2 {- OpenSSL::safe::output_do_not_edit_headers(); -}
6 openssl-s_server - SSL/TLS server program
10 B<openssl> B<s_server>
23 [B<-certform> B<DER>|B<PEM>|B<P12>]
24 [B<-cert_chain> I<infile>]
26 [B<-serverinfo> I<val>]
27 [B<-key> I<filename>|I<uri>]
28 [B<-key2> I<filename>|I<uri>]
29 [B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
32 [B<-dcertform> B<DER>|B<PEM>|B<P12>]
33 [B<-dcert_chain> I<infile>]
34 [B<-dkey> I<filename>|I<uri>]
35 [B<-dkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
41 [B<-msgfile> I<outfile>]
45 [B<-no_resume_ephemeral>]
48 [B<-http_server_binmode>]
50 [B<-ignore_unexpected_eof>]
52 [B<-servername_fatal>]
55 [B<-id_prefix> I<val>]
56 [B<-keymatexport> I<val>]
57 [B<-keymatexportlen> I<+int>]
59 [B<-CRLform> B<DER>|B<PEM>]
61 [B<-chainCAfile> I<infile>]
62 [B<-chainCApath> I<dir>]
63 [B<-chainCAstore> I<uri>]
64 [B<-verifyCAfile> I<infile>]
65 [B<-verifyCApath> I<dir>]
66 [B<-verifyCAstore> I<uri>]
69 [B<-verify_return_error>]
77 [B<-status_timeout> I<int>]
78 [B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>]
79 [B<-no_proxy> I<addresses>]
80 [B<-status_url> I<val>]
81 [B<-status_file> I<infile>]
82 [B<-ssl_config> I<val>]
85 [B<-security_debug_verbose>]
89 [B<-max_send_frag> I<+int>]
90 [B<-split_send_frag> I<+int>]
91 [B<-max_pipelines> I<+int>]
93 [B<-read_buf> I<+int>]
101 [B<-legacy_renegotiation>]
102 [B<-no_renegotiation>]
103 [B<-no_resumption_on_reneg>]
104 [B<-allow_no_dhe_kex>]
105 [B<-prioritize_chacha>]
108 [B<-client_sigalgs> I<val>]
111 [B<-named_curve> I<val>]
113 [B<-ciphersuites> I<val>]
114 [B<-dhparam> I<infile>]
115 [B<-record_padding> I<val>]
116 [B<-debug_broken_protocol>]
118 [B<-psk_identity> I<val>]
119 [B<-psk_hint> I<val>]
121 [B<-psk_session> I<file>]
122 [B<-srpvfile> I<infile>]
123 [B<-srpuserseed> I<val>]
129 [B<-use_srtp> I<val>]
131 [B<-nextprotoneg> I<val>]
135 [B<-zerocopy_sendfile>]
136 [B<-keylogfile> I<outfile>]
137 [B<-recv_max_early_data> I<int>]
138 [B<-max_early_data> I<int>]
146 {- $OpenSSL::safe::opt_name_synopsis -}
147 {- $OpenSSL::safe::opt_version_synopsis -}
148 {- $OpenSSL::safe::opt_v_synopsis -}
149 {- $OpenSSL::safe::opt_s_synopsis -}
150 {- $OpenSSL::safe::opt_x_synopsis -}
151 {- $OpenSSL::safe::opt_trust_synopsis -}
152 {- $OpenSSL::safe::opt_r_synopsis -}
153 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
154 [B<-enable_server_rpk>]
155 [B<-enable_client_rpk>]
159 This command implements a generic SSL/TLS server which
160 listens for connections on a given port using SSL/TLS.
164 In addition to the options below, this command also supports
165 the common and server only options documented
166 L<SSL_CONF_cmd(3)/Supported Command Line Commands>
172 Print out a usage message.
174 =item B<-port> I<+int>
176 The TCP port to listen on for connections. If not specified 4433 is used.
178 =item B<-accept> I<val>
180 The optional TCP host and port to listen on for connections. If not specified, *:4433 is used.
182 =item B<-unix> I<val>
184 Unix domain socket to accept on.
196 For -unix, unlink any existing socket first.
198 =item B<-context> I<val>
200 Sets the SSL context id. It can be given any string value. If this option
201 is not present a default value will be used.
203 =item B<-verify> I<int>, B<-Verify> I<int>
205 The verify depth to use. This specifies the maximum length of the
206 client certificate chain and makes the server request a certificate from
207 the client. With the B<-verify> option a certificate is requested but the
208 client does not have to send one, with the B<-Verify> option the client
209 must supply a certificate or an error occurs.
211 If the cipher suite cannot request a client certificate (for example an
212 anonymous cipher suite or PSK) this option has no effect.
214 =item B<-cert> I<infile>
216 The certificate to use, most servers cipher suites require the use of a
217 certificate and some require a certificate with a certain public key type:
218 for example the DSS cipher suites require a certificate containing a DSS
219 (DSA) key. If not specified then the filename F<server.pem> will be used.
221 =item B<-cert2> I<infile>
223 The certificate file to use for servername; default is C<server2.pem>.
225 =item B<-certform> B<DER>|B<PEM>|B<P12>
227 The server certificate file format; unspecified by default.
228 See L<openssl-format-options(1)> for details.
232 A file or URI of untrusted certificates to use when attempting to build the
233 certificate chain related to the certificate specified via the B<-cert> option.
234 The input can be in PEM, DER, or PKCS#12 format.
236 =item B<-build_chain>
238 Specify whether the application should build the server certificate chain to be
239 provided to the client.
241 =item B<-serverinfo> I<val>
243 A file containing one or more blocks of PEM data. Each PEM block
244 must encode a TLS ServerHello extension (2 bytes type, 2 bytes length,
245 followed by "length" bytes of extension data). If the client sends
246 an empty TLS ClientHello extension matching the type, the corresponding
247 ServerHello extension will be returned.
249 =item B<-key> I<filename>|I<uri>
251 The private key to use. If not specified then the certificate file will
254 =item B<-key2> I<filename>|I<uri>
256 The private Key file to use for servername if not given via B<-cert2>.
258 =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
260 The key format; unspecified by default.
261 See L<openssl-format-options(1)> for details.
263 =item B<-pass> I<val>
265 The private key and certificate file password source.
266 For more information about the format of I<val>,
267 see L<openssl-passphrase-options(1)>.
269 =item B<-dcert> I<infile>, B<-dkey> I<filename>|I<uri>
271 Specify an additional certificate and private key, these behave in the
272 same manner as the B<-cert> and B<-key> options except there is no default
273 if they are not specified (no additional certificate and key is used). As
274 noted above some cipher suites require a certificate containing a key of
275 a certain type. Some cipher suites need a certificate carrying an RSA key
276 and some a DSS (DSA) key. By using RSA and DSS certificates and keys
277 a server can support clients which only support RSA or DSS cipher suites
278 by using an appropriate certificate.
280 =item B<-dcert_chain>
282 A file or URI of untrusted certificates to use when attempting to build the
283 server certificate chain when a certificate specified via the B<-dcert> option
285 The input can be in PEM, DER, or PKCS#12 format.
287 =item B<-dcertform> B<DER>|B<PEM>|B<P12>
289 The format of the additional certificate file; unspecified by default.
290 See L<openssl-format-options(1)> for details.
292 =item B<-dkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
294 The format of the additional private key; unspecified by default.
295 See L<openssl-format-options(1)> for details.
297 =item B<-dpass> I<val>
299 The passphrase for the additional private key and certificate.
300 For more information about the format of I<val>,
301 see L<openssl-passphrase-options(1)>.
305 Tests non blocking I/O.
309 This option translated a line feed from the terminal into CR+LF.
313 Print extensive debugging information including a hex dump of all traffic.
315 =item B<-security_debug>
317 Print output from SSL/TLS security framework.
319 =item B<-security_debug_verbose>
321 Print more output from SSL/TLS security framework
325 Show all protocol messages with hex dump.
327 =item B<-msgfile> I<outfile>
329 File to send output of B<-msg> or B<-trace> to, default standard output.
333 Prints the SSL session states.
335 =item B<-CRL> I<infile>
339 =item B<-CRLform> B<DER>|B<PEM>
341 The CRL file format; unspecified by default.
342 See L<openssl-format-options(1)> for details.
344 =item B<-crl_download>
346 Download CRLs from distribution points given in CDP extensions of certificates
348 =item B<-verifyCAfile> I<filename>
350 A file in PEM format CA containing trusted certificates to use
351 for verifying client certificates.
353 =item B<-verifyCApath> I<dir>
355 A directory containing trusted certificates to use
356 for verifying client certificates.
357 This directory must be in "hash format",
358 see L<openssl-verify(1)> for more information.
360 =item B<-verifyCAstore> I<uri>
362 The URI of a store containing trusted certificates to use
363 for verifying client certificates.
365 =item B<-chainCAfile> I<file>
367 A file in PEM format containing trusted certificates to use
368 when attempting to build the server certificate chain.
370 =item B<-chainCApath> I<dir>
372 A directory containing trusted certificates to use
373 for building the server certificate chain provided to the client.
374 This directory must be in "hash format",
375 see L<openssl-verify(1)> for more information.
377 =item B<-chainCAstore> I<uri>
379 The URI of a store containing trusted certificates to use
380 for building the server certificate chain provided to the client.
381 The URI may indicate a single certificate, as well as a collection of them.
382 With URIs in the C<file:> scheme, this acts as B<-chainCAfile> or
383 B<-chainCApath>, depending on if the URI indicates a directory or a
385 See L<ossl_store-file(7)> for more information on the C<file:> scheme.
389 If this option is set then no certificate is used. This restricts the
390 cipher suites available to the anonymous ones (currently just anonymous
395 Inhibit printing of session and certificate information.
397 =item B<-no_resume_ephemeral>
399 Disable caching and tickets if ephemeral (EC)DH is used.
401 =item B<-tlsextdebug>
403 Print a hex dump of any TLS extensions received from the server.
407 Sends a status message back to the client when it connects. This includes
408 information about the ciphers used and various session parameters.
409 The output is in HTML format so this option can be used with a web browser.
410 The special URL C</renegcert> turns on client cert validation, and C</reneg>
411 tells the server to request renegotiation.
412 The B<-early_data> option cannot be used with this option.
414 =item B<-WWW>, B<-HTTP>
416 Emulates a simple web server. Pages will be resolved relative to the
417 current directory, for example if the URL C<https://myhost/page.html> is
418 requested the file F<./page.html> will be sent.
419 If the B<-HTTP> flag is used, the files are sent directly, and should contain
420 any HTTP response headers (including status response line).
421 If the B<-WWW> option is used,
422 the response headers are generated by the server, and the file extension is
423 examined to determine the B<Content-Type> header.
424 Extensions of C<html>, C<htm>, and C<php> are C<text/html> and all others are
426 In addition, the special URL C</stats> will return status
427 information like the B<-www> option.
428 Neither of these options can be used in conjunction with B<-early_data>.
430 =item B<-http_server_binmode>
432 When acting as web-server (using option B<-WWW> or B<-HTTP>) open files requested
433 by the client in binary mode.
435 =item B<-no_ca_names>
437 Disable TLS Extension CA Names. You may want to disable it for security reasons
438 or for compatibility with some Windows TLS implementations crashing when this
439 extension is larger than 1024 bytes.
441 =item B<-ignore_unexpected_eof>
443 Some TLS implementations do not send the mandatory close_notify alert on
444 shutdown. If the application tries to wait for the close_notify alert but the
445 peer closes the connection without sending it, an error is generated. When this
446 option is enabled the peer does not need to send the close_notify alert and a
447 closed connection will be treated as if the close_notify alert was received.
448 For more information on shutting down a connection, see L<SSL_shutdown(3)>.
452 Servername for HostName TLS extension.
454 =item B<-servername_fatal>
456 On servername mismatch send fatal alert (default: warning alert).
458 =item B<-id_prefix> I<val>
460 Generate SSL/TLS session IDs prefixed by I<val>. This is mostly useful
461 for testing any SSL/TLS code (e.g. proxies) that wish to deal with multiple
462 servers, when each of which might be generating a unique range of session
463 IDs (e.g. with a certain prefix).
465 =item B<-keymatexport>
467 Export keying material using label.
469 =item B<-keymatexportlen>
471 Export the given number of bytes of keying material; default 20.
475 Disable session cache.
479 Disable internal cache, set up and use external cache.
481 =item B<-verify_return_error>
483 Verification errors normally just print a message but allow the
484 connection to continue, for debugging purposes.
485 If this option is used, then verification errors close the connection.
487 =item B<-verify_quiet>
489 No verify output except verify errors.
493 Ignore input EOF (default: when B<-quiet>).
497 Do not ignore input EOF.
501 Disable Encrypt-then-MAC negotiation.
505 Disable Extended master secret negotiation.
509 Enables certificate status request support (aka OCSP stapling).
511 =item B<-status_verbose>
513 Enables certificate status request support (aka OCSP stapling) and gives
514 a verbose printout of the OCSP response.
516 =item B<-status_timeout> I<int>
518 Sets the timeout for OCSP response to I<int> seconds.
520 =item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>
522 The HTTP(S) proxy server to use for reaching the OCSP server unless B<-no_proxy>
524 The proxy port defaults to 80 or 443 if the scheme is C<https>; apart from that
525 the optional C<http://> or C<https://> prefix is ignored,
526 as well as any userinfo and path components.
527 Defaults to the environment variable C<http_proxy> if set, else C<HTTP_PROXY>
528 in case no TLS is used, otherwise C<https_proxy> if set, else C<HTTPS_PROXY>.
530 =item B<-no_proxy> I<addresses>
532 List of IP addresses and/or DNS names of servers
533 not to use an HTTP(S) proxy for, separated by commas and/or whitespace
534 (where in the latter case the whole argument must be enclosed in "...").
535 Default is from the environment variable C<no_proxy> if set, else C<NO_PROXY>.
537 =item B<-status_url> I<val>
539 Sets a fallback responder URL to use if no responder URL is present in the
540 server certificate. Without this option an error is returned if the server
541 certificate does not contain a responder address.
542 The optional userinfo and fragment URL components are ignored.
543 Any given query component is handled as part of the path component.
545 =item B<-status_file> I<infile>
547 Overrides any OCSP responder URLs from the certificate and always provides the
548 OCSP Response stored in the file. The file must be in DER format.
550 =item B<-ssl_config> I<val>
552 Configure SSL_CTX using the given configuration value.
556 Show verbose trace output of protocol messages.
560 Provide a brief summary of connection parameters instead of the normal verbose
565 Simple echo server that sends back received text reversed. Also sets B<-brief>.
566 Cannot be used in conjunction with B<-early_data>.
570 Switch on asynchronous mode. Cryptographic operations will be performed
571 asynchronously. This will only have an effect if an asynchronous capable engine
572 is also used via the B<-engine> option. For test purposes the dummy async engine
573 (dasync) can be used (if available).
575 =item B<-max_send_frag> I<+int>
577 The maximum size of data fragment to send.
578 See L<SSL_CTX_set_max_send_fragment(3)> for further information.
580 =item B<-split_send_frag> I<+int>
582 The size used to split data for encrypt pipelines. If more data is written in
583 one go than this value then it will be split into multiple pipelines, up to the
584 maximum number of pipelines defined by max_pipelines. This only has an effect if
585 a suitable cipher suite has been negotiated, an engine that supports pipelining
586 has been loaded, and max_pipelines is greater than 1. See
587 L<SSL_CTX_set_split_send_fragment(3)> for further information.
589 =item B<-max_pipelines> I<+int>
591 The maximum number of encrypt/decrypt pipelines to be used. This will only have
592 an effect if an engine has been loaded that supports pipelining (e.g. the dasync
593 engine) and a suitable cipher suite has been negotiated. The default value is 1.
594 See L<SSL_CTX_set_max_pipelines(3)> for further information.
596 =item B<-naccept> I<+int>
598 The server will exit after receiving the specified number of connections,
601 =item B<-read_buf> I<+int>
603 The default read buffer size to be used for connections. This will only have an
604 effect if the buffer size is larger than the size that would otherwise be used
605 and pipelining is in use (see L<SSL_CTX_set_default_read_buffer_len(3)> for
606 further information).
610 There are several known bugs in SSL and TLS implementations. Adding this
611 option enables various workarounds.
613 =item B<-no_tx_cert_comp>
615 Disables support for sending TLSv1.3 compressed certificates.
617 =item B<-no_rx_cert_comp>
619 Disables support for receiving TLSv1.3 compressed certificates.
623 Disable negotiation of TLS compression.
624 TLS compression is not recommended and is off by default as of
629 Enable negotiation of TLS compression.
630 This option was introduced in OpenSSL 1.1.0.
631 TLS compression is not recommended and is off by default as of
636 Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3
637 is negotiated. See B<-num_tickets>.
639 =item B<-num_tickets>
641 Control the number of tickets that will be sent to the client after a full
642 handshake in TLSv1.3. The default number of tickets is 2. This option does not
643 affect the number of tickets sent after a resumption handshake.
647 Use the server's cipher preferences, rather than the client's preferences.
649 =item B<-prioritize_chacha>
651 Prioritize ChaCha ciphers when preferred by clients. Requires B<-serverpref>.
653 =item B<-no_resumption_on_reneg>
655 Set the B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> option.
657 =item B<-client_sigalgs> I<val>
659 Signature algorithms to support for client certificate authentication
660 (colon-separated list).
662 =item B<-named_curve> I<val>
664 Specifies the elliptic curve to use. NOTE: this is single curve, not a list.
665 For a list of all possible curves, use:
667 $ openssl ecparam -list_curves
669 =item B<-cipher> I<val>
671 This allows the list of TLSv1.2 and below ciphersuites used by the server to be
672 modified. This list is combined with any TLSv1.3 ciphersuites that have been
673 configured. When the client sends a list of supported ciphers the first client
674 cipher also included in the server list is used. Because the client specifies
675 the preference order, the order of the server cipherlist is irrelevant. See
676 L<openssl-ciphers(1)> for more information.
678 =item B<-ciphersuites> I<val>
680 This allows the list of TLSv1.3 ciphersuites used by the server to be modified.
681 This list is combined with any TLSv1.2 and below ciphersuites that have been
682 configured. When the client sends a list of supported ciphers the first client
683 cipher also included in the server list is used. Because the client specifies
684 the preference order, the order of the server cipherlist is irrelevant. See
685 L<openssl-ciphers(1)> command for more information. The format for this list is
686 a simple colon (":") separated list of TLSv1.3 ciphersuite names.
688 =item B<-dhparam> I<infile>
690 The DH parameter file to use. The ephemeral DH cipher suites generate keys
691 using a set of DH parameters. If not specified then an attempt is made to
692 load the parameters from the server certificate file.
693 If this fails then a static set of parameters hard coded into this command
698 Turns on non blocking I/O.
708 =item B<-psk_identity> I<val>
710 Expect the client to send PSK identity I<val> when using a PSK
711 cipher suite, and warn if they do not. By default, the expected PSK
712 identity is the string "Client_identity".
714 =item B<-psk_hint> I<val>
716 Use the PSK identity hint I<val> when using a PSK cipher suite.
720 Use the PSK key I<val> when using a PSK cipher suite. The key is
721 given as a hexadecimal number without leading 0x, for example -psk
723 This option must be provided in order to use a PSK cipher.
725 =item B<-psk_session> I<file>
727 Use the pem encoded SSL_SESSION data stored in I<file> as the basis of a PSK.
728 Note that this will only work if TLSv1.3 is negotiated.
732 The verifier file for SRP.
733 This option is deprecated.
735 =item B<-srpuserseed>
737 A seed string for a default user salt.
738 This option is deprecated.
742 This option can only be used in conjunction with one of the DTLS options above.
743 With this option, this command will listen on a UDP port for incoming
745 Any ClientHellos that arrive will be checked to see if they have a cookie in
747 Any without a cookie will be responded to with a HelloVerifyRequest.
748 If a ClientHello with a cookie is received then this command will
749 connect to that peer and complete the handshake.
753 Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in
754 conjunction with B<-dtls>, B<-dtls1> or B<-dtls1_2>. This option is only
755 available where OpenSSL has support for SCTP enabled.
757 =item B<-sctp_label_bug>
759 Use the incorrect behaviour of older OpenSSL implementations when computing
760 endpoint-pair shared secrets for DTLS/SCTP. This allows communication with
761 older broken implementations but breaks interoperability with correct
762 implementations. Must be used in conjunction with B<-sctp>. This option is only
763 available where OpenSSL has support for SCTP enabled.
767 Offer SRTP key management with a colon-separated profile list.
771 If this option is set then no DH parameters will be loaded effectively
772 disabling the ephemeral DH cipher suites.
774 =item B<-alpn> I<val>, B<-nextprotoneg> I<val>
776 These flags enable the Application-Layer Protocol Negotiation
777 or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the
778 IETF standard and replaces NPN.
779 The I<val> list is a comma-separated list of supported protocol
780 names. The list should contain the most desirable protocols first.
781 Protocol names are printable ASCII strings, for example "http/1.1" or
783 The flag B<-nextprotoneg> cannot be specified if B<-tls1_3> is used.
787 Enable Kernel TLS for sending and receiving.
788 This option was introduced in OpenSSL 3.2.0.
789 Kernel TLS is off by default as of OpenSSL 3.2.0.
793 If this option is set and KTLS is enabled, SSL_sendfile() will be used
794 instead of BIO_write() to send the HTTP response requested by a client.
795 This option is only valid when B<-ktls> along with B<-WWW> or B<-HTTP>
798 =item B<-zerocopy_sendfile>
800 If this option is set, SSL_sendfile() will use the zerocopy TX mode, which gives
801 a performance boost when used with KTLS hardware offload. Note that invalid
802 TLS records might be transmitted if the file is changed while being sent.
803 This option depends on B<-sendfile>; when used alone, B<-sendfile> is implied,
804 and a warning is shown. Note that KTLS sendfile on FreeBSD always runs in the
807 =item B<-keylogfile> I<outfile>
809 Appends TLS secrets to the specified keylog file such that external programs
810 (like Wireshark) can decrypt TLS connections.
812 =item B<-max_early_data> I<int>
814 Change the default maximum early data bytes that are specified for new sessions
815 and any incoming early data (when used in conjunction with the B<-early_data>
816 flag). The default value is approximately 16k. The argument must be an integer
817 greater than or equal to 0.
819 =item B<-recv_max_early_data> I<int>
821 Specify the hard limit on the maximum number of early data bytes that will
826 Accept early data where possible. Cannot be used in conjunction with B<-www>,
827 B<-WWW>, B<-HTTP> or B<-rev>.
831 Require TLSv1.3 cookies.
833 =item B<-anti_replay>, B<-no_anti_replay>
835 Switches replay protection on or off, respectively. Replay protection is on by
836 default unless overridden by a configuration file. When it is on, OpenSSL will
837 automatically detect if a session ticket has been used more than once, TLSv1.3
838 has been negotiated, and early data is enabled on the server. A full handshake
839 is forced if a session ticket is used a second or subsequent time. Any early
840 data that was sent will be rejected.
844 Enable acceptance of TCP Fast Open (RFC7413) connections.
848 Pre-compresses certificates (RFC8879) that will be sent during the handshake.
850 {- $OpenSSL::safe::opt_name_item -}
852 {- $OpenSSL::safe::opt_version_item -}
854 {- $OpenSSL::safe::opt_s_item -}
856 {- $OpenSSL::safe::opt_x_item -}
858 {- $OpenSSL::safe::opt_trust_item -}
860 {- $OpenSSL::safe::opt_r_item -}
862 {- $OpenSSL::safe::opt_engine_item -}
864 {- $OpenSSL::safe::opt_provider_item -}
866 {- $OpenSSL::safe::opt_v_item -}
868 If the server requests a client certificate, then
869 verification errors are displayed, for debugging, but the command will
870 proceed unless the B<-verify_return_error> option is used.
872 =item B<-enable_server_rpk>
874 Enable support for sending raw public keys (RFC7250) to the client.
875 A raw public key will be sent by the server, if solicited by the client,
876 provided a suitable key and public certificate pair is configured.
877 Clients that don't support raw public keys or prefer to use X.509
878 certificates can still elect to receive X.509 certificates as usual.
880 Raw public keys are extracted from the configured certificate/private key.
882 =item B<-enable_client_rpk>
884 Enable support for receiving raw public keys (RFC7250) from the client.
885 Use of X.509 certificates by the client becomes optional, and clients that
886 support raw public keys may elect to use them.
887 Clients that don't support raw public keys or prefer to use X.509
888 certificates can still elect to send X.509 certificates as usual.
890 Raw public keys are extracted from the configured certificate/private key.
894 =head1 CONNECTED COMMANDS
896 If a connection request is established with an SSL client and neither the
897 B<-www> nor the B<-WWW> option has been used then normally any data received
898 from the client is displayed and any key presses will be sent to the client.
900 Certain commands are also recognized which perform special operations. These
901 commands are a letter which must appear at the start of a line. They are listed
908 End the current SSL connection but still accept new connections.
912 End the current SSL connection and exit.
916 Renegotiate the SSL session (TLSv1.2 and below only).
920 Renegotiate the SSL session and request a client certificate (TLSv1.2 and below
925 Send some plain text down the underlying TCP connection: this should
926 cause the client to disconnect due to a protocol violation.
930 Print out some session cache status information.
934 Send a key update message to the client (TLSv1.3 only)
938 Send a key update message to the client and request one back (TLSv1.3 only)
942 Send a certificate request to the client (TLSv1.3 only)
948 This command can be used to debug SSL clients. To accept connections
949 from a web browser the command:
951 openssl s_server -accept 443 -www
953 can be used for example.
955 Although specifying an empty list of CAs when requesting a client certificate
956 is strictly speaking a protocol violation, some SSL clients interpret this to
957 mean any CA is acceptable. This is useful for debugging purposes.
959 The session parameters can printed out using the L<openssl-sess_id(1)> command.
963 Because this program has a lot of options and also because some of the
964 techniques used are rather old, the C source for this command is rather
965 hard to read and not a model of how things should be done.
966 A typical SSL server program would be much simpler.
968 The output of common ciphers is wrong: it just gives the list of ciphers that
969 OpenSSL recognizes and the client supports.
971 There should be a way for this command to print out details
972 of any unknown cipher suites a client says it supports.
977 L<openssl-sess_id(1)>,
978 L<openssl-s_client(1)>,
979 L<openssl-ciphers(1)>,
981 L<SSL_CTX_set_max_send_fragment(3)>,
982 L<SSL_CTX_set_split_send_fragment(3)>,
983 L<SSL_CTX_set_max_pipelines(3)>,
984 L<ossl_store-file(7)>
988 The -no_alt_chains option was added in OpenSSL 1.1.0.
991 -allow-no-dhe-kex and -prioritize_chacha options were added in OpenSSL 1.1.1.
993 The B<-srpvfile>, B<-srpuserseed>, and B<-engine>
994 option were deprecated in OpenSSL 3.0.
997 B<-enable_client_rpk>,
998 B<-enable_server_rpk>,
1000 B<-no_tx_cert_comp>,
1002 options were added in OpenSSL 3.2.
1006 Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
1008 Licensed under the Apache License 2.0 (the "License"). You may not use
1009 this file except in compliance with the License. You can obtain a copy
1010 in the file LICENSE in the source distribution or at
1011 L<https://www.openssl.org/source/license.html>.