123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855 |
- =pod
- =head1 NAME
- openssl-s_server,
- s_server - SSL/TLS server program
- =head1 SYNOPSIS
- B<openssl> B<s_server>
- [B<-help>]
- [B<-port +int>]
- [B<-accept val>]
- [B<-unix val>]
- [B<-4>]
- [B<-6>]
- [B<-unlink>]
- [B<-context val>]
- [B<-verify int>]
- [B<-Verify int>]
- [B<-cert infile>]
- [B<-nameopt val>]
- [B<-naccept +int>]
- [B<-serverinfo val>]
- [B<-certform PEM|DER>]
- [B<-key infile>]
- [B<-keyform format>]
- [B<-pass val>]
- [B<-dcert infile>]
- [B<-dcertform PEM|DER>]
- [B<-dkey infile>]
- [B<-dkeyform PEM|DER>]
- [B<-dpass val>]
- [B<-nbio_test>]
- [B<-crlf>]
- [B<-debug>]
- [B<-msg>]
- [B<-msgfile outfile>]
- [B<-state>]
- [B<-CAfile infile>]
- [B<-CApath dir>]
- [B<-no-CAfile>]
- [B<-no-CApath>]
- [B<-nocert>]
- [B<-quiet>]
- [B<-no_resume_ephemeral>]
- [B<-www>]
- [B<-WWW>]
- [B<-servername>]
- [B<-servername_fatal>]
- [B<-cert2 infile>]
- [B<-key2 infile>]
- [B<-tlsextdebug>]
- [B<-HTTP>]
- [B<-id_prefix val>]
- [B<-rand file...>]
- [B<-writerand file>]
- [B<-keymatexport val>]
- [B<-keymatexportlen +int>]
- [B<-CRL infile>]
- [B<-crl_download>]
- [B<-cert_chain infile>]
- [B<-dcert_chain infile>]
- [B<-chainCApath dir>]
- [B<-verifyCApath dir>]
- [B<-no_cache>]
- [B<-ext_cache>]
- [B<-CRLform PEM|DER>]
- [B<-verify_return_error>]
- [B<-verify_quiet>]
- [B<-build_chain>]
- [B<-chainCAfile infile>]
- [B<-verifyCAfile infile>]
- [B<-ign_eof>]
- [B<-no_ign_eof>]
- [B<-status>]
- [B<-status_verbose>]
- [B<-status_timeout int>]
- [B<-status_url val>]
- [B<-status_file infile>]
- [B<-trace>]
- [B<-security_debug>]
- [B<-security_debug_verbose>]
- [B<-brief>]
- [B<-rev>]
- [B<-async>]
- [B<-ssl_config val>]
- [B<-max_send_frag +int>]
- [B<-split_send_frag +int>]
- [B<-max_pipelines +int>]
- [B<-read_buf +int>]
- [B<-no_ssl3>]
- [B<-no_tls1>]
- [B<-no_tls1_1>]
- [B<-no_tls1_2>]
- [B<-no_tls1_3>]
- [B<-bugs>]
- [B<-no_comp>]
- [B<-comp>]
- [B<-no_ticket>]
- [B<-num_tickets>]
- [B<-serverpref>]
- [B<-legacy_renegotiation>]
- [B<-no_renegotiation>]
- [B<-legacy_server_connect>]
- [B<-no_resumption_on_reneg>]
- [B<-no_legacy_server_connect>]
- [B<-allow_no_dhe_kex>]
- [B<-prioritize_chacha>]
- [B<-strict>]
- [B<-sigalgs val>]
- [B<-client_sigalgs val>]
- [B<-groups val>]
- [B<-curves val>]
- [B<-named_curve val>]
- [B<-cipher val>]
- [B<-ciphersuites val>]
- [B<-dhparam infile>]
- [B<-record_padding val>]
- [B<-debug_broken_protocol>]
- [B<-policy val>]
- [B<-purpose val>]
- [B<-verify_name val>]
- [B<-verify_depth int>]
- [B<-auth_level int>]
- [B<-attime intmax>]
- [B<-verify_hostname val>]
- [B<-verify_email val>]
- [B<-verify_ip>]
- [B<-ignore_critical>]
- [B<-issuer_checks>]
- [B<-crl_check>]
- [B<-crl_check_all>]
- [B<-policy_check>]
- [B<-explicit_policy>]
- [B<-inhibit_any>]
- [B<-inhibit_map>]
- [B<-x509_strict>]
- [B<-extended_crl>]
- [B<-use_deltas>]
- [B<-policy_print>]
- [B<-check_ss_sig>]
- [B<-trusted_first>]
- [B<-suiteB_128_only>]
- [B<-suiteB_128>]
- [B<-suiteB_192>]
- [B<-partial_chain>]
- [B<-no_alt_chains>]
- [B<-no_check_time>]
- [B<-allow_proxy_certs>]
- [B<-xkey>]
- [B<-xcert>]
- [B<-xchain>]
- [B<-xchain_build>]
- [B<-xcertform PEM|DER>]
- [B<-xkeyform PEM|DER>]
- [B<-nbio>]
- [B<-psk_identity val>]
- [B<-psk_hint val>]
- [B<-psk val>]
- [B<-psk_session file>]
- [B<-srpvfile infile>]
- [B<-srpuserseed val>]
- [B<-ssl3>]
- [B<-tls1>]
- [B<-tls1_1>]
- [B<-tls1_2>]
- [B<-tls1_3>]
- [B<-dtls>]
- [B<-timeout>]
- [B<-mtu +int>]
- [B<-listen>]
- [B<-dtls1>]
- [B<-dtls1_2>]
- [B<-sctp>]
- [B<-sctp_label_bug>]
- [B<-no_dhe>]
- [B<-nextprotoneg val>]
- [B<-use_srtp val>]
- [B<-alpn val>]
- [B<-engine val>]
- [B<-keylogfile outfile>]
- [B<-max_early_data int>]
- [B<-early_data>]
- [B<-anti_replay>]
- [B<-no_anti_replay>]
- =head1 DESCRIPTION
- The B<s_server> command implements a generic SSL/TLS server which listens
- for connections on a given port using SSL/TLS.
- =head1 OPTIONS
- In addition to the options below the B<s_server> utility also supports the
- common and server only options documented
- in the "Supported Command Line Commands" section of the L<SSL_CONF_cmd(3)>
- manual page.
- =over 4
- =item B<-help>
- Print out a usage message.
- =item B<-port +int>
- The TCP port to listen on for connections. If not specified 4433 is used.
- =item B<-accept val>
- The optional TCP host and port to listen on for connections. If not specified, *:4433 is used.
- =item B<-unix val>
- Unix domain socket to accept on.
- =item B<-4>
- Use IPv4 only.
- =item B<-6>
- Use IPv6 only.
- =item B<-unlink>
- For -unix, unlink any existing socket first.
- =item B<-context val>
- Sets the SSL context id. It can be given any string value. If this option
- is not present a default value will be used.
- =item B<-verify int>, B<-Verify int>
- The verify depth to use. This specifies the maximum length of the
- client certificate chain and makes the server request a certificate from
- the client. With the B<-verify> option a certificate is requested but the
- client does not have to send one, with the B<-Verify> option the client
- must supply a certificate or an error occurs.
- If the cipher suite cannot request a client certificate (for example an
- anonymous cipher suite or PSK) this option has no effect.
- =item B<-cert infile>
- The certificate to use, most servers cipher suites require the use of a
- certificate and some require a certificate with a certain public key type:
- for example the DSS cipher suites require a certificate containing a DSS
- (DSA) key. If not specified then the filename "server.pem" will be used.
- =item B<-cert_chain>
- A file containing trusted certificates to use when attempting to build the
- client/server certificate chain related to the certificate specified via the
- B<-cert> option.
- =item B<-build_chain>
- Specify whether the application should build the certificate chain to be
- provided to the client.
- =item B<-nameopt val>
- Option which determines how the subject or issuer names are displayed. The
- B<val> argument can be a single option or multiple options separated by
- commas. Alternatively the B<-nameopt> switch may be used more than once to
- set multiple options. See the L<x509(1)> manual page for details.
- =item B<-naccept +int>
- The server will exit after receiving the specified number of connections,
- default unlimited.
- =item B<-serverinfo val>
- A file containing one or more blocks of PEM data. Each PEM block
- must encode a TLS ServerHello extension (2 bytes type, 2 bytes length,
- followed by "length" bytes of extension data). If the client sends
- an empty TLS ClientHello extension matching the type, the corresponding
- ServerHello extension will be returned.
- =item B<-certform PEM|DER>
- The certificate format to use: DER or PEM. PEM is the default.
- =item B<-key infile>
- The private key to use. If not specified then the certificate file will
- be used.
- =item B<-keyform format>
- The private format to use: DER or PEM. PEM is the default.
- =item B<-pass val>
- The private key password source. For more information about the format of B<val>
- see L<openssl(1)/Pass Phrase Options>.
- =item B<-dcert infile>, B<-dkey infile>
- Specify an additional certificate and private key, these behave in the
- same manner as the B<-cert> and B<-key> options except there is no default
- if they are not specified (no additional certificate and key is used). As
- noted above some cipher suites require a certificate containing a key of
- a certain type. Some cipher suites need a certificate carrying an RSA key
- and some a DSS (DSA) key. By using RSA and DSS certificates and keys
- a server can support clients which only support RSA or DSS cipher suites
- by using an appropriate certificate.
- =item B<-dcert_chain>
- A file containing trusted certificates to use when attempting to build the
- server certificate chain when a certificate specified via the B<-dcert> option
- is in use.
- =item B<-dcertform PEM|DER>, B<-dkeyform PEM|DER>, B<-dpass val>
- Additional certificate and private key format and passphrase respectively.
- =item B<-xkey infile>, B<-xcert infile>, B<-xchain>
- Specify an extra certificate, private key and certificate chain. These behave
- in the same manner as the B<-cert>, B<-key> and B<-cert_chain> options. When
- specified, the callback returning the first valid chain will be in use by
- the server.
- =item B<-xchain_build>
- Specify whether the application should build the certificate chain to be
- provided to the client for the extra certificates provided via B<-xkey infile>,
- B<-xcert infile>, B<-xchain> options.
- =item B<-xcertform PEM|DER>, B<-xkeyform PEM|DER>
- Extra certificate and private key format respectively.
- =item B<-nbio_test>
- Tests non blocking I/O.
- =item B<-crlf>
- This option translated a line feed from the terminal into CR+LF.
- =item B<-debug>
- Print extensive debugging information including a hex dump of all traffic.
- =item B<-msg>
- Show all protocol messages with hex dump.
- =item B<-msgfile outfile>
- File to send output of B<-msg> or B<-trace> to, default standard output.
- =item B<-state>
- Prints the SSL session states.
- =item B<-CAfile infile>
- A file containing trusted certificates to use during client authentication
- and to use when attempting to build the server certificate chain. The list
- is also used in the list of acceptable client CAs passed to the client when
- a certificate is requested.
- =item B<-CApath dir>
- The directory to use for client certificate verification. This directory
- must be in "hash format", see L<verify(1)> for more information. These are
- also used when building the server certificate chain.
- =item B<-chainCApath dir>
- The directory to use for building the chain provided to the client. This
- directory must be in "hash format", see L<verify(1)> for more information.
- =item B<-chainCAfile file>
- A file containing trusted certificates to use when attempting to build the
- server certificate chain.
- =item B<-no-CAfile>
- Do not load the trusted CA certificates from the default file location.
- =item B<-no-CApath>
- Do not load the trusted CA certificates from the default directory location.
- =item B<-nocert>
- If this option is set then no certificate is used. This restricts the
- cipher suites available to the anonymous ones (currently just anonymous
- DH).
- =item B<-quiet>
- Inhibit printing of session and certificate information.
- =item B<-www>
- Sends a status message back to the client when it connects. This includes
- information about the ciphers used and various session parameters.
- The output is in HTML format so this option will normally be used with a
- web browser. Cannot be used in conjunction with B<-early_data>.
- =item B<-WWW>
- Emulates a simple web server. Pages will be resolved relative to the
- current directory, for example if the URL https://myhost/page.html is
- requested the file ./page.html will be loaded. Cannot be used in conjunction
- with B<-early_data>.
- =item B<-tlsextdebug>
- Print a hex dump of any TLS extensions received from the server.
- =item B<-HTTP>
- Emulates a simple web server. Pages will be resolved relative to the
- current directory, for example if the URL https://myhost/page.html is
- requested the file ./page.html will be loaded. The files loaded are
- assumed to contain a complete and correct HTTP response (lines that
- are part of the HTTP response line and headers must end with CRLF). Cannot be
- used in conjunction with B<-early_data>.
- =item B<-id_prefix val>
- Generate SSL/TLS session IDs prefixed by B<val>. This is mostly useful
- for testing any SSL/TLS code (e.g. proxies) that wish to deal with multiple
- servers, when each of which might be generating a unique range of session
- IDs (e.g. with a certain prefix).
- =item B<-rand file...>
- A file or files containing random data used to seed the random number
- generator.
- Multiple files can be specified separated by an OS-dependent character.
- The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
- all others.
- =item [B<-writerand file>]
- Writes random data to the specified I<file> upon exit.
- This can be used with a subsequent B<-rand> flag.
- =item B<-verify_return_error>
- Verification errors normally just print a message but allow the
- connection to continue, for debugging purposes.
- If this option is used, then verification errors close the connection.
- =item B<-status>
- Enables certificate status request support (aka OCSP stapling).
- =item B<-status_verbose>
- Enables certificate status request support (aka OCSP stapling) and gives
- a verbose printout of the OCSP response.
- =item B<-status_timeout int>
- Sets the timeout for OCSP response to B<int> seconds.
- =item B<-status_url val>
- Sets a fallback responder URL to use if no responder URL is present in the
- server certificate. Without this option an error is returned if the server
- certificate does not contain a responder address.
- =item B<-status_file infile>
- Overrides any OCSP responder URLs from the certificate and always provides the
- OCSP Response stored in the file. The file must be in DER format.
- =item B<-trace>
- Show verbose trace output of protocol messages. OpenSSL needs to be compiled
- with B<enable-ssl-trace> for this option to work.
- =item B<-brief>
- Provide a brief summary of connection parameters instead of the normal verbose
- output.
- =item B<-rev>
- Simple test server which just reverses the text received from the client
- and sends it back to the server. Also sets B<-brief>. Cannot be used in
- conjunction with B<-early_data>.
- =item B<-async>
- Switch on asynchronous mode. Cryptographic operations will be performed
- asynchronously. This will only have an effect if an asynchronous capable engine
- is also used via the B<-engine> option. For test purposes the dummy async engine
- (dasync) can be used (if available).
- =item B<-max_send_frag +int>
- The maximum size of data fragment to send.
- See L<SSL_CTX_set_max_send_fragment(3)> for further information.
- =item B<-split_send_frag +int>
- The size used to split data for encrypt pipelines. If more data is written in
- one go than this value then it will be split into multiple pipelines, up to the
- maximum number of pipelines defined by max_pipelines. This only has an effect if
- a suitable cipher suite has been negotiated, an engine that supports pipelining
- has been loaded, and max_pipelines is greater than 1. See
- L<SSL_CTX_set_split_send_fragment(3)> for further information.
- =item B<-max_pipelines +int>
- The maximum number of encrypt/decrypt pipelines to be used. This will only have
- an effect if an engine has been loaded that supports pipelining (e.g. the dasync
- engine) and a suitable cipher suite has been negotiated. The default value is 1.
- See L<SSL_CTX_set_max_pipelines(3)> for further information.
- =item B<-read_buf +int>
- The default read buffer size to be used for connections. This will only have an
- effect if the buffer size is larger than the size that would otherwise be used
- and pipelining is in use (see L<SSL_CTX_set_default_read_buffer_len(3)> for
- further information).
- =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
- These options require or disable the use of the specified SSL or TLS protocols.
- By default B<s_server> will negotiate the highest mutually supported protocol
- version.
- When a specific TLS version is required, only that version will be accepted
- from the client.
- Note that not all protocols and flags may be available, depending on how
- OpenSSL was built.
- =item B<-bugs>
- There are several known bugs in SSL and TLS implementations. Adding this
- option enables various workarounds.
- =item B<-no_comp>
- Disable negotiation of TLS compression.
- TLS compression is not recommended and is off by default as of
- OpenSSL 1.1.0.
- =item B<-comp>
- Enable negotiation of TLS compression.
- This option was introduced in OpenSSL 1.1.0.
- TLS compression is not recommended and is off by default as of
- OpenSSL 1.1.0.
- =item B<-no_ticket>
- Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3
- is negotiated. See B<-num_tickets>.
- =item B<-num_tickets>
- Control the number of tickets that will be sent to the client after a full
- handshake in TLSv1.3. The default number of tickets is 2. This option does not
- affect the number of tickets sent after a resumption handshake.
- =item B<-serverpref>
- Use the server's cipher preferences, rather than the client's preferences.
- =item B<-prioritize_chacha>
- Prioritize ChaCha ciphers when preferred by clients. Requires B<-serverpref>.
- =item B<-no_resumption_on_reneg>
- Set the B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> option.
- =item B<-client_sigalgs val>
- Signature algorithms to support for client certificate authentication
- (colon-separated list).
- =item B<-named_curve val>
- Specifies the elliptic curve to use. NOTE: this is single curve, not a list.
- For a list of all possible curves, use:
- $ openssl ecparam -list_curves
- =item B<-cipher val>
- This allows the list of TLSv1.2 and below ciphersuites used by the server to be
- modified. This list is combined with any TLSv1.3 ciphersuites that have been
- configured. When the client sends a list of supported ciphers the first client
- cipher also included in the server list is used. Because the client specifies
- the preference order, the order of the server cipherlist is irrelevant. See
- the B<ciphers> command for more information.
- =item B<-ciphersuites val>
- This allows the list of TLSv1.3 ciphersuites used by the server to be modified.
- This list is combined with any TLSv1.2 and below ciphersuites that have been
- configured. When the client sends a list of supported ciphers the first client
- cipher also included in the server list is used. Because the client specifies
- the preference order, the order of the server cipherlist is irrelevant. See
- the B<ciphers> command for more information. The format for this list is a
- simple colon (":") separated list of TLSv1.3 ciphersuite names.
- =item B<-dhparam infile>
- The DH parameter file to use. The ephemeral DH cipher suites generate keys
- using a set of DH parameters. If not specified then an attempt is made to
- load the parameters from the server certificate file.
- If this fails then a static set of parameters hard coded into the B<s_server>
- program will be used.
- =item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
- B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
- B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>,
- B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
- B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
- B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
- B<-verify_ip>, B<-verify_name>, B<-x509_strict>
- Set different peer certificate verification options.
- See the L<verify(1)> manual page for details.
- =item B<-crl_check>, B<-crl_check_all>
- Check the peer certificate has not been revoked by its CA.
- The CRL(s) are appended to the certificate file. With the B<-crl_check_all>
- option all CRLs of all CAs in the chain are checked.
- =item B<-nbio>
- Turns on non blocking I/O.
- =item B<-psk_identity val>
- Expect the client to send PSK identity B<val> when using a PSK
- cipher suite, and warn if they do not. By default, the expected PSK
- identity is the string "Client_identity".
- =item B<-psk_hint val>
- Use the PSK identity hint B<val> when using a PSK cipher suite.
- =item B<-psk val>
- Use the PSK key B<val> when using a PSK cipher suite. The key is
- given as a hexadecimal number without leading 0x, for example -psk
- 1a2b3c4d.
- This option must be provided in order to use a PSK cipher.
- =item B<-psk_session file>
- Use the pem encoded SSL_SESSION data stored in B<file> as the basis of a PSK.
- Note that this will only work if TLSv1.3 is negotiated.
- =item B<-listen>
- This option can only be used in conjunction with one of the DTLS options above.
- With this option B<s_server> will listen on a UDP port for incoming connections.
- Any ClientHellos that arrive will be checked to see if they have a cookie in
- them or not.
- Any without a cookie will be responded to with a HelloVerifyRequest.
- If a ClientHello with a cookie is received then B<s_server> will connect to
- that peer and complete the handshake.
- =item B<-dtls>, B<-dtls1>, B<-dtls1_2>
- These options make B<s_server> use DTLS protocols instead of TLS.
- With B<-dtls>, B<s_server> will negotiate any supported DTLS protocol version,
- whilst B<-dtls1> and B<-dtls1_2> will only support DTLSv1.0 and DTLSv1.2
- respectively.
- =item B<-sctp>
- Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in
- conjunction with B<-dtls>, B<-dtls1> or B<-dtls1_2>. This option is only
- available where OpenSSL has support for SCTP enabled.
- =item B<-sctp_label_bug>
- Use the incorrect behaviour of older OpenSSL implementations when computing
- endpoint-pair shared secrets for DTLS/SCTP. This allows communication with
- older broken implementations but breaks interoperability with correct
- implementations. Must be used in conjunction with B<-sctp>. This option is only
- available where OpenSSL has support for SCTP enabled.
- =item B<-no_dhe>
- If this option is set then no DH parameters will be loaded effectively
- disabling the ephemeral DH cipher suites.
- =item B<-alpn val>, B<-nextprotoneg val>
- These flags enable the Enable the Application-Layer Protocol Negotiation
- or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the
- IETF standard and replaces NPN.
- The B<val> list is a comma-separated list of supported protocol
- names. The list should contain the most desirable protocols first.
- Protocol names are printable ASCII strings, for example "http/1.1" or
- "spdy/3".
- The flag B<-nextprotoneg> cannot be specified if B<-tls1_3> is used.
- =item B<-engine val>
- Specifying an engine (by its unique id string in B<val>) will cause B<s_server>
- to attempt to obtain a functional reference to the specified engine,
- thus initialising it if needed. The engine will then be set as the default
- for all available algorithms.
- =item B<-keylogfile outfile>
- Appends TLS secrets to the specified keylog file such that external programs
- (like Wireshark) can decrypt TLS connections.
- =item B<-max_early_data int>
- Change the default maximum early data bytes that are specified for new sessions
- and any incoming early data (when used in conjunction with the B<-early_data>
- flag). The default value is approximately 16k. The argument must be an integer
- greater than or equal to 0.
- =item B<-early_data>
- Accept early data where possible. Cannot be used in conjunction with B<-www>,
- B<-WWW>, B<-HTTP> or B<-rev>.
- =item B<-anti_replay>, B<-no_anti_replay>
- Switches replay protection on or off, respectively. Replay protection is on by
- default unless overridden by a configuration file. When it is on, OpenSSL will
- automatically detect if a session ticket has been used more than once, TLSv1.3
- has been negotiated, and early data is enabled on the server. A full handshake
- is forced if a session ticket is used a second or subsequent time. Any early
- data that was sent will be rejected.
- =back
- =head1 CONNECTED COMMANDS
- If a connection request is established with an SSL client and neither the
- B<-www> nor the B<-WWW> option has been used then normally any data received
- from the client is displayed and any key presses will be sent to the client.
- Certain commands are also recognized which perform special operations. These
- commands are a letter which must appear at the start of a line. They are listed
- below.
- =over 4
- =item B<q>
- End the current SSL connection but still accept new connections.
- =item B<Q>
- End the current SSL connection and exit.
- =item B<r>
- Renegotiate the SSL session (TLSv1.2 and below only).
- =item B<R>
- Renegotiate the SSL session and request a client certificate (TLSv1.2 and below
- only).
- =item B<P>
- Send some plain text down the underlying TCP connection: this should
- cause the client to disconnect due to a protocol violation.
- =item B<S>
- Print out some session cache status information.
- =item B<B>
- Send a heartbeat message to the client (DTLS only)
- =item B<k>
- Send a key update message to the client (TLSv1.3 only)
- =item B<K>
- Send a key update message to the client and request one back (TLSv1.3 only)
- =item B<c>
- Send a certificate request to the client (TLSv1.3 only)
- =back
- =head1 NOTES
- B<s_server> can be used to debug SSL clients. To accept connections from
- a web browser the command:
- openssl s_server -accept 443 -www
- can be used for example.
- Although specifying an empty list of CAs when requesting a client certificate
- is strictly speaking a protocol violation, some SSL clients interpret this to
- mean any CA is acceptable. This is useful for debugging purposes.
- The session parameters can printed out using the B<sess_id> program.
- =head1 BUGS
- Because this program has a lot of options and also because some of the
- techniques used are rather old, the C source of B<s_server> is rather hard to
- read and not a model of how things should be done.
- A typical SSL server program would be much simpler.
- The output of common ciphers is wrong: it just gives the list of ciphers that
- OpenSSL recognizes and the client supports.
- There should be a way for the B<s_server> program to print out details of any
- unknown cipher suites a client says it supports.
- =head1 SEE ALSO
- L<SSL_CONF_cmd(3)>, L<sess_id(1)>, L<s_client(1)>, L<ciphers(1)>
- L<SSL_CTX_set_max_send_fragment(3)>,
- L<SSL_CTX_set_split_send_fragment(3)>,
- L<SSL_CTX_set_max_pipelines(3)>
- =head1 HISTORY
- The -no_alt_chains option was added in OpenSSL 1.1.0.
- The
- -allow-no-dhe-kex and -prioritize_chacha options were added in OpenSSL 1.1.1.
- =head1 COPYRIGHT
- Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
- Licensed under the OpenSSL license (the "License"). You may not use
- this file except in compliance with the License. You can obtain a copy
- in the file LICENSE in the source distribution or at
- L<https://www.openssl.org/source/license.html>.
- =cut
|