=head1 NAME
+openssl-s_server,
s_server - SSL/TLS server program
=head1 SYNOPSIS
[B<-tlsextdebug>]
[B<-HTTP>]
[B<-id_prefix val>]
-[B<-rand val>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<-keymatexport val>]
[B<-keymatexportlen +int>]
[B<-CRL infile>]
[B<-legacy_server_connect>]
[B<-no_resumption_on_reneg>]
[B<-no_legacy_server_connect>]
+[B<-allow_no_dhe_kex>]
+[B<-prioritize_chacha>]
[B<-strict>]
[B<-sigalgs val>]
[B<-client_sigalgs val>]
[B<-curves val>]
[B<-named_curve val>]
[B<-cipher val>]
+[B<-ciphersuites val>]
[B<-dhparam infile>]
[B<-record_padding val>]
[B<-debug_broken_protocol>]
[B<-psk_identity val>]
[B<-psk_hint val>]
[B<-psk val>]
+[B<-psk_session file>]
[B<-srpvfile infile>]
[B<-srpuserseed val>]
[B<-ssl3>]
servers, when each of which might be generating a unique range of session
IDs (eg. with a certain prefix).
-=item B<-rand val>
+=item B<-rand file...>
A file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)>).
+generator.
Multiple files can be specified separated by an OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=item B<-verify_return_error>
Verification errors normally just print a message but allow the
Use the server's cipher preferences, rather than the client's preferences.
+=item B<-prioritize_chacha>
+
+Prioritize ChaCha ciphers when preferred by clients. Requires B<-serverpref>.
+
=item B<-no_resumption_on_reneg>
Set the B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> option.
=item B<-cipher val>
-This allows the cipher list used by the server to be modified. When
-the client sends a list of supported ciphers the first client cipher
-also included in the server list is used. Because the client specifies
-the preference order, the order of the server cipherlist irrelevant. See
+This allows the list of TLSv1.2 and below ciphersuites used by the server to be
+modified. This list is combined with any TLSv1.3 ciphersuites that have been
+configured. When the client sends a list of supported ciphers the first client
+cipher also included in the server list is used. Because the client specifies
+the preference order, the order of the server cipherlist is irrelevant. See
the B<ciphers> command for more information.
+=item B<-ciphersuites val>
+
+This allows the list of TLSv1.3 ciphersuites used by the server to be modified.
+This list is combined with any TLSv1.2 and below ciphersuites that have been
+configured. When the client sends a list of supported ciphers the first client
+cipher also included in the server list is used. Because the client specifies
+the preference order, the order of the server cipherlist is irrelevant. See
+the B<ciphers> command for more information. The format for this list is a
+simple colon (":") separated list of TLSv1.3 ciphersuite names.
+
=item B<-dhparam infile>
The DH parameter file to use. The ephemeral DH cipher suites generate keys
1a2b3c4d.
This option must be provided in order to use a PSK cipher.
+=item B<-psk_session file>
+
+Use the pem encoded SSL_SESSION data stored in B<file> as the basis of a PSK.
+Note that this will only work if TLSv1.3 is negotiated.
+
=item B<-listen>
This option can only be used in conjunction with one of the DTLS options above.
B<-www> nor the B<-WWW> option has been used then normally any data received
from the client is displayed and any key presses will be sent to the client.
-Certain single letter commands are also recognized which perform special
-operations: these are listed below.
+Certain commands are also recognized which perform special operations. These
+commands are a letter which must appear at the start of a line. They are listed
+below.
=over 4
=item B<r>
-Renegotiate the SSL session.
+Renegotiate the SSL session (TLSv1.2 and below only).
=item B<R>
-Renegotiate the SSL session and request a client certificate.
+Renegotiate the SSL session and request a client certificate (TLSv1.2 and below
+only).
=item B<P>
Print out some session cache status information.
+=item B<B>
+
+Send a heartbeat message to the client (DTLS only)
+
+=item B<k>
+
+Send a key update message to the client (TLSv1.3 only)
+
+=item B<K>
+
+Send a key update message to the client and request one back (TLSv1.3 only)
+
+=item B<c>
+
+Send a certificate request to the client (TLSv1.3 only)
+
=back
=head1 NOTES
=head1 HISTORY
-The -no_alt_chains options was first added to OpenSSL 1.1.0.
+The -no_alt_chains option was first added to OpenSSL 1.1.0.
+
+The -allow-no-dhe-kex and -prioritize_chacha options were first added to
+OpenSSL 1.1.1.
=head1 COPYRIGHT
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy