6 s_server - SSL/TLS server program
10 B<openssl> B<s_server>
19 [B<-certform DER|PEM>]
24 [B<-dcertform DER|PEM>]
26 [B<-dkeyform DER|PEM>]
28 [B<-dhparam filename>]
35 [B<-CApath directory>]
39 [B<-cipher cipherlist>]
63 [B<-auth_require_reneg>]
64 [B<-no_resumption_on_reneg>]
67 The B<s_server> command implements a generic SSL/TLS server which listens
68 for connections on a given port using SSL/TLS.
72 In addition to the options below the B<s_server> utility also supports the
73 common and server only options documented in the
74 L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)/SUPPORTED COMMAND LINE COMMANDS> manual
81 the TCP port to listen on for connections. If not specified 4433 is used.
83 =item B<-naccept count>
85 The server will exit after receiving B<number> connections, default unlimited.
89 sets the SSL context id. It can be given any string value. If this option
90 is not present a default value will be used.
92 =item B<-cert certname>
94 The certificate to use, most servers cipher suites require the use of a
95 certificate and some require a certificate with a certain public key type:
96 for example the DSS cipher suites require a certificate containing a DSS
97 (DSA) key. If not specified then the filename "server.pem" will be used.
99 =item B<-certform format>
101 The certificate format to use: DER or PEM. PEM is the default.
103 =item B<-key keyfile>
105 The private key to use. If not specified then the certificate file will
108 =item B<-keyform format>
110 The private format to use: DER or PEM. PEM is the default.
114 the private key password source. For more information about the format of B<arg>
115 see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
117 =item B<-dcert filename>, B<-dkey keyname>
119 specify an additional certificate and private key, these behave in the
120 same manner as the B<-cert> and B<-key> options except there is no default
121 if they are not specified (no additional certificate and key is used). As
122 noted above some cipher suites require a certificate containing a key of
123 a certain type. Some cipher suites need a certificate carrying an RSA key
124 and some a DSS (DSA) key. By using RSA and DSS certificates and keys
125 a server can support clients which only support RSA or DSS cipher suites
126 by using an appropriate certificate.
128 =item B<-dcertform format>, B<-dkeyform format>, B<-dpass arg>
130 additional certificate and private key format and passphrase respectively.
134 if this option is set then no certificate is used. This restricts the
135 cipher suites available to the anonymous ones (currently just anonymous
138 =item B<-dhparam filename>
140 the DH parameter file to use. The ephemeral DH cipher suites generate keys
141 using a set of DH parameters. If not specified then an attempt is made to
142 load the parameters from the server certificate file. If this fails then
143 a static set of parameters hard coded into the s_server program will be used.
147 if this option is set then no DH parameters will be loaded effectively
148 disabling the ephemeral DH cipher suites.
152 if this option is set then no ECDH parameters will be loaded effectively
153 disabling the ephemeral ECDH cipher suites.
157 certain export cipher suites sometimes use a temporary RSA key, this option
158 disables temporary RSA key generation.
160 =item B<-verify depth>, B<-Verify depth>
162 The verify depth to use. This specifies the maximum length of the
163 client certificate chain and makes the server request a certificate from
164 the client. With the B<-verify> option a certificate is requested but the
165 client does not have to send one, with the B<-Verify> option the client
166 must supply a certificate or an error occurs.
168 =item B<-crl_check>, B<-crl_check_all>
170 Check the peer certificate has not been revoked by its CA.
171 The CRL(s) are appended to the certificate file. With the B<-crl_check_all>
172 option all CRLs of all CAs in the chain are checked.
174 =item B<-CApath directory>
176 The directory to use for client certificate verification. This directory
177 must be in "hash format", see B<verify> for more information. These are
178 also used when building the server certificate chain.
180 =item B<-CAfile file>
182 A file containing trusted certificates to use during client authentication
183 and to use when attempting to build the server certificate chain. The list
184 is also used in the list of acceptable client CAs passed to the client when
185 a certificate is requested.
187 =item B<-trusted_first>
189 Set certificate verification option.
190 See the L<B<verify>|verify(1)> manual page for details.
194 prints out the SSL session states.
198 print extensive debugging information including a hex dump of all traffic.
202 show all protocol messages with hex dump.
206 show verbose trace output of protocol messages. OpenSSL needs to be compiled
207 with B<enable-ssl-trace> for this option to work.
211 file to send output of B<-msg> or B<-trace> to, default standard output.
215 tests non blocking I/O
219 turns on non blocking I/O
223 this option translated a line feed from the terminal into CR+LF.
227 inhibit printing of session and certificate information.
229 =item B<-psk_hint hint>
231 Use the PSK identity hint B<hint> when using a PSK cipher suite.
235 Use the PSK key B<key> when using a PSK cipher suite. The key is
236 given as a hexadecimal number without leading 0x, for example -psk
239 =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
241 these options disable the use of certain SSL or TLS protocols. By default
242 the initial handshake uses a method which should be compatible with all
243 servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
247 there are several known bug in SSL and TLS implementations. Adding this
248 option enables various workarounds.
252 only provide a brief summary of connection parameters instead of the
253 normal verbose output.
257 this option enables a further workaround for some some early Netscape
260 =item B<-cipher cipherlist>
262 this allows the cipher list used by the server to be modified. When
263 the client sends a list of supported ciphers the first client cipher
264 also included in the server list is used. Because the client specifies
265 the preference order, the order of the server cipherlist irrelevant. See
266 the B<ciphers> command for more information.
268 =item B<-tlsextdebug>
270 print out a hex dump of any TLS extensions received from the server.
274 disable RFC4507bis session ticket support.
278 sends a status message back to the client when it connects. This includes
279 lots of information about the ciphers used and various session parameters.
280 The output is in HTML format so this option will normally be used with a
285 emulates a simple web server. Pages will be resolved relative to the
286 current directory, for example if the URL https://myhost/page.html is
287 requested the file ./page.html will be loaded.
291 emulates a simple web server. Pages will be resolved relative to the
292 current directory, for example if the URL https://myhost/page.html is
293 requested the file ./page.html will be loaded. The files loaded are
294 assumed to contain a complete and correct HTTP response (lines that
295 are part of the HTTP response line and headers must end with CRLF).
299 simple test server which just reverses the text received from the client
300 and sends it back to the server. Also sets B<-brief>.
304 specifying an engine (by its unique B<id> string) will cause B<s_server>
305 to attempt to obtain a functional reference to the specified engine,
306 thus initialising it if needed. The engine will then be set as the default
307 for all available algorithms.
309 =item B<-id_prefix arg>
311 generate SSL/TLS session IDs prefixed by B<arg>. This is mostly useful
312 for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple
313 servers, when each of which might be generating a unique range of session
314 IDs (eg. with a certain prefix).
316 =item B<-rand file(s)>
318 a file or files containing random data used to seed the random number
319 generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
320 Multiple files can be specified separated by a OS-dependent character.
321 The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
324 =item B<-serverinfo file>
326 a file containing one or more blocks of PEM data. Each PEM block
327 must encode a TLS ServerHello extension (2 bytes type, 2 bytes length,
328 followed by "length" bytes of extension data). If the client sends
329 an empty TLS ClientHello extension matching the type, the corresponding
330 ServerHello extension will be returned.
334 send RFC 5878 client and server authorization extensions in the Client Hello as well as
335 supplemental data if the server also sent the authorization extensions in the Server Hello.
337 =item B<-auth_require_reneg>
339 only send RFC 5878 client and server authorization extensions during renegotiation.
341 =item B<-no_resumption_on_reneg>
343 set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Required in order to receive supplemental data
344 during renegotiation if auth and auth_require_reneg are set.
348 =head1 CONNECTED COMMANDS
350 If a connection request is established with an SSL client and neither the
351 B<-www> nor the B<-WWW> option has been used then normally any data received
352 from the client is displayed and any key presses will be sent to the client.
354 Certain single letter commands are also recognized which perform special
355 operations: these are listed below.
361 end the current SSL connection but still accept new connections.
365 end the current SSL connection and exit.
369 renegotiate the SSL session.
373 renegotiate the SSL session and request a client certificate.
377 send some plain text down the underlying TCP connection: this should
378 cause the client to disconnect due to a protocol violation.
382 print out some session cache status information.
388 B<s_server> can be used to debug SSL clients. To accept connections from
389 a web browser the command:
391 openssl s_server -accept 443 -www
393 can be used for example.
395 Most web browsers (in particular Netscape and MSIE) only support RSA cipher
396 suites, so they cannot connect to servers which don't use a certificate
397 carrying an RSA key or a version of OpenSSL with RSA disabled.
399 Although specifying an empty list of CAs when requesting a client certificate
400 is strictly speaking a protocol violation, some SSL clients interpret this to
401 mean any CA is acceptable. This is useful for debugging purposes.
403 The session parameters can printed out using the B<sess_id> program.
407 Because this program has a lot of options and also because some of
408 the techniques used are rather old, the C source of s_server is rather
409 hard to read and not a model of how things should be done. A typical
410 SSL server program would be much simpler.
412 The output of common ciphers is wrong: it just gives the list of ciphers that
413 OpenSSL recognizes and the client supports.
415 There should be a way for the B<s_server> program to print out details of any
416 unknown cipher suites a client says it supports.
420 L<sess_id(1)|sess_id(1)>, L<s_client(1)|s_client(1)>, L<ciphers(1)|ciphers(1)>