path: root/doc/man1/openssl-s_server.pod.in

=pod
{- OpenSSL::safe::output_do_not_edit_headers(); -}

=head1 NAME

openssl-s_server - SSL/TLS server program

=head1 SYNOPSIS

B<openssl> B<s_server>
[B<-help>]
[B<-port> I<+int>]
[B<-accept> I<val>]
[B<-unix> I<val>]
[B<-4>]
[B<-6>]
[B<-unlink>]
[B<-context> I<val>]
[B<-verify> I<int>]
[B<-Verify> I<int>]
[B<-cert> I<infile>]
[B<-cert2> I<infile>]
[B<-certform> B<DER>|B<PEM>|B<P12>]
[B<-cert_chain> I<infile>]
[B<-build_chain>]
[B<-serverinfo> I<val>]
[B<-key> I<filename>|I<uri>]
[B<-key2> I<filename>|I<uri>]
[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
[B<-pass> I<val>]
[B<-dcert> I<infile>]
[B<-dcertform> B<DER>|B<PEM>|B<P12>]
[B<-dcert_chain> I<infile>]
[B<-dkey> I<filename>|I<uri>]
[B<-dkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
[B<-dpass> I<val>]
[B<-nbio_test>]
[B<-crlf>]
[B<-debug>]
[B<-msg>]
[B<-msgfile> I<outfile>]
[B<-state>]
[B<-nocert>]
[B<-quiet>]
[B<-no_resume_ephemeral>]
[B<-www>]
[B<-WWW>]
[B<-http_server_binmode>]
[B<-no_ca_names>]
[B<-ignore_unexpected_eof>]
[B<-servername>]
[B<-servername_fatal>]
[B<-tlsextdebug>]
[B<-HTTP>]
[B<-id_prefix> I<val>]
[B<-keymatexport> I<val>]
[B<-keymatexportlen> I<+int>]
[B<-CRL> I<infile>]
[B<-CRLform> B<DER>|B<PEM>]
[B<-crl_download>]
[B<-chainCAfile> I<infile>]
[B<-chainCApath> I<dir>]
[B<-chainCAstore> I<uri>]
[B<-verifyCAfile> I<infile>]
[B<-verifyCApath> I<dir>]
[B<-verifyCAstore> I<uri>]
[B<-no_cache>]
[B<-ext_cache>]
[B<-verify_return_error>]
[B<-verify_quiet>]
[B<-ign_eof>]
[B<-no_ign_eof>]
[B<-no_etm>]
[B<-no_ems>]
[B<-status>]
[B<-status_verbose>]
[B<-status_timeout> I<int>]
[B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>]
[B<-no_proxy> I<addresses>]
[B<-status_url> I<val>]
[B<-status_file> I<infile>]
[B<-ssl_config> I<val>]
[B<-trace>]
[B<-security_debug>]
[B<-security_debug_verbose>]
[B<-brief>]
[B<-rev>]
[B<-async>]
[B<-max_send_frag> I<+int>]
[B<-split_send_frag> I<+int>]
[B<-max_pipelines> I<+int>]
[B<-naccept> I<+int>]
[B<-read_buf> I<+int>]
[B<-bugs>]
[B<-no_tx_cert_comp>]
[B<-no_rx_cert_comp>]
[B<-no_comp>]
[B<-comp>]
[B<-no_ticket>]
[B<-serverpref>]
[B<-legacy_renegotiation>]
[B<-no_renegotiation>]
[B<-no_resumption_on_reneg>]
[B<-allow_no_dhe_kex>]
[B<-prefer_no_dhe_kex>]
[B<-prioritize_chacha>]
[B<-strict>]
[B<-sigalgs> I<val>]
[B<-client_sigalgs> I<val>]
[B<-groups> I<val>]
[B<-curves> I<val>]
[B<-named_curve> I<val>]
[B<-cipher> I<val>]
[B<-ciphersuites> I<val>]
[B<-dhparam> I<infile>]
[B<-record_padding> I<val>]
[B<-debug_broken_protocol>]
[B<-nbio>]
[B<-psk_identity> I<val>]
[B<-psk_hint> I<val>]
[B<-psk> I<val>]
[B<-psk_session> I<file>]
[B<-srpvfile> I<infile>]
[B<-srpuserseed> I<val>]
[B<-timeout>]
[B<-mtu> I<+int>]
[B<-listen>]
[B<-sctp>]
[B<-sctp_label_bug>]
[B<-use_srtp> I<val>]
[B<-no_dhe>]
[B<-nextprotoneg> I<val>]
[B<-alpn> I<val>]
[B<-ktls>]
[B<-sendfile>]
[B<-zerocopy_sendfile>]
[B<-keylogfile> I<outfile>]
[B<-recv_max_early_data> I<int>]
[B<-max_early_data> I<int>]
[B<-early_data>]
[B<-stateless>]
[B<-anti_replay>]
[B<-no_anti_replay>]
[B<-num_tickets>]
[B<-tfo>]
[B<-cert_comp>]
{- $OpenSSL::safe::opt_name_synopsis -}
{- $OpenSSL::safe::opt_version_synopsis -}
{- $OpenSSL::safe::opt_v_synopsis -}
{- $OpenSSL::safe::opt_s_synopsis -}
{- $OpenSSL::safe::opt_x_synopsis -}
{- $OpenSSL::safe::opt_trust_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
[B<-enable_server_rpk>]
[B<-enable_client_rpk>]

=head1 DESCRIPTION

This command implements a generic SSL/TLS server which
listens for connections on a given port using SSL/TLS.

=head1 OPTIONS

In addition to the options below, this command also supports
the common and server only options documented
L<SSL_CONF_cmd(3)/Supported Command Line Commands>

=over 4

=item B<-help>

Print out a usage message.

=item B<-port> I<+int>

The TCP port to listen on for connections. If not specified 4433 is used.

=item B<-accept> I<val>

The optional TCP host and port to listen on for connections. If not specified, *:4433 is used.

=item B<-unix> I<val>

Unix domain socket to accept on.

=item B<-4>

Use IPv4 only.

=item B<-6>

Use IPv6 only.

=item B<-unlink>

For -unix, unlink any existing socket first.

=item B<-context> I<val>

Sets the SSL context id. It can be given any string value. If this option
is not present a default value will be used.

=item B<-verify> I<int>, B<-Verify> I<int>

The verify depth to use. This specifies the maximum length of the
client certificate chain and makes the server request a certificate from
the client. With the B<-verify> option a certificate is requested but the
client does not have to send one, with the B<-Verify> option the client
must supply a certificate or an error occurs.

If the cipher suite cannot request a client certificate (for example an
anonymous cipher suite or PSK) this option has no effect.

=item B<-cert> I<infile>

The certificate to use, most servers cipher suites require the use of a
certificate and some require a certificate with a certain public key type:
for example the DSS cipher suites require a certificate containing a DSS
(DSA) key. If not specified then the filename F<server.pem> will be used.

=item B<-cert2> I<infile>

The certificate file to use for servername; default is C<server2.pem>.

=item B<-certform> B<DER>|B<PEM>|B<P12>

The server certificate file format; unspecified by default.
See L<openssl-format-options(1)> for details.

=item B<-cert_chain>

A file or URI of untrusted certificates to use when attempting to build the
certificate chain related to the certificate specified via the B<-cert> option.
The input can be in PEM, DER, or PKCS#12 format.

=item B<-build_chain>

Specify whether the application should build the server certificate chain to be
provided to the client.

=item B<-serverinfo> I<val>

A file containing one or more blocks of PEM data.  Each PEM block
must encode a TLS ServerHello extension (2 bytes type, 2 bytes length,
followed by "length" bytes of extension data).  If the client sends
an empty TLS ClientHello extension matching the type, the corresponding
ServerHello extension will be returned.

=item B<-key> I<filename>|I<uri>

The private key to use. If not specified then the certificate file will
be used.

=item B<-key2> I<filename>|I<uri>

The private Key file to use for servername if not given via B<-cert2>.

=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>

The key format; unspecified by default.
See L<openssl-format-options(1)> for details.

=item B<-pass> I<val>

The private key and certificate file password source.
For more information about the format of I<val>,
see L<openssl-passphrase-options(1)>.

=item B<-dcert> I<infile>, B<-dkey> I<filename>|I<uri>

Specify an additional certificate and private key, these behave in the
same manner as the B<-cert> and B<-key> options except there is no default
if they are not specified (no additional certificate and key is used). As
noted above some cipher suites require a certificate containing a key of
a certain type. Some cipher suites need a certificate carrying an RSA key
and some a DSS (DSA) key. By using RSA and DSS certificates and keys
a server can support clients which only support RSA or DSS cipher suites
by using an appropriate certificate.

=item B<-dcert_chain>

A file or URI of untrusted certificates to use when attempting to build the
server certificate chain when a certificate specified via the B<-dcert> option
is in use.
The input can be in PEM, DER, or PKCS#12 format.

=item B<-dcertform> B<DER>|B<PEM>|B<P12>

The format of the additional certificate file; unspecified by default.
See L<openssl-format-options(1)> for details.

=item B<-dkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>

The format of the additional private key; unspecified by default.
See L<openssl-format-options(1)> for details.

=item B<-dpass> I<val>

The passphrase for the additional private key and certificate.
For more information about the format of I<val>,
see L<openssl-passphrase-options(1)>.

=item B<-nbio_test>

Tests non blocking I/O.

=item B<-crlf>

This option translated a line feed from the terminal into CR+LF.

=item B<-debug>

Print extensive debugging information including a hex dump of all traffic.

=item B<-security_debug>

Print output from SSL/TLS security framework.

=item B<-security_debug_verbose>

Print more output from SSL/TLS security framework

=item B<-msg>

Show all protocol messages with hex dump.

=item B<-msgfile> I<outfile>

File to send output of B<-msg> or B<-trace> to, default standard output.

=item B<-state>

Prints the SSL session states.

=item B<-CRL> I<infile>

The CRL file to use.

=item B<-CRLform> B<DER>|B<PEM>

The CRL file format; unspecified by default.
See L<openssl-format-options(1)> for details.

=item B<-crl_download>

Download CRLs from distribution points given in CDP extensions of certificates

=item B<-verifyCAfile> I<filename>

A file in PEM format CA containing trusted certificates to use
for verifying client certificates.

=item B<-verifyCApath> I<dir>

A directory containing trusted certificates to use
for verifying client certificates.
This directory must be in "hash format",
see L<openssl-verify(1)> for more information.

=item B<-verifyCAstore> I<uri>

The URI of a store containing trusted certificates to use
for verifying client certificates.

=item B<-chainCAfile> I<file>

A file in PEM format containing trusted certificates to use
when attempting to build the server certificate chain.

=item B<-chainCApath> I<dir>

A directory containing trusted certificates to use
for building the server certificate chain provided to the client.
This directory must be in "hash format",
see L<openssl-verify(1)> for more information.

=item B<-chainCAstore> I<uri>

The URI of a store containing trusted certificates to use
for building the server certificate chain provided to the client.
The URI may indicate a single certificate, as well as a collection of them.
With URIs in the C<file:> scheme, this acts as B<-chainCAfile> or
B<-chainCApath>, depending on if the URI indicates a directory or a
single file.
See L<ossl_store-file(7)> for more information on the C<file:> scheme.

=item B<-nocert>

If this option is set then no certificate is used. This restricts the
cipher suites available to the anonymous ones (currently just anonymous
DH).

=item B<-quiet>

Inhibit printing of session and certificate information.

=item B<-no_resume_ephemeral>

Disable caching and tickets if ephemeral (EC)DH is used.

=item B<-tlsextdebug>

Print a hex dump of any TLS extensions received from the server.

=item B<-www>

Sends a status message back to the client when it connects. This includes
information about the ciphers used and various session parameters.
The output is in HTML format so this option can be used with a web browser.
The special URL C</renegcert> turns on client cert validation, and C</reneg>
tells the server to request renegotiation.
The B<-early_data> option cannot be used with this option.

=item B<-WWW>, B<-HTTP>

Emulates a simple web server. Pages will be resolved relative to the
current directory, for example if the URL C<https://myhost/page.html> is
requested the file F<./page.html> will be sent.
If the B<-HTTP> flag is used, the files are sent directly, and should contain
any HTTP response headers (including status response line).
If the B<-WWW> option is used,
the response headers are generated by the server, and the file extension is
examined to determine the B<Content-Type> header.
Extensions of C<html>, C<htm>, and C<php> are C<text/html> and all others are
C<text/plain>.
In addition, the special URL C</stats> will return status
information like the B<-www> option.
Neither of these options can be used in conjunction with B<-early_data>.

=item B<-http_server_binmode>

When acting as web-server (using option B<-WWW> or B<-HTTP>) open files requested
by the client in binary mode.

=item B<-no_ca_names>

Disable TLS Extension CA Names. You may want to disable it for security reasons
or for compatibility with some Windows TLS implementations crashing when this
extension is larger than 1024 bytes.

=item B<-ignore_unexpected_eof>

Some TLS implementations do not send the mandatory close_notify alert on
shutdown. If the application tries to wait for the close_notify alert but the
peer closes the connection without sending it, an error is generated. When this
option is enabled the peer does not need to send the close_notify alert and a
closed connection will be treated as if the close_notify alert was received.
For more information on shutting down a connection, see L<SSL_shutdown(3)>.

=item B<-servername>

Servername for HostName TLS extension.

=item B<-servername_fatal>

On servername mismatch send fatal alert (default: warning alert).

=item B<-id_prefix> I<val>

Generate SSL/TLS session IDs prefixed by I<val>. This is mostly useful
for testing any SSL/TLS code (e.g. proxies) that wish to deal with multiple
servers, when each of which might be generating a unique range of session
IDs (e.g. with a certain prefix).

=item B<-keymatexport>

Export keying material using label.

=item B<-keymatexportlen>

Export the given number of bytes of keying material; default 20.

=item B<-no_cache>

Disable session cache.

=item B<-ext_cache>.

Disable internal cache, set up and use external cache.

=item B<-verify_return_error>

Verification errors normally just print a message but allow the
connection to continue, for debugging purposes.
If this option is used, then verification errors close the connection.

=item B<-verify_quiet>

No verify output except verify errors.

=item B<-ign_eof>

Ignore input EOF (default: when B<-quiet>).

=item B<-no_ign_eof>

Do not ignore input EOF.

=item B<-no_etm>

Disable Encrypt-then-MAC negotiation.

=item B<-no_ems>

Disable Extended master secret negotiation.

=item B<-status>

Enables certificate status request support (aka OCSP stapling).

=item B<-status_verbose>

Enables certificate status request support (aka OCSP stapling) and gives
a verbose printout of the OCSP response.

=item B<-status_timeout> I<int>

Sets the timeout for OCSP response to I<int> seconds.

=item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>

The HTTP(S) proxy server to use for reaching the OCSP server unless B<-no_proxy>
applies, see below.
The proxy port defaults to 80 or 443 if the scheme is C<https>; apart from that
the optional C<http://> or C<https://> prefix is ignored,
as well as any userinfo and path components.
Defaults to the environment variable C<http_proxy> if set, else C<HTTP_PROXY>
in case no TLS is used, otherwise C<https_proxy> if set, else C<HTTPS_PROXY>.

=item B<-no_proxy> I<addresses>

List of IP addresses and/or DNS names of servers
not to use an HTTP(S) proxy for, separated by commas and/or whitespace
(where in the latter case the whole argument must be enclosed in "...").
Default is from the environment variable C<no_proxy> if set, else C<NO_PROXY>.

=item B<-status_url> I<val>

Sets a fallback responder URL to use if no responder URL is present in the
server certificate. Without this option an error is returned if the server
certificate does not contain a responder address.
The optional userinfo and fragment URL components are ignored.
Any given query component is handled as part of the path component.

=item B<-status_file> I<infile>

Overrides any OCSP responder URLs from the certificate and always provides the
OCSP Response stored in the file. The file must be in DER format.

=item B<-ssl_config> I<val>

Configure SSL_CTX using the given configuration value.

=item B<-trace>

Show verbose trace output of protocol messages.

=item B<-brief>

Provide a brief summary of connection parameters instead of the normal verbose
output.

=item B<-rev>

Simple echo server that sends back received text reversed. Also sets B<-brief>.
Cannot be used in conjunction with B<-early_data>.

=item B<-async>

Switch on asynchronous mode. Cryptographic operations will be performed
asynchronously. This will only have an effect if an asynchronous capable engine
is also used via the B<-engine> option. For test purposes the dummy async engine
(dasync) can be used (if available).

=item B<-max_send_frag> I<+int>

The maximum size of data fragment to send.
See L<SSL_CTX_set_max_send_fragment(3)> for further information.

=item B<-split_send_frag> I<+int>

The size used to split data for encrypt pipelines. If more data is written in
one go than this value then it will be split into multiple pipelines, up to the
maximum number of pipelines defined by max_pipelines. This only has an effect if
a suitable cipher suite has been negotiated, an engine that supports pipelining
has been loaded, and max_pipelines is greater than 1. See
L<SSL_CTX_set_split_send_fragment(3)> for further information.

=item B<-max_pipelines> I<+int>

The maximum number of encrypt/decrypt pipelines to be used. This will only have
an effect if an engine has been loaded that supports pipelining (e.g. the dasync
engine) and a suitable cipher suite has been negotiated. The default value is 1.
See L<SSL_CTX_set_max_pipelines(3)> for further information.

=item B<-naccept> I<+int>

The server will exit after receiving the specified number of connections,
default unlimited.

=item B<-read_buf> I<+int>

The default read buffer size to be used for connections. This will only have an
effect if the buffer size is larger than the size that would otherwise be used
and pipelining is in use (see L<SSL_CTX_set_default_read_buffer_len(3)> for
further information).

=item B<-bugs>

There are several known bugs in SSL and TLS implementations. Adding this
option enables various workarounds.

=item B<-no_tx_cert_comp>