_resumption_on_reneg> |
520 | ||
521 | Set the B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> option. | |
765b4137 | 522 | |
e8769719 | 523 | =item B<-client_sigalgs> I<val> |
254b58fd SC |
524 | |
525 | Signature algorithms to support for client certificate authentication | |
c4de074e | 526 | (colon-separated list). |
254b58fd | 527 | |
e8769719 | 528 | =item B<-named_curve> I<val> |
254b58fd SC |
529 | |
530 | Specifies the elliptic curve to use. NOTE: this is single curve, not a list. | |
531 | For a list of all possible curves, use: | |
532 | ||
533 | $ openssl ecparam -list_curves | |
534 | ||
e8769719 | 535 | =item B<-cipher> I<val> |
a2151c5b | 536 | |
9d2674cd MC |
537 | This allows the list of TLSv1.2 and below ciphersuites used by the server to be |
538 | modified. This list is combined with any TLSv1.3 ciphersuites that have been | |
539 | configured. When the client sends a list of supported ciphers the first client | |
540 | cipher also included in the server list is used. Because the client specifies | |
541 | the preference order, the order of the server cipherlist is irrelevant. See | |
35a810bb | 542 | L<openssl-ciphers(1)> for more information. |
a2151c5b | 543 | |
e8769719 | 544 | =item B<-ciphersuites> I<val> |
9d2674cd MC |
545 | |
546 | This allows the list of TLSv1.3 ciphersuites used by the server to be modified. | |
547 | This list is combined with any TLSv1.2 and below ciphersuites that have been | |
548 | configured. When the client sends a list of supported ciphers the first client | |
549 | cipher also included in the server list is used. Because the client specifies | |
550 | the preference order, the order of the server cipherlist is irrelevant. See | |
35a810bb RL |
551 | L<openssl-ciphers(1)> command for more information. The format for this list is |
552 | a simple colon (":") separated list of TLSv1.3 ciphersuite names. | |
9d2674cd | 553 | |
e8769719 | 554 | =item B<-dhparam> I<infile> |
7b825005 | 555 | |
0bae1960 MC |
556 | The DH parameter file to use. The ephemeral DH cipher suites generate keys |
557 | using a set of DH parameters. If not specified then an attempt is made to | |
558 | load the parameters from the server certificate file. | |
35a810bb RL |
559 | If this fails then a static set of parameters hard coded into this command |
560 | will be used. | |
765b4137 | 561 | |
0bae1960 MC |
562 | =item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>, |
563 | B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>, | |
564 | B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>, | |
565 | B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>, | |
566 | B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>, | |
567 | B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, | |
568 | B<-verify_ip>, B<-verify_name>, B<-x509_strict> | |
5270e702 | 569 | |
0bae1960 | 570 | Set different peer certificate verification options. |
8bc93d2f | 571 | See the L<openssl-verify(1)> manual page for details. |
5270e702 | 572 | |
0bae1960 | 573 | =item B<-crl_check>, B<-crl_check_all> |
e986704d | 574 | |
0bae1960 MC |
575 | Check the peer certificate has not been revoked by its CA. |
576 | The CRL(s) are appended to the certificate file. With the B<-crl_check_all> | |
577 | option all CRLs of all CAs in the chain are checked. | |
e986704d | 578 | |
0bae1960 | 579 | =item B<-nbio> |
52b621db | 580 | |
0bae1960 | 581 | Turns on non blocking I/O. |
52b621db | 582 | |
e8769719 | 583 | =item B<-psk_identity> I<val> |
9cd50f73 | 584 | |
2f0ea936 | 585 | Expect the client to send PSK identity I<val> when using a PSK |
0bae1960 MC |
586 | cipher suite, and warn if they do not. By default, the expected PSK |
587 | identity is the string "Client_identity". | |
9cd50f73 | 588 | |
e8769719 | 589 | =item B<-psk_hint> I<val> |
36086186 | 590 | |
2f0ea936 | 591 | Use the PSK identity hint I<val> when using a PSK cipher suite. |
36086186 | 592 | |
e8769719 | 593 | =item B<-psk> I<val> |
cba3f1c7 | 594 | |
2f0ea936 | 595 | Use the PSK key I<val> when using a PSK cipher suite. The key is |
0bae1960 MC |
596 | given as a hexadecimal number without leading 0x, for example -psk |
597 | 1a2b3c4d. | |
598 | This option must be provided in order to use a PSK cipher. | |
cba3f1c7 | 599 | |
e8769719 | 600 | =item B<-psk_session> I<file> |
9e064bc1 | 601 | |
2f0ea936 | 602 | Use the pem encoded SSL_SESSION data stored in I<file> as the basis of a PSK. |
9e064bc1 MC |
603 | Note that this will only work if TLSv1.3 is negotiated. |
604 | ||
0bae1960 | 605 | =item B<-listen> |
cba3f1c7 | 606 | |
0bae1960 | 607 | This option can only be used in conjunction with one of the DTLS options above. |
35a810bb RL |
608 | With this option, this command will listen on a UDP port for incoming |
609 | connections. | |
0bae1960 MC |
610 | Any ClientHellos that arrive will be checked to see if they have a cookie in |
611 | them or not. | |
612 | Any without a cookie will be responded to with a HelloVerifyRequest. | |
35a810bb RL |
613 | If a ClientHello with a cookie is received then this command will |
614 | connect to that peer and complete the handshake. | |
cba3f1c7 | 615 | |
0bae1960 | 616 | =item B<-sctp> |
cba3f1c7 | 617 | |
0bae1960 MC |
618 | Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in |
619 | conjunction with B<-dtls>, B<-dtls1> or B<-dtls1_2>. This option is only | |
620 | available where OpenSSL has support for SCTP enabled. | |
cba3f1c7 | 621 | |
09d62b33 MT |
622 | =item B<-sctp_label_bug> |
623 | ||
624 | Use the incorrect behaviour of older OpenSSL implementations when computing | |
625 | endpoint-pair shared secrets for DTLS/SCTP. This allows communication with | |
626 | older broken implementations but breaks interoperability with correct | |
627 | implementations. Must be used in conjunction with B<-sctp>. This option is only | |
628 | available where OpenSSL has support for SCTP enabled. | |
629 | ||
0bae1960 | 630 | =item B<-no_dhe> |
acf65ae5 | 631 | |
0bae1960 MC |
632 | If this option is set then no DH parameters will be loaded effectively |
633 | disabling the ephemeral DH cipher suites. | |
acf65ae5 | 634 | |
e8769719 | 635 | =item B<-alpn> I<val>, B<-nextprotoneg> I<val> |
7efd0e77 | 636 | |
c4de074e P |
637 | These flags enable the Enable the Application-Layer Protocol Negotiation |
638 | or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the | |
639 | IETF standard and replaces NPN. | |
2f0ea936 | 640 | The I<val> list is a comma-separated list of supported protocol |
c4de074e | 641 | names. The list should contain the most desirable protocols first. |
7efd0e77 HK |
642 | Protocol names are printable ASCII strings, for example "http/1.1" or |
643 | "spdy/3". | |
837f87c2 | 644 | The flag B<-nextprotoneg> cannot be specified if B<-tls1_3> is used. |
7efd0e77 | 645 | |
e8769719 | 646 | =item B<-keylogfile> I<outfile> |
39176d44 PW |
647 | |
648 | Appends TLS secrets to the specified keylog file such that external programs | |
649 | (like Wireshark) can decrypt TLS connections. | |
650 | ||
e8769719 | 651 | =item B<-max_early_data> I<int> |
6437b802 MC |
652 | |
653 | Change the default maximum early data bytes that are specified for new sessions | |
654 | and any incoming early data (when used in conjunction with the B<-early_data> | |
83750d9b MC |
655 | flag). The default value is approximately 16k. The argument must be an integer |
656 | greater than or equal to 0. | |
6437b802 MC |
657 | |
658 | =item B<-early_data> | |
659 | ||
6ef40f1f MC |
660 | Accept early data where possible. Cannot be used in conjunction with B<-www>, |
661 | B<-WWW>, B<-HTTP> or B<-rev>. | |
6437b802 | 662 | |
3bb5e5b0 MC |
663 | =item B<-anti_replay>, B<-no_anti_replay> |
664 | ||
665 | Switches replay protection on or off, respectively. Replay protection is on by | |
666 | default unless overridden by a configuration file. When it is on, OpenSSL will | |
667 | automatically detect if a session ticket has been used more than once, TLSv1.3 | |
668 | has been negotiated, and early data is enabled on the server. A full handshake | |
669 | is forced if a session ticket is used a second or subsequent time. Any early | |
670 | data that was sent will be rejected. | |
671 | ||
c3be39f2 LZ |
672 | =item B<-http_server_binmode> |
673 | ||
674 | When acting as web-server (using option B<-WWW> or B<-HTTP>) open files requested | |
675 | by the client in binary mode. | |
676 | ||
bc24e3ee RS |
677 | {- $OpenSSL::safe::opt_name_item -} |
678 | ||
d4bff20d RS |
679 | {- $OpenSSL::safe::opt_version_item -} |
680 | ||
9fcb9702 RS |
681 | {- $OpenSSL::safe::opt_x_item -} |
682 | ||
683 | {- $OpenSSL::safe::opt_trust_item -} | |
684 | ||
685 | {- $OpenSSL::safe::opt_r_item -} | |
686 | ||
018aaeb4 RS |
687 | {- $OpenSSL::safe::opt_engine_item -} |
688 | ||
a2151c5b DSH |
689 | =back |
690 | ||
691 | =head1 CONNECTED COMMANDS | |
692 | ||
693 | If a connection request is established with an SSL client and neither the | |
4b08eaf5 | 694 | B<-www> nor the B<-WWW> option has been used then normally any data received |
8c73aeb6 | 695 | from the client is displayed and any key presses will be sent to the client. |
4b08eaf5 | 696 | |
3d0dde84 MC |
697 | Certain commands are also recognized which perform special operations. These |
698 | commands are a letter which must appear at the start of a line. They are listed | |
699 | below. | |
4b08eaf5 DSH |
700 | |
701 | =over 4 | |
702 | ||
703 | =item B<q> | |
704 | ||
c4de074e | 705 | End the current SSL connection but still accept new connections. |
4b08eaf5 DSH |
706 | |
707 | =item B<Q> | |
708 | ||
c4de074e | 709 | End the current SSL connection and exit. |
4b08eaf5 DSH |
710 | |
711 | =item B<r> | |
712 | ||
3d0dde84 | 713 | Renegotiate the SSL session (TLSv1.2 and below only). |
4b08eaf5 DSH |
714 | |
715 | =item B<R> | |
716 | ||
3d0dde84 MC |
717 | Renegotiate the SSL session and request a client certificate (TLSv1.2 and below |
718 | only). | |
4b08eaf5 DSH |
719 | |
720 | =item B<P> | |
721 | ||
c4de074e | 722 | Send some plain text down the underlying TCP connection: this should |
4b08eaf5 DSH |
723 | cause the client to disconnect due to a protocol violation. |
724 | ||
725 | =item B<S> | |
726 | ||
c4de074e | 727 | Print out some session cache status information. |
4b08eaf5 | 728 | |
3d0dde84 MC |
729 | =item B<k> |
730 | ||
731 | Send a key update message to the client (TLSv1.3 only) | |
732 | ||
733 | =item B<K> | |
734 | ||
735 | Send a key update message to the client and request one back (TLSv1.3 only) | |
736 | ||
737 | =item B<c> | |
738 | ||
739 | Send a certificate request to the client (TLSv1.3 only) | |
740 | ||
4b08eaf5 | 741 | =back |
a2151c5b DSH |
742 | |
743 | =head1 NOTES | |
744 | ||
35a810bb RL |
745 | This command can be used to debug SSL clients. To accept connections |
746 | from a web browser the command: | |
a2151c5b DSH |
747 | |
748 | openssl s_server -accept 443 -www | |
749 | ||
750 | can be used for example. | |
751 | ||
a2151c5b | 752 | Although specifying an empty list of CAs when requesting a client certificate |
4b08eaf5 DSH |
753 | is strictly speaking a protocol violation, some SSL clients interpret this to |
754 | mean any CA is acceptable. This is useful for debugging purposes. | |
a2151c5b | 755 | |
35a810bb | 756 | The session parameters can printed out using the L<openssl-sess_id(1)> command. |
a2151c5b DSH |
757 | |
758 | =head1 BUGS | |
759 | ||
8c73aeb6 | 760 | Because this program has a lot of options and also because some of the |
35a810bb RL |
761 | techniques used are rather old, the C source for this command is rather |
762 | hard to read and not a model of how things should be done. | |
8c73aeb6 | 763 | A typical SSL server program would be much simpler. |
a2151c5b DSH |
764 | |
765 | The output of common ciphers is wrong: it just gives the list of ciphers that | |
4b08eaf5 | 766 | OpenSSL recognizes and the client supports. |
a2151c5b | 767 | |
35a810bb RL |
768 | There should be a way for this command to print out details |
769 | of any unknown cipher suites a client says it supports. | |
a2151c5b DSH |
770 | |
771 | =head1 SEE ALSO | |
772 | ||
b6b66573 DMSP |
773 | L<openssl(1)>, |
774 | L<openssl-sess_id(1)>, | |
775 | L<openssl-s_client(1)>, | |
776 | L<openssl-ciphers(1)>, | |
777 | L<SSL_CONF_cmd(3)>, | |
dfee8626 RS |
778 | L<SSL_CTX_set_max_send_fragment(3)>, |
779 | L<SSL_CTX_set_split_send_fragment(3)>, | |
fd3397fc RL |
780 | L<SSL_CTX_set_max_pipelines(3)>, |
781 | L<ossl_store-file(7)> | |
a2151c5b | 782 | |
fa7b0111 MC |
783 | =head1 HISTORY |
784 | ||
fc5ecadd | 785 | The -no_alt_chains option was added in OpenSSL 1.1.0. |
e1c7871d | 786 | |
fc5ecadd DMSP |
787 | The |
788 | -allow-no-dhe-kex and -prioritize_chacha options were added in OpenSSL 1.1.1. | |
fa7b0111 | 789 | |
e2f92610 RS |
790 | =head1 COPYRIGHT |
791 | ||
b6b66573 | 792 | Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 793 | |
449040b4 | 794 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
795 | this file except in compliance with the License. You can obtain a copy |
796 | in the file LICENSE in the source distribution or at | |
797 | L<https://www.openssl.org/source/license.html>. | |
798 | ||
799 | =cut |