1gnutls-serv(1) General Commands Manual gnutls-serv(1)
2
6 gnutls-serv - GNU TLS test server
7
9 gnutls-serv [options]
10
12 Simple server program that listens to incoming TLS connections.
13
15 Program control options
16 -d, --debug LEVEL
17 Specify the debug level. Default is 1.
18 -h, --help
20 prints this help
21 -l, --list
23 Print a list of the supported algorithms and modes.
24 -q, --quiet
26 Suppress some messages.
27 -v, --version
29 prints the program's version number
30 Server options
33 -p, --port integer
34 The port to listen on.
35 --nodb Does not use the resume database.
37 --http Act as an HTTP Server.
39 --echo Act as an Echo Server.
41 TLS/SSL control options
44 --priority PRIORITY STRING
45 TLS algorithms and protocols to enable. Unless the first key‐
46 word is "NONE" the defaults are:
47 Protocols: TLS1.1, TLS1.0, and SSL3.0.
49 Compression: NULL.
51 Certificate types: X.509, OpenPGP.
53 You can also use predefined sets of ciphersuites such as:
55 PERFORMANCE all the "secure" ciphersuites are enabled, limited
57 to 128 bit ciphers and sorted by terms of speed performance.
58 NORMAL option enables all "secure" ciphersuites. The 256-bit
60 ciphers are included as a fallback only. The ciphers are sorted
61 by security margin.
62 SECURE128 flag enables all "secure" ciphersuites with ciphers up
64 to 128 bits, sorted by security margin.
65 SECURE256 flag enables all "secure" ciphersuites including the
67 256 bit ciphers, sorted by security margin.
68 EXPORT all the ciphersuites are enabled, including the low-secu‐
70 rity 40 bit ciphers.
71 NONE nothing is enabled. This disables even protocols and com‐
73 pression methods.
74 Special keywords:
76 "%UNSAFE_RENEGOTIATION" Permits (re-)handshakes even unsafe
78 ones.
79 "%PARTIAL_RENEGOTIATION" Prevents renegotiation with clients and
81 servers not supporting the safe renegotiation extension.
82 (default)
83 "%SAFE_RENEGOTIATION" will enable safe renegotiation. This is
85 the most secure and recommended option for clients. However this
86 will prevent from connecting to legacy servers.
87 To avoid collisions in order to specify a compression algorithm
89 in this string you have to prefix it with "COMP-", protocol ver‐
90 sions with "VERS-" and certificate types with "CTYPE-". All
91 other algorithms don't need a prefix.
92 Examples:
94 "NORMAL"
96 "NORMAL:%COMPAT"
98 "NORMAL:!AES-128-CBC"
100 "NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"
102 -g, --generate
105 Generate Diffie-Hellman Parameters.
106 --kx kx1 kx2...
108 Key exchange methods to enable (use gnutls-cli --list to show
109 the supported key exchange methods).
110 -p, --port integer
112 The port to connect to.
113 Certificate options
116 --pgpcertfile FILE
117 PGP Public Key (certificate) file to use.
118 --pgpkeyfile FILE
120 PGP Key file to use.
121 --pgpkeyring FILE
123 PGP Key ring file to use.
124 --pgptrustdb FILE
126 PGP trustdb file to use.
127 --srppasswd FILE
129 SRP password file to use.
130 --srppasswdconf FILE
132 SRP password configuration file to use.
133 --x509cafile FILE
135 Certificate file to use.
136 --x509certfile FILE
138 X.509 Certificate file to use.
139 --x509fmtder
141 Use DER format for certificates
142 --x509keyfile FILE
144 X.509 key file to use.
145
148 gnutls-cli(1), gnutls-cli-debug(1)
149
151 Nikos Mavroyanopoulos <nmav@gnutls.org> and others; see
152 /usr/share/doc/gnutls-bin/AUTHORS for a complete list.
153 This manual page was written by Ivo Timmermans <ivo@debian.org>, for
155 the Debian GNU/Linux system (but may be used by others).
156 December 1st 2003 gnutls-serv(1)