1S_SERVER(1) OpenSSL S_SERVER(1)
2
6 s_server - SSL/TLS server program
7
9 openssl s_server [-accept port] [-context id] [-verify depth] [-Verify
10 depth] [-crl_check] [-crl_check_all] [-cert filename] [-certform
11 DER|PEM] [-key keyfile] [-keyform DER|PEM] [-pass arg] [-dcert
12 filename] [-dcertform DER|PEM] [-dkey keyfile] [-dkeyform DER|PEM]
13 [-dpass arg] [-dhparam filename] [-nbio] [-nbio_test] [-crlf] [-debug]
14 [-msg] [-state] [-CApath directory] [-CAfile filename] [-trusted_first]
15 [-no_alt_chains] [-nocert] [-cipher cipherlist] [-serverpref] [-krb5svc
16 service] [-keytab filename] [-quiet] [-no_tmp_rsa] [-ssl3] [-tls1]
17 [-tls1_1] [-tls1_2] [-no_ssl3] [-no_tls1] [-no_dhe] [-bugs] [-hack]
18 [-www] [-WWW] [-HTTP] [-engine id] [-tlsextdebug] [-no_ticket]
19 [-id_prefix arg] [-rand file(s)] [-serverinfo file]
20 [-no_resumption_on_reneg] [-status] [-status_verbose] [-status_timeout
21 nsec] [-status_url url] [-alpn protocols] [-nextprotoneg protocols]
22
24 The s_server command implements a generic SSL/TLS server which listens
25 for connections on a given port using SSL/TLS.
26
28 -accept port
29 the TCP port to listen on for connections. If not specified 4433 is
30 used.
31 -context id
33 sets the SSL context id. It can be given any string value. If this
34 option is not present a default value will be used.
35 -cert certname
37 The certificate to use, most servers cipher suites require the use
38 of a certificate and some require a certificate with a certain
39 public key type: for example the DSS cipher suites require a
40 certificate containing a DSS (DSA) key. If not specified then the
41 filename "server.pem" will be used.
42 -certform format
44 The certificate format to use: DER or PEM. PEM is the default.
45 -key keyfile
47 The private key to use. If not specified then the certificate file
48 will be used.
49 -keyform format
51 The private format to use: DER or PEM. PEM is the default.
52 -pass arg
54 the private key password source. For more information about the
55 format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).
56 -dcert filename, -dkey keyname
58 specify an additional certificate and private key, these behave in
59 the same manner as the -cert and -key options except there is no
60 default if they are not specified (no additional certificate and
61 key is used). As noted above some cipher suites require a
62 certificate containing a key of a certain type. Some cipher suites
63 need a certificate carrying an RSA key and some a DSS (DSA) key. By
64 using RSA and DSS certificates and keys a server can support
65 clients which only support RSA or DSS cipher suites by using an
66 appropriate certificate.
67 -dcertform format, -dkeyform format, -dpass arg
69 additional certificate and private key format and passphrase
70 respectively.
71 -nocert
73 if this option is set then no certificate is used. This restricts
74 the cipher suites available to the anonymous ones (currently just
75 anonymous DH).
76 -dhparam filename
78 the DH parameter file to use. The ephemeral DH cipher suites
79 generate keys using a set of DH parameters. If not specified then
80 an attempt is made to load the parameters from the server
81 certificate file. If this fails then a static set of parameters
82 hard coded into the s_server program will be used.
83 -no_dhe
85 if this option is set then no DH parameters will be loaded
86 effectively disabling the ephemeral DH cipher suites.
87 -no_tmp_rsa
89 certain export cipher suites sometimes use a temporary RSA key,
90 this option disables temporary RSA key generation.
91 -verify depth, -Verify depth
93 The verify depth to use. This specifies the maximum length of the
94 client certificate chain and makes the server request a certificate
95 from the client. With the -verify option a certificate is requested
96 but the client does not have to send one, with the -Verify option
97 the client must supply a certificate or an error occurs.
98 If the ciphersuite cannot request a client certificate (for example
100 an anonymous ciphersuite or PSK) this option has no effect.
101 -crl_check, -crl_check_all
103 Check the peer certificate has not been revoked by its CA. The
104 CRL(s) are appended to the certificate file. With the
105 -crl_check_all option all CRLs of all CAs in the chain are checked.
106 -CApath directory
108 The directory to use for client certificate verification. This
109 directory must be in "hash format", see verify for more
110 information. These are also used when building the server
111 certificate chain.
112 -CAfile file
114 A file containing trusted certificates to use during client
115 authentication and to use when attempting to build the server
116 certificate chain. The list is also used in the list of acceptable
117 client CAs passed to the client when a certificate is requested.
118 -trusted_first
120 Use certificates in CA file or CA directory before other
121 certificates when building the trust chain to verify client
122 certificates. This is mainly useful in environments with Bridge CA
123 or Cross-Certified CAs.
124 -no_alt_chains
126 See the verify manual page for details.
127 -state
129 prints out the SSL session states.
130 -debug
132 print extensive debugging information including a hex dump of all
133 traffic.
134 -msg
136 show all protocol messages with hex dump.
137 -nbio_test
139 tests non blocking I/O
140 -nbio
142 turns on non blocking I/O
143 -crlf
145 this option translated a line feed from the terminal into CR+LF.
146 -quiet
148 inhibit printing of session and certificate information.
149 -psk_hint hint
151 Use the PSK identity hint hint when using a PSK cipher suite.
152 -psk key
154 Use the PSK key key when using a PSK cipher suite. The key is given
155 as a hexadecimal number without leading 0x, for example -psk
156 1a2b3c4d.
157 -ssl3, -tls1, -tls1_1, -tls1_2, -dtls1, -no_ssl3, -no_tls1, -no_tls1_1,
159 -no_tls1_2
160 These options require or disable the use of the specified SSL or
161 TLS protocols. By default the initial handshake uses a version-
162 flexible method which will negotiate the highest mutually supported
163 protocol version.
164 -bugs
166 there are several known bug in SSL and TLS implementations. Adding
167 this option enables various workarounds.
168 -hack
170 this option enables a further workaround for some some early
171 Netscape SSL code (?).
172 -cipher cipherlist
174 this allows the cipher list used by the server to be modified.
175 When the client sends a list of supported ciphers the first client
176 cipher also included in the server list is used. Because the client
177 specifies the preference order, the order of the server cipherlist
178 irrelevant. See the ciphers command for more information.
179 -serverpref
181 use the server's cipher preferences, rather than the client's
182 preferences.
183 -krb5svc service
185 the Kerberos service name to use (default "host"). This means
186 s_server will expect a ticket for the principal
187 service/hostname@REALM, and will need keys for that principal in
188 its keytab.
189 -keytab filename
191 the Kerberos "keytab" (key table) file, containing keys for the
192 s_server service principal (Kerberos identity; see -krb5svc).
193 -tlsextdebug
195 print out a hex dump of any TLS extensions received from the
196 server.
197 -no_ticket
199 disable RFC4507bis session ticket support.
200 -www
202 sends a status message back to the client when it connects. This
203 includes lots of information about the ciphers used and various
204 session parameters. The output is in HTML format so this option
205 will normally be used with a web browser.
206 -WWW
208 emulates a simple web server. Pages will be resolved relative to
209 the current directory, for example if the URL
210 https://myhost/page.html is requested the file ./page.html will be
211 loaded.
212 -HTTP
214 emulates a simple web server. Pages will be resolved relative to
215 the current directory, for example if the URL
216 https://myhost/page.html is requested the file ./page.html will be
217 loaded. The files loaded are assumed to contain a complete and
218 correct HTTP response (lines that are part of the HTTP response
219 line and headers must end with CRLF).
220 -engine id
222 specifying an engine (by its unique id string) will cause s_server
223 to attempt to obtain a functional reference to the specified
224 engine, thus initialising it if needed. The engine will then be set
225 as the default for all available algorithms.
226 -id_prefix arg
228 generate SSL/TLS session IDs prefixed by arg. This is mostly useful
229 for testing any SSL/TLS code (eg. proxies) that wish to deal with
230 multiple servers, when each of which might be generating a unique
231 range of session IDs (eg. with a certain prefix).
232 -rand file(s)
234 a file or files containing random data used to seed the random
235 number generator, or an EGD socket (see RAND_egd(3)). Multiple
236 files can be specified separated by a OS-dependent character. The
237 separator is ; for MS-Windows, , for OpenVMS, and : for all others.
238 -serverinfo file
240 a file containing one or more blocks of PEM data. Each PEM block
241 must encode a TLS ServerHello extension (2 bytes type, 2 bytes
242 length, followed by "length" bytes of extension data). If the
243 client sends an empty TLS ClientHello extension matching the type,
244 the corresponding ServerHello extension will be returned.
245 -no_resumption_on_reneg
247 set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag.
248 -status
250 enables certificate status request support (aka OCSP stapling).
251 -status_verbose
253 enables certificate status request support (aka OCSP stapling) and
254 gives a verbose printout of the OCSP response.
255 -status_timeout nsec
257 sets the timeout for OCSP response to nsec seconds.
258 -status_url url
260 sets a fallback responder URL to use if no responder URL is present
261 in the server certificate. Without this option an error is returned
262 if the server certificate does not contain a responder address.
263 -alpn protocols, -nextprotoneg protocols
265 these flags enable the Enable the Application-Layer Protocol
266 Negotiation or Next Protocol Negotiation extension, respectively.
267 ALPN is the IETF standard and replaces NPN. The protocols list is
268 a comma-separated list of supported protocol names. The list
269 should contain most wanted protocols first. Protocol names are
270 printable ASCII strings, for example "http/1.1" or "spdy/3".
271
273 If a connection request is established with an SSL client and neither
274 the -www nor the -WWW option has been used then normally any data
275 received from the client is displayed and any key presses will be sent
276 to the client.
277 Certain single letter commands are also recognized which perform
279 special operations: these are listed below.
280 q end the current SSL connection but still accept new connections.
282 Q end the current SSL connection and exit.
284 r renegotiate the SSL session.
286 R renegotiate the SSL session and request a client certificate.
288 P send some plain text down the underlying TCP connection: this
290 should cause the client to disconnect due to a protocol violation.
291 S print out some session cache status information.
293
295 s_server can be used to debug SSL clients. To accept connections from a
296 web browser the command:
297 openssl s_server -accept 443 -www
299 can be used for example.
301 Most web browsers (in particular Netscape and MSIE) only support RSA
303 cipher suites, so they cannot connect to servers which don't use a
304 certificate carrying an RSA key or a version of OpenSSL with RSA
305 disabled.
306 Although specifying an empty list of CAs when requesting a client
308 certificate is strictly speaking a protocol violation, some SSL clients
309 interpret this to mean any CA is acceptable. This is useful for
310 debugging purposes.
311 The session parameters can printed out using the sess_id program.
313
315 Because this program has a lot of options and also because some of the
316 techniques used are rather old, the C source of s_server is rather hard
317 to read and not a model of how things should be done. A typical SSL
318 server program would be much simpler.
319 The output of common ciphers is wrong: it just gives the list of
321 ciphers that OpenSSL recognizes and the client supports.
322 There should be a way for the s_server program to print out details of
324 any unknown cipher suites a client says it supports.
325
327 sess_id(1), s_client(1), ciphers(1)
328
330 The -no_alt_chains options was first added to OpenSSL 1.0.2b.
3311.0.2k 2019-03-12 S_SERVER(1)