[B<-state>]
[B<-CApath directory>]
[B<-CAfile filename>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
[B<-attime timestamp>]
[B<-check_ss_sig>]
[B<-explicit_policy>]
[B<-no_tmp_rsa>]
[B<-ssl3>]
[B<-tls1>]
+[B<-dtls>]
+[B<-dtls1>]
+[B<-dtls1_2>]
+[B<-listen>]
[B<-no_ssl3>]
[B<-no_tls1>]
[B<-no_dhe>]
[B<-no_ecdhe>]
[B<-bugs>]
[B<-brief>]
-[B<-hack>]
[B<-www>]
[B<-WWW>]
[B<-HTTP>]
=item B<-pass arg>
the private key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
=item B<-dcert filename>, B<-dkey keyname>
is also used in the list of acceptable client CAs passed to the client when
a certificate is requested.
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
=item B<-verify depth>, B<-Verify depth>
The verify depth to use. This specifies the maximum length of the
B<-verify_hostname>, B<-verify_ip>, B<-verify_name>, B<-x509_strict>
Set different peer certificate verification options.
-See the L<B<verify>|verify(1)> manual page for details.
+See the L<verify(1)> manual page for details.
=item B<-verify_return_error>
the initial handshake uses a method which should be compatible with all
servers and permit them to use SSL v3 or TLS as appropriate.
+=item B<-dtls>, B<-dtls1>, B<-dtls1_2>
+
+these options make s_server use DTLS protocols instead of TLS. With B<-dtls>
+s_server will negotiate any supported DTLS protcol version, whilst B<-dtls1> and
+B<-dtls1_2> will only support DTLS1.0 and DTLS1.2 respectively.
+
+=item B<-listen>
+
+this option can only be used in conjunction with one of the DTLS options above.
+With this option s_server will listen on a UDP port for incoming connections.
+Any ClientHellos that arrive will be checked to see if they have a cookie in
+them or not. Any without a cookie will be responded to with a
+HelloVerifyRequest. If a ClientHello with a cookie is received then s_server
+will connect to that peer and complete the handshake.
+
=item B<-bugs>
there are several known bug in SSL and TLS implementations. Adding this
only provide a brief summary of connection parameters instead of the
normal verbose output.
-=item B<-hack>
-
-this option enables a further workaround for some some early Netscape
-SSL code (?).
-
=item B<-cipher cipherlist>
this allows the cipher list used by the server to be modified. When
=item B<-rand file(s)>
a file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+generator, or an EGD socket (see L<RAND_egd(3)>).
Multiple files can be specified separated by a OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
=head1 SEE ALSO
-L<sess_id(1)|sess_id(1)>, L<s_client(1)|s_client(1)>, L<ciphers(1)|ciphers(1)>
+L<sess_id(1)>, L<s_client(1)>, L<ciphers(1)>
=head1 HISTORY