2 {- OpenSSL::safe::output_do_not_edit_headers(); -}
6 openssl-s_server - SSL/TLS server program
10 B<openssl> B<s_server>
23 [B<-certform> B<DER>|B<PEM>|B<P12>]
24 [B<-cert_chain> I<infile>]
26 [B<-serverinfo> I<val>]
27 [B<-key> I<filename>|I<uri>]
28 [B<-key2> I<filename>|I<uri>]
29 [B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
32 [B<-dcertform> B<DER>|B<PEM>|B<P12>]
33 [B<-dcert_chain> I<infile>]
34 [B<-dkey> I<filename>|I<uri>]
35 [B<-dkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
41 [B<-msgfile> I<outfile>]
45 [B<-no_resume_ephemeral>]
48 [B<-http_server_binmode>]
50 [B<-ignore_unexpected_eof>]
52 [B<-servername_fatal>]
55 [B<-id_prefix> I<val>]
56 [B<-keymatexport> I<val>]
57 [B<-keymatexportlen> I<+int>]
59 [B<-CRLform> B<DER>|B<PEM>]
61 [B<-chainCAfile> I<infile>]
62 [B<-chainCApath> I<dir>]
63 [B<-chainCAstore> I<uri>]
64 [B<-verifyCAfile> I<infile>]
65 [B<-verifyCApath> I<dir>]
66 [B<-verifyCAstore> I<uri>]
69 [B<-verify_return_error>]
77 [B<-status_timeout> I<int>]
78 [B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>]
79 [B<-no_proxy> I<addresses>]
80 [B<-status_url> I<val>]
81 [B<-status_file> I<infile>]
82 [B<-ssl_config> I<val>]
85 [B<-security_debug_verbose>]
89 [B<-max_send_frag> I<+int>]
90 [B<-split_send_frag> I<+int>]
91 [B<-max_pipelines> I<+int>]
93 [B<-read_buf> I<+int>]
101 [B<-legacy_renegotiation>]
102 [B<-no_renegotiation>]
103 [B<-no_resumption_on_reneg>]
104 [B<-allow_no_dhe_kex>]
105 [B<-prioritize_chacha>]
108 [B<-client_sigalgs> I<val>]
111 [B<-named_curve> I<val>]
113 [B<-ciphersuites> I<val>]
114 [B<-dhparam> I<infile>]
115 [B<-record_padding> I<val>]
116 [B<-debug_broken_protocol>]
118 [B<-psk_identity> I<val>]
119 [B<-psk_hint> I<val>]
121 [B<-psk_session> I<file>]
122 [B<-srpvfile> I<infile>]
123 [B<-srpuserseed> I<val>]
129 [B<-use_srtp> I<val>]
131 [B<-nextprotoneg> I<val>]
135 [B<-zerocopy_sendfile>]
136 [B<-keylogfile> I<outfile>]
137 [B<-recv_max_early_data> I<int>]
138 [B<-max_early_data> I<int>]
146 {- $OpenSSL::safe::opt_name_synopsis -}
147 {- $OpenSSL::safe::opt_version_synopsis -}
148 {- $OpenSSL::safe::opt_v_synopsis -}
149 {- $OpenSSL::safe::opt_s_synopsis -}
150 {- $OpenSSL::safe::opt_x_synopsis -}
151 {- $OpenSSL::safe::opt_trust_synopsis -}
152 {- $OpenSSL::safe::opt_r_synopsis -}
153 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
157 This command implements a generic SSL/TLS server which
158 listens for connections on a given port using SSL/TLS.
162 In addition to the options below, this command also supports
163 the common and server only options documented
164 L<SSL_CONF_cmd(3)/Supported Command Line Commands>
170 Print out a usage message.
172 =item B<-port> I<+int>
174 The TCP port to listen on for connections. If not specified 4433 is used.
176 =item B<-accept> I<val>
178 The optional TCP host and port to listen on for connections. If not specified, *:4433 is used.
180 =item B<-unix> I<val>
182 Unix domain socket to accept on.
194 For -unix, unlink any existing socket first.
196 =item B<-context> I<val>
198 Sets the SSL context id. It can be given any string value. If this option
199 is not present a default value will be used.
201 =item B<-verify> I<int>, B<-Verify> I<int>
203 The verify depth to use. This specifies the maximum length of the
204 client certificate chain and makes the server request a certificate from
205 the client. With the B<-verify> option a certificate is requested but the
206 client does not have to send one, with the B<-Verify> option the client
207 must supply a certificate or an error occurs.
209 If the cipher suite cannot request a client certificate (for example an
210 anonymous cipher suite or PSK) this option has no effect.
212 =item B<-cert> I<infile>
214 The certificate to use, most servers cipher suites require the use of a
215 certificate and some require a certificate with a certain public key type:
216 for example the DSS cipher suites require a certificate containing a DSS
217 (DSA) key. If not specified then the filename F<server.pem> will be used.
219 =item B<-cert2> I<infile>
221 The certificate file to use for servername; default is C<server2.pem>.
223 =item B<-certform> B<DER>|B<PEM>|B<P12>
225 The server certificate file format; unspecified by default.
226 See L<openssl-format-options(1)> for details.
230 A file or URI of untrusted certificates to use when attempting to build the
231 certificate chain related to the certificate specified via the B<-cert> option.
232 The input can be in PEM, DER, or PKCS#12 format.
234 =item B<-build_chain>
236 Specify whether the application should build the server certificate chain to be
237 provided to the client.
239 =item B<-serverinfo> I<val>
241 A file containing one or more blocks of PEM data. Each PEM block
242 must encode a TLS ServerHello extension (2 bytes type, 2 bytes length,
243 followed by "length" bytes of extension data). If the client sends
244 an empty TLS ClientHello extension matching the type, the corresponding
245 ServerHello extension will be returned.
247 =item B<-key> I<filename>|I<uri>
249 The private key to use. If not specified then the certificate file will
252 =item B<-key2> I<filename>|I<uri>
254 The private Key file to use for servername if not given via B<-cert2>.
256 =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
258 The key format; unspecified by default.
259 See L<openssl-format-options(1)> for details.
261 =item B<-pass> I<val>
263 The private key and certificate file password source.
264 For more information about the format of I<val>,
265 see L<openssl-passphrase-options(1)>.
267 =item B<-dcert> I<infile>, B<-dkey> I<filename>|I<uri>
269 Specify an additional certificate and private key, these behave in the
270 same manner as the B<-cert> and B<-key> options except there is no default
271 if they are not specified (no additional certificate and key is used). As
272 noted above some cipher suites require a certificate containing a key of
273 a certain type. Some cipher suites need a certificate carrying an RSA key
274 and some a DSS (DSA) key. By using RSA and DSS certificates and keys
275 a server can support clients which only support RSA or DSS cipher suites
276 by using an appropriate certificate.
278 =item B<-dcert_chain>
280 A file or URI of untrusted certificates to use when attempting to build the
281 server certificate chain when a certificate specified via the B<-dcert> option
283 The input can be in PEM, DER, or PKCS#12 format.
285 =item B<-dcertform> B<DER>|B<PEM>|B<P12>
287 The format of the additional certificate file; unspecified by default.
288 See L<openssl-format-options(1)> for details.
290 =item B<-dkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
292 The format of the additional private key; unspecified by default.
293 See L<openssl-format-options(1)> for details.
295 =item B<-dpass> I<val>
297 The passphrase for the additional private key and certificate.
298 For more information about the format of I<val>,
299 see L<openssl-passphrase-options(1)>.
303 Tests non blocking I/O.
307 This option translated a line feed from the terminal into CR+LF.
311 Print extensive debugging information including a hex dump of all traffic.
313 =item B<-security_debug>
315 Print output from SSL/TLS security framework.
317 =item B<-security_debug_verbose>
319 Print more output from SSL/TLS security framework
323 Show all protocol messages with hex dump.
325 =item B<-msgfile> I<outfile>
327 File to send output of B<-msg> or B<-trace> to, default standard output.
331 Prints the SSL session states.
333 =item B<-CRL> I<infile>
337 =item B<-CRLform> B<DER>|B<PEM>
339 The CRL file format; unspecified by default.
340 See L<openssl-format-options(1)> for details.
342 =item B<-crl_download>
344 Download CRLs from distribution points given in CDP extensions of certificates
346 =item B<-verifyCAfile> I<filename>
348 A file in PEM format CA containing trusted certificates to use
349 for verifying client certificates.
351 =item B<-verifyCApath> I<dir>
353 A directory containing trusted certificates to use
354 for verifying client certificates.
355 This directory must be in "hash format",
356 see L<openssl-verify(1)> for more information.
358 =item B<-verifyCAstore> I<uri>
360 The URI of a store containing trusted certificates to use
361 for verifying client certificates.
363 =item B<-chainCAfile> I<file>
365 A file in PEM format containing trusted certificates to use
366 when attempting to build the server certificate chain.
368 =item B<-chainCApath> I<dir>
370 A directory containing trusted certificates to use
371 for building the server certificate chain provided to the client.
372 This directory must be in "hash format",
373 see L<openssl-verify(1)> for more information.
375 =item B<-chainCAstore> I<uri>
377 The URI of a store containing trusted certificates to use
378 for building the server certificate chain provided to the client.
379 The URI may indicate a single certificate, as well as a collection of them.
380 With URIs in the C<file:> scheme, this acts as B<-chainCAfile> or
381 B<-chainCApath>, depending on if the URI indicates a directory or a
383 See L<ossl_store-file(7)> for more information on the C<file:> scheme.
387 If this option is set then no certificate is used. This restricts the
388 cipher suites available to the anonymous ones (currently just anonymous
393 Inhibit printing of session and certificate information.
395 =item B<-no_resume_ephemeral>
397 Disable caching and tickets if ephemeral (EC)DH is used.
399 =item B<-tlsextdebug>
401 Print a hex dump of any TLS extensions received from the server.
405 Sends a status message back to the client when it connects. This includes
406 information about the ciphers used and various session parameters.
407 The output is in HTML format so this option can be used with a web browser.
408 The special URL C</renegcert> turns on client cert validation, and C</reneg>
409 tells the server to request renegotiation.
410 The B<-early_data> option cannot be used with this option.
412 =item B<-WWW>, B<-HTTP>
414 Emulates a simple web server. Pages will be resolved relative to the
415 current directory, for example if the URL C<https://myhost/page.html> is
416 requested the file F<./page.html> will be sent.
417 If the B<-HTTP> flag is used, the files are sent directly, and should contain
418 any HTTP response headers (including status response line).
419 If the B<-WWW> option is used,
420 the response headers are generated by the server, and the file extension is
421 examined to determine the B<Content-Type> header.
422 Extensions of C<html>, C<htm>, and C<php> are C<text/html> and all others are
424 In addition, the special URL C</stats> will return status
425 information like the B<-www> option.
426 Neither of these options can be used in conjunction with B<-early_data>.
428 =item B<-http_server_binmode>
430 When acting as web-server (using option B<-WWW> or B<-HTTP>) open files requested
431 by the client in binary mode.
433 =item B<-no_ca_names>
435 Disable TLS Extension CA Names. You may want to disable it for security reasons
436 or for compatibility with some Windows TLS implementations crashing when this
437 extension is larger than 1024 bytes.
439 =item B<-ignore_unexpected_eof>
441 Some TLS implementations do not send the mandatory close_notify alert on
442 shutdown. If the application tries to wait for the close_notify alert but the
443 peer closes the connection without sending it, an error is generated. When this
444 option is enabled the peer does not need to send the close_notify alert and a
445 closed connection will be treated as if the close_notify alert was received.
446 For more information on shutting down a connection, see L<SSL_shutdown(3)>.
450 Servername for HostName TLS extension.
452 =item B<-servername_fatal>
454 On servername mismatch send fatal alert (default: warning alert).
456 =item B<-id_prefix> I<val>
458 Generate SSL/TLS session IDs prefixed by I<val>. This is mostly useful
459 for testing any SSL/TLS code (e.g. proxies) that wish to deal with multiple
460 servers, when each of which might be generating a unique range of session
461 IDs (e.g. with a certain prefix).
463 =item B<-keymatexport>
465 Export keying material using label.
467 =item B<-keymatexportlen>
469 Export the given number of bytes of keying material; default 20.
473 Disable session cache.
477 Disable internal cache, set up and use external cache.
479 =item B<-verify_return_error>
481 Verification errors normally just print a message but allow the
482 connection to continue, for debugging purposes.
483 If this option is used, then verification errors close the connection.
485 =item B<-verify_quiet>
487 No verify output except verify errors.
491 Ignore input EOF (default: when B<-quiet>).
495 Do not ignore input EOF.
499 Disable Encrypt-then-MAC negotiation.
503 Disable Extended master secret negotiation.
507 Enables certificate status request support (aka OCSP stapling).
509 =item B<-status_verbose>
511 Enables certificate status request support (aka OCSP stapling) and gives
512 a verbose printout of the OCSP response.
514 =item B<-status_timeout> I<int>
516 Sets the timeout for OCSP response to I<int> seconds.
518 =item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>
520 The HTTP(S) proxy server to use for reaching the OCSP server unless B<-no_proxy>
522 The proxy port defaults to 80 or 443 if the scheme is C<https>; apart from that
523 the optional C<http://> or C<https://> prefix is ignored,
524 as well as any userinfo and path components.
525 Defaults to the environment variable C<http_proxy> if set, else C<HTTP_PROXY>
526 in case no TLS is used, otherwise C<https_proxy> if set, else C<HTTPS_PROXY>.
528 =item B<-no_proxy> I<addresses>
530 List of IP addresses and/or DNS names of servers
531 not to use an HTTP(S) proxy for, separated by commas and/or whitespace
532 (where in the latter case the whole argument must be enclosed in "...").
533 Default is from the environment variable C<no_proxy> if set, else C<NO_PROXY>.
535 =item B<-status_url> I<val>
537 Sets a fallback responder URL to use if no responder URL is present in the
538 server certificate. Without this option an error is returned if the server
539 certificate does not contain a responder address.
540 The optional userinfo and fragment URL components are ignored.
541 Any given query component is handled as part of the path component.
543 =item B<-status_file> I<infile>
545 Overrides any OCSP responder URLs from the certificate and always provides the
546 OCSP Response stored in the file. The file must be in DER format.
548 =item B<-ssl_config> I<val>
550 Configure SSL_CTX using the given configuration value.
554 Show verbose trace output of protocol messages.
558 Provide a brief summary of connection parameters instead of the normal verbose
563 Simple echo server that sends back received text reversed. Also sets B<-brief>.
564 Cannot be used in conjunction with B<-early_data>.
568 Switch on asynchronous mode. Cryptographic operations will be performed
569 asynchronously. This will only have an effect if an asynchronous capable engine
570 is also used via the B<-engine> option. For test purposes the dummy async engine
571 (dasync) can be used (if available).
573 =item B<-max_send_frag> I<+int>
575 The maximum size of data fragment to send.
576 See L<SSL_CTX_set_max_send_fragment(3)> for further information.
578 =item B<-split_send_frag> I<+int>
580 The size used to split data for encrypt pipelines. If more data is written in
581 one go than this value then it will be split into multiple pipelines, up to the
582 maximum number of pipelines defined by max_pipelines. This only has an effect if
583 a suitable cipher suite has been negotiated, an engine that supports pipelining
584 has been loaded, and max_pipelines is greater than 1. See
585 L<SSL_CTX_set_split_send_fragment(3)> for further information.
587 =item B<-max_pipelines> I<+int>
589 The maximum number of encrypt/decrypt pipelines to be used. This will only have
590 an effect if an engine has been loaded that supports pipelining (e.g. the dasync
591 engine) and a suitable cipher suite has been negotiated. The default value is 1.
592 See L<SSL_CTX_set_max_pipelines(3)> for further information.
594 =item B<-naccept> I<+int>
596 The server will exit after receiving the specified number of connections,
599 =item B<-read_buf> I<+int>
601 The default read buffer size to be used for connections. This will only have an
602 effect if the buffer size is larger than the size that would otherwise be used
603 and pipelining is in use (see L<SSL_CTX_set_default_read_buffer_len(3)> for
604 further information).
608 There are several known bugs in SSL and TLS implementations. Adding this
609 option enables various workarounds.
611 =item B<-no_tx_cert_comp>
613 Disables support for sending TLSv1.3 compressed certificates.
615 =item B<-no_rx_cert_comp>
617 Disables support for receiving TLSv1.3 compressed certificates.
621 Disable negotiation of TLS compression.
622 TLS compression is not recommended and is off by default as of
627 Enable negotiation of TLS compression.
628 This option was introduced in OpenSSL 1.1.0.
629 TLS compression is not recommended and is off by default as of
634 Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3
635 is negotiated. See B<-num_tickets>.
637 =item B<-num_tickets>
639 Control the number of tickets that will be sent to the client after a full
640 handshake in TLSv1.3. The default number of tickets is 2. This option does not
641 affect the number of tickets sent after a resumption handshake.
645 Use the server's cipher preferences, rather than the client's preferences.
647 =item B<-prioritize_chacha>
649 Prioritize ChaCha ciphers when preferred by clients. Requires B<-serverpref>.
651 =item B<-no_resumption_on_reneg>
653 Set the B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> option.
655 =item B<-client_sigalgs> I<val>
657 Signature algorithms to support for client certificate authentication
658 (colon-separated list).
660 =item B<-named_curve> I<val>
662 Specifies the elliptic curve to use. NOTE: this is single curve, not a list.
663 For a list of all possible curves, use:
665 $ openssl ecparam -list_curves
667 =item B<-cipher> I<val>
669 This allows the list of TLSv1.2 and below ciphersuites used by the server to be
670 modified. This list is combined with any TLSv1.3 ciphersuites that have been
671 configured. When the client sends a list of supported ciphers the first client
672 cipher also included in the server list is used. Because the client specifies
673 the preference order, the order of the server cipherlist is irrelevant. See
674 L<openssl-ciphers(1)> for more information.
676 =item B<-ciphersuites> I<val>
678 This allows the list of TLSv1.3 ciphersuites used by the server to be modified.
679 This list is combined with any TLSv1.2 and below ciphersuites that have been
680 configured. When the client sends a list of supported ciphers the first client
681 cipher also included in the server list is used. Because the client specifies
682 the preference order, the order of the server cipherlist is irrelevant. See
683 L<openssl-ciphers(1)> command for more information. The format for this list is
684 a simple colon (":") separated list of TLSv1.3 ciphersuite names.
686 =item B<-dhparam> I<infile>
688 The DH parameter file to use. The ephemeral DH cipher suites generate keys
689 using a set of DH parameters. If not specified then an attempt is made to
690 load the parameters from the server certificate file.
691 If this fails then a static set of parameters hard coded into this command
696 Turns on non blocking I/O.
706 =item B<-psk_identity> I<val>
708 Expect the client to send PSK identity I<val> when using a PSK
709 cipher suite, and warn if they do not. By default, the expected PSK
710 identity is the string "Client_identity".
712 =item B<-psk_hint> I<val>
714 Use the PSK identity hint I<val> when using a PSK cipher suite.
718 Use the PSK key I<val> when using a PSK cipher suite. The key is
719 given as a hexadecimal number without leading 0x, for example -psk
721 This option must be provided in order to use a PSK cipher.
723 =item B<-psk_session> I<file>
725 Use the pem encoded SSL_SESSION data stored in I<file> as the basis of a PSK.
726 Note that this will only work if TLSv1.3 is negotiated.
730 The verifier file for SRP.
731 This option is deprecated.
733 =item B<-srpuserseed>
735 A seed string for a default user salt.
736 This option is deprecated.
740 This option can only be used in conjunction with one of the DTLS options above.
741 With this option, this command will listen on a UDP port for incoming
743 Any ClientHellos that arrive will be checked to see if they have a cookie in
745 Any without a cookie will be responded to with a HelloVerifyRequest.
746 If a ClientHello with a cookie is received then this command will
747 connect to that peer and complete the handshake.
751 Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in
752 conjunction with B<-dtls>, B<-dtls1> or B<-dtls1_2>. This option is only
753 available where OpenSSL has support for SCTP enabled.
755 =item B<-sctp_label_bug>
757 Use the incorrect behaviour of older OpenSSL implementations when computing
758 endpoint-pair shared secrets for DTLS/SCTP. This allows communication with
759 older broken implementations but breaks interoperability with correct
760 implementations. Must be used in conjunction with B<-sctp>. This option is only
761 available where OpenSSL has support for SCTP enabled.
765 Offer SRTP key management with a colon-separated profile list.
769 If this option is set then no DH parameters will be loaded effectively
770 disabling the ephemeral DH cipher suites.
772 =item B<-alpn> I<val>, B<-nextprotoneg> I<val>
774 These flags enable the Application-Layer Protocol Negotiation
775 or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the
776 IETF standard and replaces NPN.
777 The I<val> list is a comma-separated list of supported protocol
778 names. The list should contain the most desirable protocols first.
779 Protocol names are printable ASCII strings, for example "http/1.1" or
781 The flag B<-nextprotoneg> cannot be specified if B<-tls1_3> is used.
785 Enable Kernel TLS for sending and receiving.
786 This option was introduced in OpenSSL 3.2.0.
787 Kernel TLS is off by default as of OpenSSL 3.2.0.
791 If this option is set and KTLS is enabled, SSL_sendfile() will be used
792 instead of BIO_write() to send the HTTP response requested by a client.
793 This option is only valid when B<-ktls> along with B<-WWW> or B<-HTTP>
796 =item B<-zerocopy_sendfile>
798 If this option is set, SSL_sendfile() will use the zerocopy TX mode, which gives
799 a performance boost when used with KTLS hardware offload. Note that invalid
800 TLS records might be transmitted if the file is changed while being sent.
801 This option depends on B<-sendfile>; when used alone, B<-sendfile> is implied,
802 and a warning is shown. Note that KTLS sendfile on FreeBSD always runs in the
805 =item B<-keylogfile> I<outfile>
807 Appends TLS secrets to the specified keylog file such that external programs
808 (like Wireshark) can decrypt TLS connections.
810 =item B<-max_early_data> I<int>
812 Change the default maximum early data bytes that are specified for new sessions
813 and any incoming early data (when used in conjunction with the B<-early_data>
814 flag). The default value is approximately 16k. The argument must be an integer
815 greater than or equal to 0.
817 =item B<-recv_max_early_data> I<int>
819 Specify the hard limit on the maximum number of early data bytes that will
824 Accept early data where possible. Cannot be used in conjunction with B<-www>,
825 B<-WWW>, B<-HTTP> or B<-rev>.
829 Require TLSv1.3 cookies.
831 =item B<-anti_replay>, B<-no_anti_replay>
833 Switches replay protection on or off, respectively. Replay protection is on by
834 default unless overridden by a configuration file. When it is on, OpenSSL will
835 automatically detect if a session ticket has been used more than once, TLSv1.3
836 has been negotiated, and early data is enabled on the server. A full handshake
837 is forced if a session ticket is used a second or subsequent time. Any early
838 data that was sent will be rejected.
842 Enable acceptance of TCP Fast Open (RFC7413) connections.
846 Pre-compresses certificates (RFC8879) that will be sent during the handshake.
848 {- $OpenSSL::safe::opt_name_item -}
850 {- $OpenSSL::safe::opt_version_item -}
852 {- $OpenSSL::safe::opt_s_item -}
854 {- $OpenSSL::safe::opt_x_item -}
856 {- $OpenSSL::safe::opt_trust_item -}
858 {- $OpenSSL::safe::opt_r_item -}
860 {- $OpenSSL::safe::opt_engine_item -}
862 {- $OpenSSL::safe::opt_provider_item -}
864 {- $OpenSSL::safe::opt_v_item -}
866 If the server requests a client certificate, then
867 verification errors are displayed, for debugging, but the command will
868 proceed unless the B<-verify_return_error> option is used.
872 =head1 CONNECTED COMMANDS
874 If a connection request is established with an SSL client and neither the
875 B<-www> nor the B<-WWW> option has been used then normally any data received
876 from the client is displayed and any key presses will be sent to the client.
878 Certain commands are also recognized which perform special operations. These
879 commands are a letter which must appear at the start of a line. They are listed
886 End the current SSL connection but still accept new connections.
890 End the current SSL connection and exit.
894 Renegotiate the SSL session (TLSv1.2 and below only).
898 Renegotiate the SSL session and request a client certificate (TLSv1.2 and below
903 Send some plain text down the underlying TCP connection: this should
904 cause the client to disconnect due to a protocol violation.
908 Print out some session cache status information.
912 Send a key update message to the client (TLSv1.3 only)
916 Send a key update message to the client and request one back (TLSv1.3 only)
920 Send a certificate request to the client (TLSv1.3 only)
926 This command can be used to debug SSL clients. To accept connections
927 from a web browser the command:
929 openssl s_server -accept 443 -www
931 can be used for example.
933 Although specifying an empty list of CAs when requesting a client certificate
934 is strictly speaking a protocol violation, some SSL clients interpret this to
935 mean any CA is acceptable. This is useful for debugging purposes.
937 The session parameters can printed out using the L<openssl-sess_id(1)> command.
941 Because this program has a lot of options and also because some of the
942 techniques used are rather old, the C source for this command is rather
943 hard to read and not a model of how things should be done.
944 A typical SSL server program would be much simpler.
946 The output of common ciphers is wrong: it just gives the list of ciphers that
947 OpenSSL recognizes and the client supports.
949 There should be a way for this command to print out details
950 of any unknown cipher suites a client says it supports.
955 L<openssl-sess_id(1)>,
956 L<openssl-s_client(1)>,
957 L<openssl-ciphers(1)>,
959 L<SSL_CTX_set_max_send_fragment(3)>,
960 L<SSL_CTX_set_split_send_fragment(3)>,
961 L<SSL_CTX_set_max_pipelines(3)>,
962 L<ossl_store-file(7)>
966 The -no_alt_chains option was added in OpenSSL 1.1.0.
969 -allow-no-dhe-kex and -prioritize_chacha options were added in OpenSSL 1.1.1.
971 The B<-srpvfile>, B<-srpuserseed>, and B<-engine>
972 option were deprecated in OpenSSL 3.0.
974 The B<-tfo>, B<-no_tx_cert_comp>, and B<-no_rx_cert_comp> options were added
979 Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
981 Licensed under the Apache License 2.0 (the "License"). You may not use
982 this file except in compliance with the License. You can obtain a copy
983 in the file LICENSE in the source distribution or at
984 L<https://www.openssl.org/source/license.html>.