1gnutls-serv(1) General Commands Manual gnutls-serv(1)
2
3
4
6 gnutls-serv - GNU TLS test server
7
9 gnutls-serv [options]
10
12 Simple server program that listens to incoming TLS connections.
13
15 Program control options
16 -d, --debug LEVEL
17 Specify the debug level. Default is 1.
18
19 -h, --help
20 prints this help
21
22 -l, --list
23 Print a list of the supported algorithms and modes.
24
25 -q, --quiet
26 Suppress some messages.
27
28 -v, --version
29 prints the program's version number
30
31
32 Server options
33 -p, --port integer
34 The port to listen on.
35
36 --nodb Does not use the resume database.
37
38 --http Act as an HTTP Server.
39
40 --echo Act as an Echo Server.
41
42
43 TLS/SSL control options
44 --priority PRIORITY STRING
45 TLS algorithms and protocols to enable. Unless the first key‐
46 word is "NONE" the defaults are:
47
48 Protocols: TLS1.1, TLS1.0, and SSL3.0.
49
50 Compression: NULL.
51
52 Certificate types: X.509, OpenPGP.
53
54 You can also use predefined sets of ciphersuites such as:
55
56 PERFORMANCE all the "secure" ciphersuites are enabled, limited
57 to 128 bit ciphers and sorted by terms of speed performance.
58
59 NORMAL option enables all "secure" ciphersuites. The 256-bit
60 ciphers are included as a fallback only. The ciphers are sorted
61 by security margin.
62
63 SECURE128 flag enables all "secure" ciphersuites with ciphers up
64 to 128 bits, sorted by security margin.
65
66 SECURE256 flag enables all "secure" ciphersuites including the
67 256 bit ciphers, sorted by security margin.
68
69 EXPORT all the ciphersuites are enabled, including the low-secu‐
70 rity 40 bit ciphers.
71
72 NONE nothing is enabled. This disables even protocols and com‐
73 pression methods.
74
75 Special keywords:
76
77 "%UNSAFE_RENEGOTIATION" Permits (re-)handshakes even unsafe
78 ones.
79
80 "%PARTIAL_RENEGOTIATION" Prevents renegotiation with clients and
81 servers not supporting the safe renegotiation extension.
82 (default)
83
84 "%SAFE_RENEGOTIATION" will enable safe renegotiation. This is
85 the most secure and recommended option for clients. However this
86 will prevent from connecting to legacy servers.
87
88 To avoid collisions in order to specify a compression algorithm
89 in this string you have to prefix it with "COMP-", protocol ver‐
90 sions with "VERS-" and certificate types with "CTYPE-". All
91 other algorithms don't need a prefix.
92
93 Examples:
94
95 "NORMAL"
96
97 "NORMAL:%COMPAT"
98
99 "NORMAL:!AES-128-CBC"
100
101 "NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"
102
103
104 -g, --generate
105 Generate Diffie-Hellman Parameters.
106
107 --kx kx1 kx2...
108 Key exchange methods to enable (use gnutls-cli --list to show
109 the supported key exchange methods).
110
111 -p, --port integer
112 The port to connect to.
113
114
115 Certificate options
116 --pgpcertfile FILE
117 PGP Public Key (certificate) file to use.
118
119 --pgpkeyfile FILE
120 PGP Key file to use.
121
122 --pgpkeyring FILE
123 PGP Key ring file to use.
124
125 --pgptrustdb FILE
126 PGP trustdb file to use.
127
128 --srppasswd FILE
129 SRP password file to use.
130
131 --srppasswdconf FILE
132 SRP password configuration file to use.
133
134 --x509cafile FILE
135 Certificate file to use.
136
137 --x509certfile FILE
138 X.509 Certificate file to use.
139
140 --x509fmtder
141 Use DER format for certificates
142
143 --x509keyfile FILE
144 X.509 key file to use.
145
146
148 gnutls-cli(1), gnutls-cli-debug(1)
149
151 Nikos Mavroyanopoulos <nmav@gnutls.org> and others; see
152 /usr/share/doc/gnutls-bin/AUTHORS for a complete list.
153
154 This manual page was written by Ivo Timmermans <ivo@debian.org>, for
155 the Debian GNU/Linux system (but may be used by others).
156
157
158
159 December 1st 2003 gnutls-serv(1)