1S_SERVER(1) OpenSSL S_SERVER(1)
2
6 s_server - SSL/TLS server program
7
9 openssl s_server [-accept port] [-context id] [-verify depth] [-Verify
10 depth] [-crl_check] [-crl_check_all] [-cert filename] [-certform
11 DER|PEM] [-key keyfile] [-keyform DER|PEM] [-pass arg] [-dcert
12 filename] [-dcertform DER|PEM] [-dkey keyfile] [-dkeyform DER|PEM]
13 [-dpass arg] [-dhparam filename] [-nbio] [-nbio_test] [-crlf] [-debug]
14 [-msg] [-state] [-CApath directory] [-CAfile filename] [-trusted_first]
15 [-krb5svc service] [-keytab filename] [-nocert] [-cipher cipherlist]
16 [-quiet] [-no_tmp_rsa] [-ssl2] [-ssl3] [-tls1] [-tls1_1] [-tls1_2]
17 [-dtls1] [-no_ssl2] [-no_ssl3] [-no_tls1] [-no_tls1_1] [-no_tls1_2]
18 [-no_dhe] [-no_ecdhe] [-bugs] [-hack] [-www] [-WWW] [-HTTP] [-engine
19 id] [-tlsextdebug] [-no_ticket] [-id_prefix arg] [-rand file(s)]
20 [-nextprotoneg protocols]
21
23 The s_server command implements a generic SSL/TLS server which listens
24 for connections on a given port using SSL/TLS.
25
27 -accept port
28 the TCP port to listen on for connections. If not specified 4433 is
29 used.
30 -context id
32 sets the SSL context id. It can be given any string value. If this
33 option is not present a default value will be used.
34 -cert certname
36 The certificate to use, most servers cipher suites require the use
37 of a certificate and some require a certificate with a certain
38 public key type: for example the DSS cipher suites require a
39 certificate containing a DSS (DSA) key. If not specified then the
40 filename "server.pem" will be used.
41 -certform format
43 The certificate format to use: DER or PEM. PEM is the default.
44 -key keyfile
46 The private key to use. If not specified then the certificate file
47 will be used.
48 -keyform format
50 The private format to use: DER or PEM. PEM is the default.
51 -pass arg
53 the private key password source. For more information about the
54 format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).
55 -dcert filename, -dkey keyname
57 specify an additional certificate and private key, these behave in
58 the same manner as the -cert and -key options except there is no
59 default if they are not specified (no additional certificate and
60 key is used). As noted above some cipher suites require a
61 certificate containing a key of a certain type. Some cipher suites
62 need a certificate carrying an RSA key and some a DSS (DSA) key. By
63 using RSA and DSS certificates and keys a server can support
64 clients which only support RSA or DSS cipher suites by using an
65 appropriate certificate.
66 -dcertform format, -dkeyform format, -dpass arg
68 addtional certificate and private key format and passphrase
69 respectively.
70 -nocert
72 if this option is set then no certificate is used. This restricts
73 the cipher suites available to the anonymous ones (currently just
74 anonymous DH).
75 -dhparam filename
77 the DH parameter file to use. The ephemeral DH cipher suites
78 generate keys using a set of DH parameters. If not specified then
79 an attempt is made to load the parameters from the server
80 certificate file. If this fails then a static set of parameters
81 hard coded into the s_server program will be used.
82 -no_dhe
84 if this option is set then no DH parameters will be loaded
85 effectively disabling the ephemeral DH cipher suites.
86 -no_ecdhe
88 if this option is set then ephemeral ECDH cipher suites will be
89 disabled.
90 -no_tmp_rsa
92 certain export cipher suites sometimes use a temporary RSA key,
93 this option disables temporary RSA key generation.
94 -verify depth, -Verify depth
96 The verify depth to use. This specifies the maximum length of the
97 client certificate chain and makes the server request a certificate
98 from the client. With the -verify option a certificate is requested
99 but the client does not have to send one, with the -Verify option
100 the client must supply a certificate or an error occurs.
101 -crl_check, -crl_check_all
103 Check the peer certificate has not been revoked by its CA. The
104 CRL(s) are appended to the certificate file. With the
105 -crl_check_all option all CRLs of all CAs in the chain are checked.
106 -CApath directory
108 The directory to use for client certificate verification. This
109 directory must be in "hash format", see verify for more
110 information. These are also used when building the server
111 certificate chain.
112 -CAfile file
114 A file containing trusted certificates to use during client
115 authentication and to use when attempting to build the server
116 certificate chain. The list is also used in the list of acceptable
117 client CAs passed to the client when a certificate is requested.
118 -trusted_first
120 Use certificates in CA file or CA directory before other
121 certificates when building the trust chain to verify client
122 certificates. This is mainly useful in environments with Bridge CA
123 or Cross-Certified CAs.
124 -krb5svc service
126 the Kerberos service name to use (default "host"). This means
127 s_server will expect a ticket for the principal
128 service/hostname@REALM, and will need keys for that principal in
129 its keytab.
130 -keytab filename
132 the Kerberos "keytab" (key table) file, containing keys for the
133 s_server service principal (Kerberos identity; see -krb5svc).
134 -state
136 prints out the SSL session states.
137 -debug
139 print extensive debugging information including a hex dump of all
140 traffic.
141 -msg
143 show all protocol messages with hex dump.
144 -nbio_test
146 tests non blocking I/O
147 -nbio
149 turns on non blocking I/O
150 -crlf
152 this option translated a line feed from the terminal into CR+LF.
153 -quiet
155 inhibit printing of session and certificate information.
156 -psk_hint hint
158 Use the PSK identity hint hint when using a PSK cipher suite.
159 -psk key
161 Use the PSK key key when using a PSK cipher suite. The key is given
162 as a hexadecimal number without leading 0x, for example -psk
163 1a2b3c4d.
164 -ssl2, -ssl3, -tls1, -tls1_1, -tls1_2, -dtls1, -no_ssl2, -no_ssl3,
166 -no_tls1, -no_tls1_1, -no_tls1_2
167 these options disable the use of certain SSL or TLS protocols. By
168 default the initial handshake uses a method which should be
169 compatible with all servers and permit them to use SSL v3, SSL v2
170 or TLS as appropriate.
171 -bugs
173 there are several known bug in SSL and TLS implementations. Adding
174 this option enables various workarounds.
175 -hack
177 this option enables a further workaround for some some early
178 Netscape SSL code (?).
179 -cipher cipherlist
181 this allows the cipher list used by the server to be modified.
182 When the client sends a list of supported ciphers the first client
183 cipher also included in the server list is used. Because the client
184 specifies the preference order, the order of the server cipherlist
185 irrelevant. See the ciphers command for more information.
186 -tlsextdebug
188 print out a hex dump of any TLS extensions received from the
189 server.
190 -no_ticket
192 disable RFC4507bis session ticket support.
193 -www
195 sends a status message back to the client when it connects. This
196 includes lots of information about the ciphers used and various
197 session parameters. The output is in HTML format so this option
198 will normally be used with a web browser.
199 -WWW
201 emulates a simple web server. Pages will be resolved relative to
202 the current directory, for example if the URL
203 https://myhost/page.html is requested the file ./page.html will be
204 loaded.
205 -HTTP
207 emulates a simple web server. Pages will be resolved relative to
208 the current directory, for example if the URL
209 https://myhost/page.html is requested the file ./page.html will be
210 loaded. The files loaded are assumed to contain a complete and
211 correct HTTP response (lines that are part of the HTTP response
212 line and headers must end with CRLF).
213 -engine id
215 specifying an engine (by its unique id string) will cause s_server
216 to attempt to obtain a functional reference to the specified
217 engine, thus initialising it if needed. The engine will then be set
218 as the default for all available algorithms.
219 -id_prefix arg
221 generate SSL/TLS session IDs prefixed by arg. This is mostly useful
222 for testing any SSL/TLS code (eg. proxies) that wish to deal with
223 multiple servers, when each of which might be generating a unique
224 range of session IDs (eg. with a certain prefix).
225 -rand file(s)
227 a file or files containing random data used to seed the random
228 number generator, or an EGD socket (see RAND_egd(3)). Multiple
229 files can be specified separated by a OS-dependent character. The
230 separator is ; for MS-Windows, , for OpenVMS, and : for all others.
231 -nextprotoneg protocols
233 enable Next Protocol Negotiation TLS extension and provide a comma-
234 separated list of supported protocol names. The list should
235 contain most wanted protocols first. Protocol names are printable
236 ASCII strings, for example "http/1.1" or "spdy/3".
237
239 If a connection request is established with an SSL client and neither
240 the -www nor the -WWW option has been used then normally any data
241 received from the client is displayed and any key presses will be sent
242 to the client.
243 Certain single letter commands are also recognized which perform
245 special operations: these are listed below.
246 q end the current SSL connection but still accept new connections.
248 Q end the current SSL connection and exit.
250 r renegotiate the SSL session.
252 R renegotiate the SSL session and request a client certificate.
254 P send some plain text down the underlying TCP connection: this
256 should cause the client to disconnect due to a protocol violation.
257 S print out some session cache status information.
259
261 s_server can be used to debug SSL clients. To accept connections from a
262 web browser the command:
263 openssl s_server -accept 443 -www
265 can be used for example.
267 Most web browsers (in particular Netscape and MSIE) only support RSA
269 cipher suites, so they cannot connect to servers which don't use a
270 certificate carrying an RSA key or a version of OpenSSL with RSA
271 disabled.
272 Although specifying an empty list of CAs when requesting a client
274 certificate is strictly speaking a protocol violation, some SSL clients
275 interpret this to mean any CA is acceptable. This is useful for
276 debugging purposes.
277 The session parameters can printed out using the sess_id program.
279
281 Because this program has a lot of options and also because some of the
282 techniques used are rather old, the C source of s_server is rather hard
283 to read and not a model of how things should be done. A typical SSL
284 server program would be much simpler.
285 The output of common ciphers is wrong: it just gives the list of
287 ciphers that OpenSSL recognizes and the client supports.
288 There should be a way for the s_server program to print out details of
290 any unknown cipher suites a client says it supports.
291
293 sess_id(1), s_client(1), ciphers(1)
2941.0.1e 2017-03-22 S_SERVER(1)