[B<-state>]
[B<-CApath directory>]
[B<-CAfile filename>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
[B<-attime timestamp>]
[B<-check_ss_sig>]
[B<-explicit_policy>]
[B<-suiteB_128_only>]
[B<-suiteB_192>]
[B<-trusted_first>]
+[B<-no_alt_chains>]
[B<-use_deltas>]
[B<-verify_depth num>]
+[B<-verify_return_error>]
[B<-verify_email email>]
[B<-verify_hostname hostname>]
[B<-verify_ip ip>]
[B<-serverpref>]
[B<-quiet>]
[B<-no_tmp_rsa>]
-[B<-ssl2>]
[B<-ssl3>]
[B<-tls1>]
-[B<-no_ssl2>]
+[B<-dtls>]
+[B<-dtls1>]
+[B<-dtls1_2>]
+[B<-listen>]
[B<-no_ssl3>]
[B<-no_tls1>]
[B<-no_dhe>]
[B<-no_ecdhe>]
[B<-bugs>]
[B<-brief>]
-[B<-hack>]
[B<-www>]
[B<-WWW>]
[B<-HTTP>]
[B<-status_verbose>]
[B<-status_timeout nsec>]
[B<-status_url url>]
+[B<-nextprotoneg protocols>]
+
=head1 DESCRIPTION
The B<s_server> command implements a generic SSL/TLS server which listens
=item B<-pass arg>
the private key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
=item B<-dcert filename>, B<-dkey keyname>
certain export cipher suites sometimes use a temporary RSA key, this option
disables temporary RSA key generation.
-=item B<-verify depth>, B<-Verify depth>
-
-The verify depth to use. This specifies the maximum length of the
-client certificate chain and makes the server request a certificate from
-the client. With the B<-verify> option a certificate is requested but the
-client does not have to send one, with the B<-Verify> option the client
-must supply a certificate or an error occurs.
-
=item B<-crl_check>, B<-crl_check_all>
Check the peer certificate has not been revoked by its CA.
is also used in the list of acceptable client CAs passed to the client when
a certificate is requested.
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
+=item B<-verify depth>, B<-Verify depth>
+
+The verify depth to use. This specifies the maximum length of the
+client certificate chain and makes the server request a certificate from
+the client. With the B<-verify> option a certificate is requested but the
+client does not have to send one, with the B<-Verify> option the client
+must supply a certificate or an error occurs.
+
+If the ciphersuite cannot request a client certificate (for example an
+anonymous ciphersuite or PSK) this option has no effect.
+
=item B<-attime>, B<-check_ss_sig>, B<explicit_policy>, B<-extended_crl>,
B<-ignore_critical>, B<-inhibit_any>, B<-inhibit_map>, B<-issuer_checks>,
B<-partial_chain>, B<-policy>, B<-policy_check>, B<-policy_print>, B<-purpose>,
B<-suiteB_128>, B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>,
-B<-use_deltas>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
-B<-verify_ip>, B<-verify_name>, B<-x509_strict>
+B<-no_alt_chains>, B<-use_deltas>, B<-verify_depth>, B<-verify_email>,
+B<-verify_hostname>, B<-verify_ip>, B<-verify_name>, B<-x509_strict>
Set different peer certificate verification options.
-See the L<B<verify>|verify(1)> manual page for details.
+See the L<verify(1)> manual page for details.
+
+=item B<-verify_return_error>
+
+Verification errors normally just print a message but allow the
+connection to continue, for debugging purposes.
+If this option is used, then verification errors close the connection.
=item B<-state>
given as a hexadecimal number without leading 0x, for example -psk
1a2b3c4d.
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
+=item B<-ssl3>, B<-tls1>, B<-no_ssl3>, B<-no_tls1>
these options disable the use of certain SSL or TLS protocols. By default
the initial handshake uses a method which should be compatible with all
-servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
+servers and permit them to use SSL v3 or TLS as appropriate.
+
+=item B<-dtls>, B<-dtls1>, B<-dtls1_2>
+
+these options make s_server use DTLS protocols instead of TLS. With B<-dtls>
+s_server will negotiate any supported DTLS protcol version, whilst B<-dtls1> and
+B<-dtls1_2> will only support DTLS1.0 and DTLS1.2 respectively.
+
+=item B<-listen>
+
+this option can only be used in conjunction with one of the DTLS options above.
+With this option s_server will listen on a UDP port for incoming connections.
+Any ClientHellos that arrive will be checked to see if they have a cookie in
+them or not. Any without a cookie will be responded to with a
+HelloVerifyRequest. If a ClientHello with a cookie is received then s_server
+will connect to that peer and complete the handshake.
=item B<-bugs>
only provide a brief summary of connection parameters instead of the
normal verbose output.
-=item B<-hack>
-
-this option enables a further workaround for some some early Netscape
-SSL code (?).
-
=item B<-cipher cipherlist>
this allows the cipher list used by the server to be modified. When
=item B<-rand file(s)>
a file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+generator, or an EGD socket (see L<RAND_egd(3)>).
Multiple files can be specified separated by a OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
server certificate. Without this option an error is returned if the server
certificate does not contain a responder address.
+=item B<-nextprotoneg protocols>
+
+enable Next Protocol Negotiation TLS extension and provide a
+comma-separated list of supported protocol names.
+The list should contain most wanted protocols first.
+Protocol names are printable ASCII strings, for example "http/1.1" or
+"spdy/3".
+
=back
=head1 CONNECTED COMMANDS
=head1 SEE ALSO
-L<sess_id(1)|sess_id(1)>, L<s_client(1)|s_client(1)>, L<ciphers(1)|ciphers(1)>
+L<sess_id(1)>, L<s_client(1)>, L<ciphers(1)>
+
+=head1 HISTORY
+
+The -no_alt_chains options was first added to OpenSSL 1.1.0.
=cut