OLD | NEW |
1 | 1 |
2 =pod | 2 =pod |
3 | 3 |
4 =head1 NAME | 4 =head1 NAME |
5 | 5 |
6 s_server - SSL/TLS server program | 6 s_server - SSL/TLS server program |
7 | 7 |
8 =head1 SYNOPSIS | 8 =head1 SYNOPSIS |
9 | 9 |
10 B<openssl> B<s_server> | 10 B<openssl> B<s_server> |
(...skipping 173 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
184 turns on non blocking I/O | 184 turns on non blocking I/O |
185 | 185 |
186 =item B<-crlf> | 186 =item B<-crlf> |
187 | 187 |
188 this option translated a line feed from the terminal into CR+LF. | 188 this option translated a line feed from the terminal into CR+LF. |
189 | 189 |
190 =item B<-quiet> | 190 =item B<-quiet> |
191 | 191 |
192 inhibit printing of session and certificate information. | 192 inhibit printing of session and certificate information. |
193 | 193 |
| 194 =item B<-psk_hint hint> |
| 195 |
| 196 Use the PSK identity hint B<hint> when using a PSK cipher suite. |
| 197 |
| 198 =item B<-psk key> |
| 199 |
| 200 Use the PSK key B<key> when using a PSK cipher suite. The key is |
| 201 given as a hexadecimal number without leading 0x, for example -psk |
| 202 1a2b3c4d. |
| 203 |
194 =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> | 204 =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> |
195 | 205 |
196 these options disable the use of certain SSL or TLS protocols. By default | 206 these options disable the use of certain SSL or TLS protocols. By default |
197 the initial handshake uses a method which should be compatible with all | 207 the initial handshake uses a method which should be compatible with all |
198 servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. | 208 servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. |
199 | 209 |
200 =item B<-bugs> | 210 =item B<-bugs> |
201 | 211 |
202 there are several known bug in SSL and TLS implementations. Adding this | 212 there are several known bug in SSL and TLS implementations. Adding this |
203 option enables various workarounds. | 213 option enables various workarounds. |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
239 =item B<-HTTP> | 249 =item B<-HTTP> |
240 | 250 |
241 emulates a simple web server. Pages will be resolved relative to the | 251 emulates a simple web server. Pages will be resolved relative to the |
242 current directory, for example if the URL https://myhost/page.html is | 252 current directory, for example if the URL https://myhost/page.html is |
243 requested the file ./page.html will be loaded. The files loaded are | 253 requested the file ./page.html will be loaded. The files loaded are |
244 assumed to contain a complete and correct HTTP response (lines that | 254 assumed to contain a complete and correct HTTP response (lines that |
245 are part of the HTTP response line and headers must end with CRLF). | 255 are part of the HTTP response line and headers must end with CRLF). |
246 | 256 |
247 =item B<-engine id> | 257 =item B<-engine id> |
248 | 258 |
249 specifying an engine (by it's unique B<id> string) will cause B<s_server> | 259 specifying an engine (by its unique B<id> string) will cause B<s_server> |
250 to attempt to obtain a functional reference to the specified engine, | 260 to attempt to obtain a functional reference to the specified engine, |
251 thus initialising it if needed. The engine will then be set as the default | 261 thus initialising it if needed. The engine will then be set as the default |
252 for all available algorithms. | 262 for all available algorithms. |
253 | 263 |
254 =item B<-id_prefix arg> | 264 =item B<-id_prefix arg> |
255 | 265 |
256 generate SSL/TLS session IDs prefixed by B<arg>. This is mostly useful | 266 generate SSL/TLS session IDs prefixed by B<arg>. This is mostly useful |
257 for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple | 267 for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple |
258 servers, when each of which might be generating a unique range of session | 268 servers, when each of which might be generating a unique range of session |
259 IDs (eg. with a certain prefix). | 269 IDs (eg. with a certain prefix). |
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
318 Most web browsers (in particular Netscape and MSIE) only support RSA cipher | 328 Most web browsers (in particular Netscape and MSIE) only support RSA cipher |
319 suites, so they cannot connect to servers which don't use a certificate | 329 suites, so they cannot connect to servers which don't use a certificate |
320 carrying an RSA key or a version of OpenSSL with RSA disabled. | 330 carrying an RSA key or a version of OpenSSL with RSA disabled. |
321 | 331 |
322 Although specifying an empty list of CAs when requesting a client certificate | 332 Although specifying an empty list of CAs when requesting a client certificate |
323 is strictly speaking a protocol violation, some SSL clients interpret this to | 333 is strictly speaking a protocol violation, some SSL clients interpret this to |
324 mean any CA is acceptable. This is useful for debugging purposes. | 334 mean any CA is acceptable. This is useful for debugging purposes. |
325 | 335 |
326 The session parameters can printed out using the B<sess_id> program. | 336 The session parameters can printed out using the B<sess_id> program. |
327 | 337 |
328 TLS extensions are only supported in OpenSSL 0.9.8 if they are explictly | |
329 enabled at compile time using for example the B<enable-tlsext> switch. | |
330 | |
331 =head1 BUGS | 338 =head1 BUGS |
332 | 339 |
333 Because this program has a lot of options and also because some of | 340 Because this program has a lot of options and also because some of |
334 the techniques used are rather old, the C source of s_server is rather | 341 the techniques used are rather old, the C source of s_server is rather |
335 hard to read and not a model of how things should be done. A typical | 342 hard to read and not a model of how things should be done. A typical |
336 SSL server program would be much simpler. | 343 SSL server program would be much simpler. |
337 | 344 |
338 The output of common ciphers is wrong: it just gives the list of ciphers that | 345 The output of common ciphers is wrong: it just gives the list of ciphers that |
339 OpenSSL recognizes and the client supports. | 346 OpenSSL recognizes and the client supports. |
340 | 347 |
341 There should be a way for the B<s_server> program to print out details of any | 348 There should be a way for the B<s_server> program to print out details of any |
342 unknown cipher suites a client says it supports. | 349 unknown cipher suites a client says it supports. |
343 | 350 |
344 =head1 SEE ALSO | 351 =head1 SEE ALSO |
345 | 352 |
346 L<sess_id(1)|sess_id(1)>, L<s_client(1)|s_client(1)>, L<ciphers(1)|ciphers(1)> | 353 L<sess_id(1)|sess_id(1)>, L<s_client(1)|s_client(1)>, L<ciphers(1)|ciphers(1)> |
347 | 354 |
348 =cut | 355 =cut |
OLD | NEW |