]>
Commit | Line | Data |
---|---|---|
a2151c5b DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | s_server - SSL/TLS server program | |
6 | ||
7 | =head1 SYNOPSIS | |
8 | ||
a2bbe594 | 9 | B<openssl> B<s_server> |
169394d4 | 10 | [B<-help>] |
a22f9c84 E |
11 | [B<-port port>] |
12 | [B<-accept val>] | |
642aa226 | 13 | [B<-naccept count>] |
a22f9c84 E |
14 | [B<-unix val>] |
15 | [B<-unlink>] | |
16 | [B<-4>] | |
17 | [B<-6>] | |
a2151c5b DSH |
18 | [B<-context id>] |
19 | [B<-verify depth>] | |
20 | [B<-Verify depth>] | |
51e00db2 LJ |
21 | [B<-crl_check>] |
22 | [B<-crl_check_all>] | |
a2151c5b | 23 | [B<-cert filename>] |
826a42a0 | 24 | [B<-certform DER|PEM>] |
a2151c5b | 25 | [B<-key keyfile>] |
826a42a0 DSH |
26 | [B<-keyform DER|PEM>] |
27 | [B<-pass arg>] | |
a2151c5b | 28 | [B<-dcert filename>] |
826a42a0 | 29 | [B<-dcertform DER|PEM>] |
a2151c5b | 30 | [B<-dkey keyfile>] |
826a42a0 DSH |
31 | [B<-dkeyform DER|PEM>] |
32 | [B<-dpass arg>] | |
a2151c5b DSH |
33 | [B<-dhparam filename>] |
34 | [B<-nbio>] | |
35 | [B<-nbio_test>] | |
36 | [B<-crlf>] | |
37 | [B<-debug>] | |
1d8634b1 | 38 | [B<-msg>] |
a2151c5b DSH |
39 | [B<-state>] |
40 | [B<-CApath directory>] | |
41 | [B<-CAfile filename>] | |
40e2d76b MC |
42 | [B<-no-CAfile>] |
43 | [B<-no-CApath>] | |
e42d84be HK |
44 | [B<-attime timestamp>] |
45 | [B<-check_ss_sig>] | |
46 | [B<-explicit_policy>] | |
47 | [B<-extended_crl>] | |
48 | [B<-ignore_critical>] | |
49 | [B<-inhibit_any>] | |
50 | [B<-inhibit_map>] | |
5a1f853b | 51 | [B<-no_check_time>] |
e42d84be HK |
52 | [B<-partial_chain>] |
53 | [B<-policy arg>] | |
54 | [B<-policy_check>] | |
55 | [B<-policy_print>] | |
56 | [B<-purpose purpose>] | |
57 | [B<-suiteB_128>] | |
58 | [B<-suiteB_128_only>] | |
59 | [B<-suiteB_192>] | |
6d3d5793 | 60 | [B<-trusted_first>] |
fa7b0111 | 61 | [B<-no_alt_chains>] |
e42d84be | 62 | [B<-use_deltas>] |
fbb82a60 | 63 | [B<-auth_level num>] |
a7c04f2b | 64 | [B<-nameopt option>] |
e42d84be | 65 | [B<-verify_depth num>] |
8d419330 | 66 | [B<-verify_return_error>] |
e42d84be HK |
67 | [B<-verify_email email>] |
68 | [B<-verify_hostname hostname>] | |
69 | [B<-verify_ip ip>] | |
70 | [B<-verify_name name>] | |
71 | [B<-x509_strict>] | |
a2151c5b | 72 | [B<-nocert>] |
254b58fd SC |
73 | [B<-client_sigalgs sigalglist>] |
74 | [B<-named_curve curve>] | |
a2151c5b | 75 | [B<-cipher cipherlist>] |
fc1d88f0 | 76 | [B<-serverpref>] |
a2151c5b | 77 | [B<-quiet>] |
a2151c5b DSH |
78 | [B<-ssl3>] |
79 | [B<-tls1>] | |
582a17d6 MC |
80 | [B<-tls1_1>] |
81 | [B<-tls1_2>] | |
82 | [B<-tls1_3>] | |
35d15a39 MC |
83 | [B<-dtls>] |
84 | [B<-dtls1>] | |
85 | [B<-dtls1_2>] | |
86 | [B<-listen>] | |
bc8857bf | 87 | [B<-async>] |
0df80881 MC |
88 | [B<-split_send_frag>] |
89 | [B<-max_pipelines>] | |
90 | [B<-read_buf>] | |
a2151c5b DSH |
91 | [B<-no_ssl3>] |
92 | [B<-no_tls1>] | |
8c73aeb6 VD |
93 | [B<-no_tls1_1>] |
94 | [B<-no_tls1_2>] | |
582a17d6 | 95 | [B<-no_tls1_3>] |
a2151c5b DSH |
96 | [B<-no_dhe>] |
97 | [B<-bugs>] | |
cc5a9ba4 VD |
98 | [B<-comp>] |
99 | [B<-no_comp>] | |
765b4137 | 100 | [B<-brief>] |
a2151c5b DSH |
101 | [B<-www>] |
102 | [B<-WWW>] | |
7b825005 | 103 | [B<-HTTP>] |
5270e702 | 104 | [B<-engine id>] |
d24a9c8f DSH |
105 | [B<-tlsextdebug>] |
106 | [B<-no_ticket>] | |
e986704d | 107 | [B<-id_prefix arg>] |
52b621db | 108 | [B<-rand file(s)>] |
9cd50f73 | 109 | [B<-serverinfo file>] |
36086186 | 110 | [B<-no_resumption_on_reneg>] |
cba3f1c7 DSH |
111 | [B<-status>] |
112 | [B<-status_verbose>] | |
113 | [B<-status_timeout nsec>] | |
114 | [B<-status_url url>] | |
acf65ae5 | 115 | [B<-status_file file>] |
776e15f9 | 116 | [B<-alpn protocols>] |
7efd0e77 | 117 | [B<-nextprotoneg protocols>] |
6437b802 MC |
118 | [B<-max_early_data>] |
119 | [B<-early_data>] | |
7efd0e77 | 120 | |
a2151c5b DSH |
121 | =head1 DESCRIPTION |
122 | ||
123 | The B<s_server> command implements a generic SSL/TLS server which listens | |
124 | for connections on a given port using SSL/TLS. | |
125 | ||
126 | =head1 OPTIONS | |
127 | ||
765b4137 DSH |
128 | In addition to the options below the B<s_server> utility also supports the |
129 | common and server only options documented in the | |
6f0ac0e2 RS |
130 | in the "Supported Command Line Commands" section of the L<SSL_CONF_cmd(3)> |
131 | manual page. | |
765b4137 | 132 | |
a2151c5b DSH |
133 | =over 4 |
134 | ||
169394d4 MR |
135 | =item B<-help> |
136 | ||
137 | Print out a usage message. | |
138 | ||
a22f9c84 | 139 | =item B<-port port> |
a2151c5b | 140 | |
8c73aeb6 | 141 | The TCP port to listen on for connections. If not specified 4433 is used. |
a2151c5b | 142 | |
a22f9c84 E |
143 | =item B<-accept val> |
144 | ||
145 | The optional TCP host and port to listen on for connections. If not specified, *:4433 is used. | |
146 | ||
642aa226 DSH |
147 | =item B<-naccept count> |
148 | ||
8c73aeb6 | 149 | The server will exit after receiving B<number> connections, default unlimited. |
642aa226 | 150 | |
a22f9c84 E |
151 | =item B<-unix val> |
152 | ||
153 | Unix domain socket to accept on. | |
154 | ||
155 | =item B<-unlink> | |
156 | ||
157 | For -unix, unlink existing socket first. | |
158 | ||
159 | =item B<-4> | |
160 | ||
161 | Use IPv4 only. | |
162 | ||
163 | =item B<-6> | |
164 | ||
165 | Use IPv6 only. | |
166 | ||
a2151c5b DSH |
167 | =item B<-context id> |
168 | ||
8c73aeb6 | 169 | Sets the SSL context id. It can be given any string value. If this option |
cc8709a0 | 170 | is not present a default value will be used. |
a2151c5b DSH |
171 | |
172 | =item B<-cert certname> | |
173 | ||
174 | The certificate to use, most servers cipher suites require the use of a | |
175 | certificate and some require a certificate with a certain public key type: | |
176 | for example the DSS cipher suites require a certificate containing a DSS | |
177 | (DSA) key. If not specified then the filename "server.pem" will be used. | |
178 | ||
826a42a0 DSH |
179 | =item B<-certform format> |
180 | ||
181 | The certificate format to use: DER or PEM. PEM is the default. | |
182 | ||
a2151c5b DSH |
183 | =item B<-key keyfile> |
184 | ||
185 | The private key to use. If not specified then the certificate file will | |
186 | be used. | |
187 | ||
826a42a0 DSH |
188 | =item B<-keyform format> |
189 | ||
190 | The private format to use: DER or PEM. PEM is the default. | |
191 | ||
192 | =item B<-pass arg> | |
193 | ||
8c73aeb6 | 194 | The private key password source. For more information about the format of B<arg> |
9b86974e | 195 | see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. |
826a42a0 | 196 | |
a2151c5b DSH |
197 | =item B<-dcert filename>, B<-dkey keyname> |
198 | ||
8c73aeb6 | 199 | Specify an additional certificate and private key, these behave in the |
a2151c5b DSH |
200 | same manner as the B<-cert> and B<-key> options except there is no default |
201 | if they are not specified (no additional certificate and key is used). As | |
202 | noted above some cipher suites require a certificate containing a key of | |
203 | a certain type. Some cipher suites need a certificate carrying an RSA key | |
204 | and some a DSS (DSA) key. By using RSA and DSS certificates and keys | |
205 | a server can support clients which only support RSA or DSS cipher suites | |
206 | by using an appropriate certificate. | |
207 | ||
826a42a0 DSH |
208 | =item B<-dcertform format>, B<-dkeyform format>, B<-dpass arg> |
209 | ||
8c73aeb6 | 210 | Additional certificate and private key format and passphrase respectively. |
826a42a0 | 211 | |
a2151c5b DSH |
212 | =item B<-nocert> |
213 | ||
8c73aeb6 | 214 | If this option is set then no certificate is used. This restricts the |
a2151c5b DSH |
215 | cipher suites available to the anonymous ones (currently just anonymous |
216 | DH). | |
217 | ||
218 | =item B<-dhparam filename> | |
219 | ||
8c73aeb6 | 220 | The DH parameter file to use. The ephemeral DH cipher suites generate keys |
a2151c5b | 221 | using a set of DH parameters. If not specified then an attempt is made to |
8c73aeb6 VD |
222 | load the parameters from the server certificate file. |
223 | If this fails then a static set of parameters hard coded into the B<s_server> | |
224 | program will be used. | |
a2151c5b | 225 | |
45ecfb19 | 226 | =item B<-no_dhe> |
a2151c5b | 227 | |
8c73aeb6 | 228 | If this option is set then no DH parameters will be loaded effectively |
a2151c5b DSH |
229 | disabling the ephemeral DH cipher suites. |
230 | ||
51e00db2 LJ |
231 | =item B<-crl_check>, B<-crl_check_all> |
232 | ||
233 | Check the peer certificate has not been revoked by its CA. | |
234 | The CRL(s) are appended to the certificate file. With the B<-crl_check_all> | |
235 | option all CRLs of all CAs in the chain are checked. | |
236 | ||
a2151c5b DSH |
237 | =item B<-CApath directory> |
238 | ||
239 | The directory to use for client certificate verification. This directory | |
240 | must be in "hash format", see B<verify> for more information. These are | |
241 | also used when building the server certificate chain. | |
242 | ||
243 | =item B<-CAfile file> | |
244 | ||
245 | A file containing trusted certificates to use during client authentication | |
246 | and to use when attempting to build the server certificate chain. The list | |
247 | is also used in the list of acceptable client CAs passed to the client when | |
248 | a certificate is requested. | |
249 | ||
40e2d76b MC |
250 | =item B<-no-CAfile> |
251 | ||
252 | Do not load the trusted CA certificates from the default file location | |
253 | ||
254 | =item B<-no-CApath> | |
255 | ||
256 | Do not load the trusted CA certificates from the default directory location | |
257 | ||
8d419330 RS |
258 | =item B<-verify depth>, B<-Verify depth> |
259 | ||
260 | The verify depth to use. This specifies the maximum length of the | |
261 | client certificate chain and makes the server request a certificate from | |
262 | the client. With the B<-verify> option a certificate is requested but the | |
263 | client does not have to send one, with the B<-Verify> option the client | |
264 | must supply a certificate or an error occurs. | |
265 | ||
266 | If the ciphersuite cannot request a client certificate (for example an | |
267 | anonymous ciphersuite or PSK) this option has no effect. | |
268 | ||
a7c04f2b DB |
269 | =item B<-nameopt option> |
270 | ||
271 | option which determines how the subject or issuer names are displayed. The | |
272 | B<option> argument can be a single option or multiple options separated by | |
273 | commas. Alternatively the B<-nameopt> switch may be used more than once to | |
274 | set multiple options. See the L<x509(1)> manual page for details. | |
275 | ||
d33def66 VD |
276 | =item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>, |
277 | B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>, | |
5a1f853b | 278 | B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>, |
d33def66 VD |
279 | B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>, |
280 | B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>, | |
fbb82a60 VD |
281 | B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, |
282 | B<-verify_ip>, B<-verify_name>, B<-x509_strict> | |
6d3d5793 | 283 | |
e42d84be | 284 | Set different peer certificate verification options. |
9b86974e | 285 | See the L<verify(1)> manual page for details. |
6d3d5793 | 286 | |
8d419330 RS |
287 | =item B<-verify_return_error> |
288 | ||
289 | Verification errors normally just print a message but allow the | |
290 | connection to continue, for debugging purposes. | |
291 | If this option is used, then verification errors close the connection. | |
292 | ||
a2151c5b DSH |
293 | =item B<-state> |
294 | ||
8c73aeb6 | 295 | Prints the SSL session states. |
a2151c5b DSH |
296 | |
297 | =item B<-debug> | |
298 | ||
8c73aeb6 | 299 | Print extensive debugging information including a hex dump of all traffic. |
a2151c5b | 300 | |
1d8634b1 BM |
301 | =item B<-msg> |
302 | ||
8c73aeb6 | 303 | Show all protocol messages with hex dump. |
1d8634b1 | 304 | |
8dbeb110 DSH |
305 | =item B<-trace> |
306 | ||
8c73aeb6 | 307 | Show verbose trace output of protocol messages. OpenSSL needs to be compiled |
8dbeb110 DSH |
308 | with B<enable-ssl-trace> for this option to work. |
309 | ||
310 | =item B<-msgfile> | |
311 | ||
8c73aeb6 | 312 | File to send output of B<-msg> or B<-trace> to, default standard output. |
8dbeb110 | 313 | |
a2151c5b DSH |
314 | =item B<-nbio_test> |
315 | ||
8c73aeb6 | 316 | Tests non blocking I/O |
a2151c5b DSH |
317 | |
318 | =item B<-nbio> | |
319 | ||
8c73aeb6 | 320 | Turns on non blocking I/O |
a2151c5b DSH |
321 | |
322 | =item B<-crlf> | |
323 | ||
8c73aeb6 | 324 | This option translated a line feed from the terminal into CR+LF. |
a2151c5b DSH |
325 | |
326 | =item B<-quiet> | |
327 | ||
8c73aeb6 | 328 | Inhibit printing of session and certificate information. |
a2151c5b | 329 | |
ddac1974 NL |
330 | =item B<-psk_hint hint> |
331 | ||
332 | Use the PSK identity hint B<hint> when using a PSK cipher suite. | |
333 | ||
334 | =item B<-psk key> | |
335 | ||
336 | Use the PSK key B<key> when using a PSK cipher suite. The key is | |
337 | given as a hexadecimal number without leading 0x, for example -psk | |
338 | 1a2b3c4d. | |
339 | ||
582a17d6 | 340 | =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3> |
a2151c5b | 341 | |
8c73aeb6 VD |
342 | These options require or disable the use of the specified SSL or TLS protocols. |
343 | By default B<s_server> will negotiate the highest mutually supported protocol | |
344 | version. | |
345 | When a specific TLS version is required, only that version will be accepted | |
346 | from the client. | |
a2151c5b | 347 | |
35d15a39 MC |
348 | =item B<-dtls>, B<-dtls1>, B<-dtls1_2> |
349 | ||
8c73aeb6 | 350 | These options make B<s_server> use DTLS protocols instead of TLS. |
77a795e4 | 351 | With B<-dtls>, B<s_server> will negotiate any supported DTLS protocol version, |
8c73aeb6 VD |
352 | whilst B<-dtls1> and B<-dtls1_2> will only support DTLSv1.0 and DTLSv1.2 |
353 | respectively. | |
35d15a39 MC |
354 | |
355 | =item B<-listen> | |
356 | ||
8c73aeb6 VD |
357 | This option can only be used in conjunction with one of the DTLS options above. |
358 | With this option B<s_server> will listen on a UDP port for incoming connections. | |
35d15a39 | 359 | Any ClientHellos that arrive will be checked to see if they have a cookie in |
8c73aeb6 VD |
360 | them or not. |
361 | Any without a cookie will be responded to with a HelloVerifyRequest. | |
362 | If a ClientHello with a cookie is received then B<s_server> will connect to | |
363 | that peer and complete the handshake. | |
35d15a39 | 364 | |
bc8857bf MC |
365 | =item B<-async> |
366 | ||
8c73aeb6 | 367 | Switch on asynchronous mode. Cryptographic operations will be performed |
bc8857bf MC |
368 | asynchronously. This will only have an effect if an asynchronous capable engine |
369 | is also used via the B<-engine> option. For test purposes the dummy async engine | |
370 | (dasync) can be used (if available). | |
371 | ||
0df80881 MC |
372 | =item B<-split_send_frag int> |
373 | ||
374 | The size used to split data for encrypt pipelines. If more data is written in | |
375 | one go than this value then it will be split into multiple pipelines, up to the | |
376 | maximum number of pipelines defined by max_pipelines. This only has an effect if | |
377 | a suitable ciphersuite has been negotiated, an engine that supports pipelining | |
378 | has been loaded, and max_pipelines is greater than 1. See | |
379 | L<SSL_CTX_set_split_send_fragment(3)> for further information. | |
380 | ||
381 | =item B<-max_pipelines int> | |
382 | ||
383 | The maximum number of encrypt/decrypt pipelines to be used. This will only have | |
384 | an effect if an engine has been loaded that supports pipelining (e.g. the dasync | |
77a795e4 | 385 | engine) and a suitable ciphersuite has been negotiated. The default value is 1. |
0df80881 MC |
386 | See L<SSL_CTX_set_max_pipelines(3)> for further information. |
387 | ||
388 | =item B<-read_buf int> | |
389 | ||
390 | The default read buffer size to be used for connections. This will only have an | |
391 | effect if the buffer size is larger than the size that would otherwise be used | |
392 | and pipelining is in use (see L<SSL_CTX_set_default_read_buffer_len(3)> for | |
393 | further information). | |
394 | ||
a2151c5b DSH |
395 | =item B<-bugs> |
396 | ||
8c73aeb6 | 397 | There are several known bug in SSL and TLS implementations. Adding this |
a2151c5b DSH |
398 | option enables various workarounds. |
399 | ||
cc5a9ba4 VD |
400 | =item B<-comp> |
401 | ||
402 | Enable negotiation of TLS compression. | |
403 | This option was introduced in OpenSSL 1.1.0. | |
404 | TLS compression is not recommended and is off by default as of | |
405 | OpenSSL 1.1.0. | |
406 | ||
407 | =item B<-no_comp> | |
408 | ||
409 | Disable negotiation of TLS compression. | |
410 | TLS compression is not recommended and is off by default as of | |
411 | OpenSSL 1.1.0. | |
412 | ||
765b4137 DSH |
413 | =item B<-brief> |
414 | ||
8c73aeb6 VD |
415 | Provide a brief summary of connection parameters instead of the normal verbose |
416 | output. | |
765b4137 | 417 | |
254b58fd SC |
418 | =item B<-client_sigalgs sigalglist> |
419 | ||
420 | Signature algorithms to support for client certificate authentication | |
421 | (colon-separated list) | |
422 | ||
423 | =item B<-named_curve curve> | |
424 | ||
425 | Specifies the elliptic curve to use. NOTE: this is single curve, not a list. | |
426 | For a list of all possible curves, use: | |
427 | ||
428 | $ openssl ecparam -list_curves | |
429 | ||
a2151c5b DSH |
430 | =item B<-cipher cipherlist> |
431 | ||
8c73aeb6 | 432 | This allows the cipher list used by the server to be modified. When |
fabce041 DSH |
433 | the client sends a list of supported ciphers the first client cipher |
434 | also included in the server list is used. Because the client specifies | |
435 | the preference order, the order of the server cipherlist irrelevant. See | |
436 | the B<ciphers> command for more information. | |
a2151c5b | 437 | |
fc1d88f0 RS |
438 | =item B<-serverpref> |
439 | ||
8c73aeb6 | 440 | Use the server's cipher preferences, rather than the client's preferences. |
fc1d88f0 | 441 | |
d24a9c8f DSH |
442 | =item B<-tlsextdebug> |
443 | ||
8c73aeb6 | 444 | Print a hex dump of any TLS extensions received from the server. |
d24a9c8f DSH |
445 | |
446 | =item B<-no_ticket> | |
447 | ||
8c73aeb6 | 448 | Disable RFC4507bis session ticket support. |
d24a9c8f | 449 | |
a2151c5b DSH |
450 | =item B<-www> |
451 | ||
8c73aeb6 VD |
452 | Sends a status message back to the client when it connects. This includes |
453 | information about the ciphers used and various session parameters. | |
a2151c5b DSH |
454 | The output is in HTML format so this option will normally be used with a |
455 | web browser. | |
456 | ||
457 | =item B<-WWW> | |
458 | ||
8c73aeb6 | 459 | Emulates a simple web server. Pages will be resolved relative to the |
a2151c5b DSH |
460 | current directory, for example if the URL https://myhost/page.html is |
461 | requested the file ./page.html will be loaded. | |
462 | ||
7b825005 RL |
463 | =item B<-HTTP> |
464 | ||
8c73aeb6 | 465 | Emulates a simple web server. Pages will be resolved relative to the |
7b825005 RL |
466 | current directory, for example if the URL https://myhost/page.html is |
467 | requested the file ./page.html will be loaded. The files loaded are | |
468 | assumed to contain a complete and correct HTTP response (lines that | |
3b80e3aa | 469 | are part of the HTTP response line and headers must end with CRLF). |
7b825005 | 470 | |
765b4137 DSH |
471 | =item B<-rev> |
472 | ||
8c73aeb6 | 473 | Simple test server which just reverses the text received from the client |
765b4137 DSH |
474 | and sends it back to the server. Also sets B<-brief>. |
475 | ||
5270e702 RL |
476 | =item B<-engine id> |
477 | ||
8c73aeb6 | 478 | Specifying an engine (by its unique B<id> string) will cause B<s_server> |
5270e702 RL |
479 | to attempt to obtain a functional reference to the specified engine, |
480 | thus initialising it if needed. The engine will then be set as the default | |
481 | for all available algorithms. | |
482 | ||
e986704d RL |
483 | =item B<-id_prefix arg> |
484 | ||
8c73aeb6 | 485 | Generate SSL/TLS session IDs prefixed by B<arg>. This is mostly useful |
e986704d RL |
486 | for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple |
487 | servers, when each of which might be generating a unique range of session | |
488 | IDs (eg. with a certain prefix). | |
489 | ||
52b621db LJ |
490 | =item B<-rand file(s)> |
491 | ||
8c73aeb6 | 492 | A file or files containing random data used to seed the random number |
9b86974e | 493 | generator, or an EGD socket (see L<RAND_egd(3)>). |
35ed393e | 494 | Multiple files can be specified separated by an OS-dependent character. |
52b621db LJ |
495 | The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for |
496 | all others. | |
497 | ||
9cd50f73 T |
498 | =item B<-serverinfo file> |
499 | ||
8c73aeb6 | 500 | A file containing one or more blocks of PEM data. Each PEM block |
9cd50f73 T |
501 | must encode a TLS ServerHello extension (2 bytes type, 2 bytes length, |
502 | followed by "length" bytes of extension data). If the client sends | |
503 | an empty TLS ClientHello extension matching the type, the corresponding | |
504 | ServerHello extension will be returned. | |
505 | ||
36086186 SD |
506 | =item B<-no_resumption_on_reneg> |
507 | ||
8c73aeb6 | 508 | Set the B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> option. |
36086186 | 509 | |
cba3f1c7 DSH |
510 | =item B<-status> |
511 | ||
8c73aeb6 | 512 | Enables certificate status request support (aka OCSP stapling). |
cba3f1c7 DSH |
513 | |
514 | =item B<-status_verbose> | |
515 | ||
8c73aeb6 | 516 | Enables certificate status request support (aka OCSP stapling) and gives |
cba3f1c7 DSH |
517 | a verbose printout of the OCSP response. |
518 | ||
519 | =item B<-status_timeout nsec> | |
520 | ||
8c73aeb6 | 521 | Sets the timeout for OCSP response to B<nsec> seconds. |
cba3f1c7 DSH |
522 | |
523 | =item B<-status_url url> | |
524 | ||
8c73aeb6 | 525 | Sets a fallback responder URL to use if no responder URL is present in the |
cba3f1c7 DSH |
526 | server certificate. Without this option an error is returned if the server |
527 | certificate does not contain a responder address. | |
528 | ||
acf65ae5 MC |
529 | =item B<-status_file file> |
530 | ||
531 | Overrides any OCSP responder URLs from the certificate and always provides the | |
532 | OCSP Response stored in the file. The file must be in DER format. | |
533 | ||
776e15f9 | 534 | =item B<-alpn protocols>, B<-nextprotoneg protocols> |
7efd0e77 | 535 | |
776e15f9 RS |
536 | these flags enable the |
537 | Enable the Application-Layer Protocol Negotiation or Next Protocol | |
538 | Negotiation extension, respectively. ALPN is the IETF standard and | |
539 | replaces NPN. | |
540 | The B<protocols> list is a | |
7efd0e77 HK |
541 | comma-separated list of supported protocol names. |
542 | The list should contain most wanted protocols first. | |
543 | Protocol names are printable ASCII strings, for example "http/1.1" or | |
544 | "spdy/3". | |
545 | ||
39176d44 PW |
546 | =item B<-keylogfile path> |
547 | ||
548 | Appends TLS secrets to the specified keylog file such that external programs | |
549 | (like Wireshark) can decrypt TLS connections. | |
550 | ||
83750d9b | 551 | =item B<-max_early_data arg> |
6437b802 MC |
552 | |
553 | Change the default maximum early data bytes that are specified for new sessions | |
554 | and any incoming early data (when used in conjunction with the B<-early_data> | |
83750d9b MC |
555 | flag). The default value is approximately 16k. The argument must be an integer |
556 | greater than or equal to 0. | |
6437b802 MC |
557 | |
558 | =item B<-early_data> | |
559 | ||
560 | Accept early data where possible. | |
561 | ||
a2151c5b DSH |
562 | =back |
563 | ||
564 | =head1 CONNECTED COMMANDS | |
565 | ||
566 | If a connection request is established with an SSL client and neither the | |
4b08eaf5 | 567 | B<-www> nor the B<-WWW> option has been used then normally any data received |
8c73aeb6 | 568 | from the client is displayed and any key presses will be sent to the client. |
4b08eaf5 | 569 | |
657e60fa | 570 | Certain single letter commands are also recognized which perform special |
4b08eaf5 DSH |
571 | operations: these are listed below. |
572 | ||
573 | =over 4 | |
574 | ||
575 | =item B<q> | |
576 | ||
577 | end the current SSL connection but still accept new connections. | |
578 | ||
579 | =item B<Q> | |
580 | ||
581 | end the current SSL connection and exit. | |
582 | ||
583 | =item B<r> | |
584 | ||
585 | renegotiate the SSL session. | |
586 | ||
587 | =item B<R> | |
588 | ||
589 | renegotiate the SSL session and request a client certificate. | |
590 | ||
591 | =item B<P> | |
592 | ||
593 | send some plain text down the underlying TCP connection: this should | |
594 | cause the client to disconnect due to a protocol violation. | |
595 | ||
596 | =item B<S> | |
597 | ||
598 | print out some session cache status information. | |
599 | ||
600 | =back | |
a2151c5b DSH |
601 | |
602 | =head1 NOTES | |
603 | ||
604 | B<s_server> can be used to debug SSL clients. To accept connections from | |
605 | a web browser the command: | |
606 | ||
607 | openssl s_server -accept 443 -www | |
608 | ||
609 | can be used for example. | |
610 | ||
611 | Most web browsers (in particular Netscape and MSIE) only support RSA cipher | |
612 | suites, so they cannot connect to servers which don't use a certificate | |
613 | carrying an RSA key or a version of OpenSSL with RSA disabled. | |
614 | ||
615 | Although specifying an empty list of CAs when requesting a client certificate | |
4b08eaf5 DSH |
616 | is strictly speaking a protocol violation, some SSL clients interpret this to |
617 | mean any CA is acceptable. This is useful for debugging purposes. | |
a2151c5b DSH |
618 | |
619 | The session parameters can printed out using the B<sess_id> program. | |
620 | ||
621 | =head1 BUGS | |
622 | ||
8c73aeb6 VD |
623 | Because this program has a lot of options and also because some of the |
624 | techniques used are rather old, the C source of B<s_server> is rather hard to | |
625 | read and not a model of how things should be done. | |
626 | A typical SSL server program would be much simpler. | |
a2151c5b DSH |
627 | |
628 | The output of common ciphers is wrong: it just gives the list of ciphers that | |
4b08eaf5 | 629 | OpenSSL recognizes and the client supports. |
a2151c5b DSH |
630 | |
631 | There should be a way for the B<s_server> program to print out details of any | |
632 | unknown cipher suites a client says it supports. | |
633 | ||
634 | =head1 SEE ALSO | |
635 | ||
6f0ac0e2 | 636 | L<SSL_CONF_cmd(3)>, |
9b86974e | 637 | L<sess_id(1)>, L<s_client(1)>, L<ciphers(1)> |
a2151c5b | 638 | |
fa7b0111 MC |
639 | =head1 HISTORY |
640 | ||
641 | The -no_alt_chains options was first added to OpenSSL 1.1.0. | |
642 | ||
e2f92610 RS |
643 | =head1 COPYRIGHT |
644 | ||
645 | Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. | |
646 | ||
647 | Licensed under the OpenSSL license (the "License"). You may not use | |
648 | this file except in compliance with the License. You can obtain a copy | |
649 | in the file LICENSE in the source distribution or at | |
650 | L<https://www.openssl.org/source/license.html>. | |
651 | ||
652 | =cut |