[B<-x509_strict>]
[B<-nocert>]
[B<-cipher cipherlist>]
+[B<-serverpref>]
[B<-quiet>]
[B<-no_tmp_rsa>]
[B<-ssl2>]
[B<-id_prefix arg>]
[B<-rand file(s)>]
[B<-serverinfo file>]
-[B<-auth>]
-[B<-auth_require_reneg>]
[B<-no_resumption_on_reneg>]
+[B<-status>]
+[B<-status_verbose>]
+[B<-status_timeout nsec>]
+[B<-status_url url>]
=head1 DESCRIPTION
The B<s_server> command implements a generic SSL/TLS server which listens
the preference order, the order of the server cipherlist irrelevant. See
the B<ciphers> command for more information.
+=item B<-serverpref>
+
+use the server's cipher preferences, rather than the client's preferences.
+
=item B<-tlsextdebug>
print out a hex dump of any TLS extensions received from the server.
an empty TLS ClientHello extension matching the type, the corresponding
ServerHello extension will be returned.
-=item B<-auth>
+=item B<-no_resumption_on_reneg>
-send RFC 5878 client and server authorization extensions in the Client Hello as well as
-supplemental data if the server also sent the authorization extensions in the Server Hello.
+set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag.
-=item B<-auth_require_reneg>
+=item B<-status>
-only send RFC 5878 client and server authorization extensions during renegotiation.
+enables certificate status request support (aka OCSP stapling).
-=item B<-no_resumption_on_reneg>
+=item B<-status_verbose>
+
+enables certificate status request support (aka OCSP stapling) and gives
+a verbose printout of the OCSP response.
+
+=item B<-status_timeout nsec>
+
+sets the timeout for OCSP response to B<nsec> seconds.
+
+=item B<-status_url url>
-set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Required in order to receive supplemental data
-during renegotiation if auth and auth_require_reneg are set.
+sets a fallback responder URL to use if no responder URL is present in the
+server certificate. Without this option an error is returned if the server
+certificate does not contain a responder address.
=back