openssl-s_server.pod.in - OpenGrok cross reference for /third_party/openssl/doc/man1/openssl-s

Lines Matching +full:enable +full:- +full:ssl +full:- +full:trace
2 {- OpenSSL::safe::output_do_not_edit_headers(); -}
6 openssl-s_server - SSL/TLS server program
11 [B<-help>]
12 [B<-port> I<+int>]
13 [B<-accept> I<val>]
14 [B<-unix> I<val>]
15 [B<-4>]
16 [B<-6>]
17 [B<-unlink>]
18 [B<-context> I<val>]
19 [B<-verify> I<int>]
20 [B<-Verify> I<int>]
21 [B<-cert> I<infile>]
22 [B<-cert2> I<infile>]
23 [B<-certform> B<DER>|B<PEM>|B<P12>]
24 [B<-cert_chain> I<infile>]
25 [B<-build_chain>]
26 [B<-serverinfo> I<val>]
27 [B<-key> I<filename>|I<uri>]
28 [B<-key2> I<filename>|I<uri>]
29 [B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
30 [B<-pass> I<val>]
31 [B<-dcert> I<infile>]
32 [B<-dcertform> B<DER>|B<PEM>|B<P12>]
33 [B<-dcert_chain> I<infile>]
34 [B<-dkey> I<filename>|I<uri>]
35 [B<-dkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
36 [B<-dpass> I<val>]
37 [B<-nbio_test>]
38 [B<-crlf>]
39 [B<-debug>]
40 [B<-msg>]
41 [B<-msgfile> I<outfile>]
42 [B<-state>]
43 [B<-nocert>]
44 [B<-quiet>]
45 [B<-no_resume_ephemeral>]
46 [B<-www>]
47 [B<-WWW>]
48 [B<-http_server_binmode>]
49 [B<-no_ca_names>]
50 [B<-ignore_unexpected_eof>]
51 [B<-servername>]
52 [B<-servername_fatal>]
53 [B<-tlsextdebug>]
54 [B<-HTTP>]
55 [B<-id_prefix> I<val>]
56 [B<-keymatexport> I<val>]
57 [B<-keymatexportlen> I<+int>]
58 [B<-CRL> I<infile>]
59 [B<-CRLform> B<DER>|B<PEM>]
60 [B<-crl_download>]
61 [B<-chainCAfile> I<infile>]
62 [B<-chainCApath> I<dir>]
63 [B<-chainCAstore> I<uri>]
64 [B<-verifyCAfile> I<infile>]
65 [B<-verifyCApath> I<dir>]
66 [B<-verifyCAstore> I<uri>]
67 [B<-no_cache>]
68 [B<-ext_cache>]
69 [B<-verify_return_error>]
70 [B<-verify_quiet>]
71 [B<-ign_eof>]
72 [B<-no_ign_eof>]
73 [B<-no_etm>]
74 [B<-status>]
75 [B<-status_verbose>]
76 [B<-status_timeout> I<int>]
77 [B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>]
78 [B<-no_proxy> I<addresses>]
79 [B<-status_url> I<val>]
80 [B<-status_file> I<infile>]
81 [B<-ssl_config> I<val>]
82 [B<-trace>]
83 [B<-security_debug>]
84 [B<-security_debug_verbose>]
85 [B<-brief>]
86 [B<-rev>]
87 [B<-async>]
88 [B<-max_send_frag> I<+int>]
89 [B<-split_send_frag> I<+int>]
90 [B<-max_pipelines> I<+int>]
91 [B<-naccept> I<+int>]
92 [B<-read_buf> I<+int>]
93 [B<-bugs>]
94 [B<-no_comp>]
95 [B<-comp>]
96 [B<-no_ticket>]
97 [B<-serverpref>]
98 [B<-legacy_renegotiation>]
99 [B<-no_renegotiation>]
100 [B<-no_resumption_on_reneg>]
101 [B<-allow_no_dhe_kex>]
102 [B<-prioritize_chacha>]
103 [B<-strict>]
104 [B<-sigalgs> I<val>]
105 [B<-client_sigalgs> I<val>]
106 [B<-groups> I<val>]
107 [B<-curves> I<val>]
108 [B<-named_curve> I<val>]
109 [B<-cipher> I<val>]
110 [B<-ciphersuites> I<val>]
111 [B<-dhparam> I<infile>]
112 [B<-record_padding> I<val>]
113 [B<-debug_broken_protocol>]
114 [B<-nbio>]
115 [B<-psk_identity> I<val>]
116 [B<-psk_hint> I<val>]
117 [B<-psk> I<val>]
118 [B<-psk_session> I<file>]
119 [B<-srpvfile> I<infile>]
120 [B<-srpuserseed> I<val>]
121 [B<-timeout>]
122 [B<-mtu> I<+int>]
123 [B<-listen>]
124 [B<-sctp>]
125 [B<-sctp_label_bug>]
126 [B<-use_srtp> I<val>]
127 [B<-no_dhe>]
128 [B<-nextprotoneg> I<val>]
129 [B<-alpn> I<val>]
130 [B<-sendfile>]
131 [B<-keylogfile> I<outfile>]
132 [B<-recv_max_early_data> I<int>]
133 [B<-max_early_data> I<int>]
134 [B<-early_data>]
135 [B<-stateless>]
136 [B<-anti_replay>]
137 [B<-no_anti_replay>]
138 [B<-num_tickets>]
139 {- $OpenSSL::safe::opt_name_synopsis -}
140 {- $OpenSSL::safe::opt_version_synopsis -}
141 {- $OpenSSL::safe::opt_v_synopsis -}
142 {- $OpenSSL::safe::opt_s_synopsis -}
143 {- $OpenSSL::safe::opt_x_synopsis -}
144 {- $OpenSSL::safe::opt_trust_synopsis -}
145 {- $OpenSSL::safe::opt_r_synopsis -}
146 {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
150 This command implements a generic SSL/TLS server which
151 listens for connections on a given port using SSL/TLS.
161 =item B<-help>
165 =item B<-port> I<+int>
169 =item B<-accept> I<val>
173 =item B<-unix> I<val>
177 =item B<-4>
181 =item B<-6>
185 =item B<-unlink>
187 For -unix, unlink any existing socket first.
189 =item B<-context> I<val>
191 Sets the SSL context id. It can be given any string value. If this option
194 =item B<-verify> I<int>, B<-Verify> I<int>
198 the client. With the B<-verify> option a certificate is requested but the
199 client does not have to send one, with the B<-Verify> option the client
205 =item B<-cert> I<infile>
212 =item B<-cert2> I<infile>
216 =item B<-certform> B<DER>|B<PEM>|B<P12>
219 See L<openssl-format-options(1)> for details.
221 =item B<-cert_chain>
224 certificate chain related to the certificate specified via the B<-cert> option.
227 =item B<-build_chain>
232 =item B<-serverinfo> I<val>
240 =item B<-key> I<filename>|I<uri>
245 =item B<-key2> I<filename>|I<uri>
247 The private Key file to use for servername if not given via B<-cert2>.
249 =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
252 See L<openssl-format-options(1)> for details.
254 =item B<-pass> I<val>
258 see L<openssl-passphrase-options(1)>.
260 =item B<-dcert> I<infile>, B<-dkey> I<filename>|I<uri>
263 same manner as the B<-cert> and B<-key> options except there is no default
271 =item B<-dcert_chain>
274 server certificate chain when a certificate specified via the B<-dcert> option
278 =item B<-dcertform> B<DER>|B<PEM>|B<P12>
281 See L<openssl-format-options(1)> for details.
283 =item B<-dkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
286 See L<openssl-format-options(1)> for details.
288 =item B<-dpass> I<val>
292 see L<openssl-passphrase-options(1)>.
294 =item B<-nbio_test>
298 =item B<-crlf>
302 =item B<-debug>
306 =item B<-security_debug>
308 Print output from SSL/TLS security framework.
310 =item B<-security_debug_verbose>
312 Print more output from SSL/TLS security framework
314 =item B<-msg>
318 =item B<-msgfile> I<outfile>
320 File to send output of B<-msg> or B<-trace> to, default standard output.
322 =item B<-state>
324 Prints the SSL session states.
326 =item B<-CRL> I<infile>
330 =item B<-CRLform> B<DER>|B<PEM>
333 See L<openssl-format-options(1)> for details.
335 =item B<-crl_download>
339 =item B<-verifyCAfile> I<filename>
344 =item B<-verifyCApath> I<dir>
349 see L<openssl-verify(1)> for more information.
351 =item B<-verifyCAstore> I<uri>
356 =item B<-chainCAfile> I<file>
361 =item B<-chainCApath> I<dir>
366 see L<openssl-verify(1)> for more information.
368 =item B<-chainCAstore> I<uri>
373 With URIs in the C<file:> scheme, this acts as B<-chainCAfile> or
374 B<-chainCApath>, depending on if the URI indicates a directory or a
376 See L<ossl_store-file(7)> for more information on the C<file:> scheme.
378 =item B<-nocert>
384 =item B<-quiet>
388 =item B<-no_resume_ephemeral>
392 =item B<-tlsextdebug>
396 =item B<-www>
403 The B<-early_data> option cannot be used with this option.
405 =item B<-WWW>, B<-HTTP>
410 If the B<-HTTP> flag is used, the files are sent directly, and should contain
412 If the B<-WWW> option is used,
414 examined to determine the B<Content-Type> header.
418 information like the B<-www> option.
419 Neither of these options can be used in conjunction with B<-early_data>.
421 =item B<-http_server_binmode>
423 When acting as web-server (using option B<-WWW> or B<-HTTP>) open files requested
426 =item B<-no_ca_names>
432 =item B<-ignore_unexpected_eof>
441 =item B<-servername>
445 =item B<-servername_fatal>
449 =item B<-id_prefix> I<val>
451 Generate SSL/TLS session IDs prefixed by I<val>. This is mostly useful
452 for testing any SSL/TLS code (e.g. proxies) that wish to deal with multiple
456 =item B<-keymatexport>
460 =item B<-keymatexportlen>
464 =item B<-no_cache>
468 =item B<-ext_cache>.
472 =item B<-verify_return_error>
478 =item B<-verify_quiet>
482 =item B<-ign_eof>
484 Ignore input EOF (default: when B<-quiet>).
486 =item B<-no_ign_eof>
490 =item B<-no_etm>
492 Disable Encrypt-then-MAC negotiation.
494 =item B<-status>
498 =item B<-status_verbose>
503 =item B<-status_timeout> I<int>
507 =item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>
509 The HTTP(S) proxy server to use for reaching the OCSP server unless B<-no_proxy>
517 =item B<-no_proxy> I<addresses>
524 =item B<-status_url> I<val>
532 =item B<-status_file> I<infile>
537 =item B<-ssl_config> I<val>
541 =item B<-trace>
543 Show verbose trace output of protocol messages.
545 =item B<-brief>
550 =item B<-rev>
552 Simple echo server that sends back received text reversed. Also sets B<-brief>.
553 Cannot be used in conjunction with B<-early_data>.
555 =item B<-async>
559 is also used via the B<-engine> option. For test purposes the dummy async engine
562 =item B<-max_send_frag> I<+int>
567 =item B<-split_send_frag> I<+int>
576 =item B<-max_pipelines> I<+int>
583 =item B<-naccept> I<+int>
588 =item B<-read_buf> I<+int>
595 =item B<-bugs>
597 There are several known bugs in SSL and TLS implementations. Adding this
600 =item B<-no_comp>
606 =item B<-comp>
608 Enable negotiation of TLS compression.
613 =item B<-no_ticket>
616 is negotiated. See B<-num_tickets>.
618 =item B<-num_tickets>
624 =item B<-serverpref>
628 =item B<-prioritize_chacha>
630 Prioritize ChaCha ciphers when preferred by clients. Requires B<-serverpref>.
632 =item B<-no_resumption_on_reneg>
636 =item B<-client_sigalgs> I<val>
639 (colon-separated list).
641 =item B<-named_curve> I<val>
646     $ openssl ecparam -list_curves
648 =item B<-cipher> I<val>
655 L<openssl-ciphers(1)> for more information.
657 =item B<-ciphersuites> I<val>
664 L<openssl-ciphers(1)> command for more information. The format for this list is
667 =item B<-dhparam> I<infile>
675 =item B<-nbio>
679 =item B<-timeout>
681 Enable timeouts.
683 =item B<-mtu>
685 Set link-layer MTU.
687 =item B<-psk_identity> I<val>
693 =item B<-psk_hint> I<val>
697 =item B<-psk> I<val>
700 given as a hexadecimal number without leading 0x, for example -psk
704 =item B<-psk_session> I<file>
709 =item B<-srpvfile>
714 =item B<-srpuserseed>
719 =item B<-listen>
730 =item B<-sctp>
733 conjunction with B<-dtls>, B<-dtls1> or B<-dtls1_2>. This option is only
736 =item B<-sctp_label_bug>
739 endpoint-pair shared secrets for DTLS/SCTP. This allows communication with
741 implementations. Must be used in conjunction with B<-sctp>. This option is only
744 =item B<-use_srtp>
746 Offer SRTP key management with a colon-separated profile list.
748 =item B<-no_dhe>
753 =item B<-alpn> I<val>, B<-nextprotoneg> I<val>
755 These flags enable the Application-Layer Protocol Negotiation
758 The I<val> list is a comma-separated list of supported protocol
762 The flag B<-nextprotoneg> cannot be specified if B<-tls1_3> is used.
764 =item B<-sendfile>
768 This option is only valid if B<-WWW> or B<-HTTP> is specified.
770 =item B<-keylogfile> I<outfile>
775 =item B<-max_early_data> I<int>
778 and any incoming early data (when used in conjunction with the B<-early_data>
782 =item B<-recv_max_early_data> I<int>
787 =item B<-early_data>
789 Accept early data where possible. Cannot be used in conjunction with B<-www>,
790 B<-WWW>, B<-HTTP> or B<-rev>.
792 =item B<-stateless>
796 =item B<-anti_replay>, B<-no_anti_replay>
805 {- $OpenSSL::safe::opt_name_item -}
807 {- $OpenSSL::safe::opt_version_item -}
809 {- $OpenSSL::safe::opt_s_item -}
811 {- $OpenSSL::safe::opt_x_item -}
813 {- $OpenSSL::safe::opt_trust_item -}
815 {- $OpenSSL::safe::opt_r_item -}
817 {- $OpenSSL::safe::opt_engine_item -}
819 {- $OpenSSL::safe::opt_provider_item -}
821 {- $OpenSSL::safe::opt_v_item -}
825 proceed unless the B<-verify_return_error> option is used.
831 If a connection request is established with an SSL client and neither the
832 B<-www> nor the B<-WWW> option has been used then normally any data received
843 End the current SSL connection but still accept new connections.
847 End the current SSL connection and exit.
851 Renegotiate the SSL session (TLSv1.2 and below only).
855 Renegotiate the SSL session and request a client certificate (TLSv1.2 and below
883 This command can be used to debug SSL clients. To accept connections
886  openssl s_server -accept 443 -www
891 is strictly speaking a protocol violation, some SSL clients interpret this to
894 The session parameters can printed out using the L<openssl-sess_id(1)> command.
901 A typical SSL server program would be much simpler.
912 L<openssl-sess_id(1)>,
913 L<openssl-s_client(1)>,
914 L<openssl-ciphers(1)>,
919 L<ossl_store-file(7)>
923 The -no_alt_chains option was added in OpenSSL 1.1.0.
926 -allow-no-dhe-kex and -prioritize_chacha options were added in OpenSSL 1.1.1.
928 The B<-srpvfile>, B<-srpuserseed>, and B<-engine>
933 Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.