10 B<openssl> B<s_server>
11 [B<-help>]
12 [B<-port> I<+int>]
13 [B<-accept> I<val>]
14 [B<-unix> I<val>]
15 [B<-4>]
16 [B<-6>]
17 [B<-unlink>]
18 [B<-context> I<val>]
19 [B<-verify> I<int>]
20 [B<-Verify> I<int>]
21 [B<-cert> I<infile>]
22 [B<-cert2> I<infile>]
23 [B<-certform> B<DER>|B<PEM>|B<P12>]
24 [B<-cert_chain> I<infile>]
25 [B<-build_chain>]
26 [B<-serverinfo> I<val>]
27 [B<-key> I<filename>|I<uri>]
28 [B<-key2> I<filename>|I<uri>]
29 [B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
30 [B<-pass> I<val>]
31 [B<-dcert> I<infile>]
32 [B<-dcertform> B<DER>|B<PEM>|B<P12>]
33 [B<-dcert_chain> I<infile>]
34 [B<-dkey> I<filename>|I<uri>]
35 [B<-dkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
36 [B<-dpass> I<val>]
37 [B<-nbio_test>]
38 [B<-crlf>]
39 [B<-debug>]
40 [B<-msg>]
41 [B<-msgfile> I<outfile>]
42 [B<-state>]
43 [B<-nocert>]
44 [B<-quiet>]
45 [B<-no_resume_ephemeral>]
46 [B<-www>]
47 [B<-WWW>]
48 [B<-http_server_binmode>]
49 [B<-no_ca_names>]
50 [B<-ignore_unexpected_eof>]
51 [B<-servername>]
52 [B<-servername_fatal>]
53 [B<-tlsextdebug>]
54 [B<-HTTP>]
55 [B<-id_prefix> I<val>]
56 [B<-keymatexport> I<val>]
57 [B<-keymatexportlen> I<+int>]
58 [B<-CRL> I<infile>]
59 [B<-CRLform> B<DER>|B<PEM>]
60 [B<-crl_download>]
61 [B<-chainCAfile> I<infile>]
62 [B<-chainCApath> I<dir>]
63 [B<-chainCAstore> I<uri>]
64 [B<-verifyCAfile> I<infile>]
65 [B<-verifyCApath> I<dir>]
66 [B<-verifyCAstore> I<uri>]
67 [B<-no_cache>]
68 [B<-ext_cache>]
69 [B<-verify_return_error>]
70 [B<-verify_quiet>]
71 [B<-ign_eof>]
72 [B<-no_ign_eof>]
73 [B<-no_etm>]
74 [B<-no_ems>]
75 [B<-status>]
76 [B<-status_verbose>]
77 [B<-status_timeout> I<int>]
78 [B<-proxy> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>]
79 [B<-no_proxy> I<addresses>]
80 [B<-status_url> I<val>]
81 [B<-status_file> I<infile>]
82 [B<-ssl_config> I<val>]
83 [B<-trace>]
84 [B<-security_debug>]
85 [B<-security_debug_verbose>]
86 [B<-brief>]
87 [B<-rev>]
88 [B<-async>]
89 [B<-max_send_frag> I<+int>]
90 [B<-split_send_frag> I<+int>]
91 [B<-max_pipelines> I<+int>]
92 [B<-naccept> I<+int>]
93 [B<-read_buf> I<+int>]
94 [B<-bugs>]
95 [B<-no_tx_cert_comp>]
96 [B<-no_rx_cert_comp>]
97 [B<-no_comp>]
98 [B<-comp>]
99 [B<-no_ticket>]
100 [B<-serverpref>]
101 [B<-legacy_renegotiation>]
102 [B<-no_renegotiation>]
103 [B<-no_resumption_on_reneg>]
104 [B<-allow_no_dhe_kex>]
105 [B<-prefer_no_dhe_kex>]
106 [B<-prioritize_chacha>]
107 [B<-strict>]
108 [B<-sigalgs> I<val>]
109 [B<-client_sigalgs> I<val>]
110 [B<-groups> I<val>]
111 [B<-curves> I<val>]
112 [B<-named_curve> I<val>]
113 [B<-cipher> I<val>]
114 [B<-ciphersuites> I<val>]
115 [B<-dhparam> I<infile>]
116 [B<-record_padding> I<val>]
117 [B<-debug_broken_protocol>]
118 [B<-nbio>]
119 [B<-psk_identity> I<val>]
120 [B<-psk_hint> I<val>]
121 [B<-psk> I<val>]
122 [B<-psk_session> I<file>]
123 [B<-srpvfile> I<infile>]
124 [B<-srpuserseed> I<val>]
125 [B<-timeout>]
126 [B<-mtu> I<+int>]
127 [B<-listen>]
128 [B<-sctp>]
129 [B<-sctp_label_bug>]
130 [B<-use_srtp> I<val>]
131 [B<-no_dhe>]
132 [B<-nextprotoneg> I<val>]
133 [B<-alpn> I<val>]
134 [B<-ktls>]
135 [B<-sendfile>]
136 [B<-zerocopy_sendfile>]
137 [B<-keylogfile> I<outfile>]
138 [B<-recv_max_early_data> I<int>]
139 [B<-max_early_data> I<int>]
140 [B<-early_data>]
141 [B<-stateless>]
142 [B<-anti_replay>]
143 [B<-no_anti_replay>]
144 [B<-num_tickets>]
145 [B<-tfo>]
146 [B<-cert_comp>]
155 [B<-enable_server_rpk>]
156 [B<-enable_client_rpk>]
171 =item B<-help>
175 =item B<-port> I<+int>
179 =item B<-accept> I<val>
183 =item B<-unix> I<val>
187 =item B<-4>
191 =item B<-6>
195 =item B<-unlink>
199 =item B<-context> I<val>
204 =item B<-verify> I<int>, B<-Verify> I<int>
208 the client. With the B<-verify> option a certificate is requested but the
209 client does not have to send one, with the B<-Verify> option the client
215 =item B<-cert> I<infile>
222 =item B<-cert2> I<infile>
226 =item B<-certform> B<DER>|B<PEM>|B<P12>
231 =item B<-cert_chain>
234 certificate chain related to the certificate specified via the B<-cert> option.
239 =item B<-build_chain>
244 =item B<-serverinfo> I<val>
252 =item B<-key> I<filename>|I<uri>
257 =item B<-key2> I<filename>|I<uri>
259 The private Key file to use for servername if not given via B<-cert2>.
261 =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
266 =item B<-pass> I<val>
272 =item B<-dcert> I<infile>, B<-dkey> I<filename>|I<uri>
275 same manner as the B<-cert> and B<-key> options except there is no default
283 =item B<-dcert_chain>
286 server certificate chain when a certificate specified via the B<-dcert> option
290 =item B<-dcertform> B<DER>|B<PEM>|B<P12>
295 =item B<-dkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
300 =item B<-dpass> I<val>
306 =item B<-nbio_test>
310 =item B<-crlf>
314 =item B<-debug>
318 =item B<-security_debug>
322 =item B<-security_debug_verbose>
326 =item B<-msg>
330 =item B<-msgfile> I<outfile>
332 File to send output of B<-msg> or B<-trace> to, default standard output.
334 =item B<-state>
338 =item B<-CRL> I<infile>
342 =item B<-CRLform> B<DER>|B<PEM>
347 =item B<-crl_download>
351 =item B<-verifyCAfile> I<filename>
356 =item B<-verifyCApath> I<dir>
363 =item B<-verifyCAstore> I<uri>
368 =item B<-chainCAfile> I<file>
373 =item B<-chainCApath> I<dir>
380 =item B<-chainCAstore> I<uri>
385 With URIs in the C<file:> scheme, this acts as B<-chainCAfile> or
386 B<-chainCApath>, depending on if the URI indicates a directory or a
390 =item B<-nocert>
396 =item B<-quiet>
400 =item B<-no_resume_ephemeral>
404 =item B<-tlsextdebug>
408 =item B<-www>
416 =item B<-WWW>, B<-HTTP>
421 If the B<-HTTP> flag is used, the files are sent directly, and should contain
423 If the B<-WWW> option is used,
425 examined to determine the B<Content-Type> header.
429 information like the B<-www> option.
431 =item B<-http_server_binmode>
433 When acting as web-server (using option B<-WWW> or B<-HTTP>) open files requested
436 =item B<-no_ca_names>
442 =item B<-ignore_unexpected_eof>
451 =item B<-servername>
455 =item B<-servername_fatal>
459 =item B<-id_prefix> I<val>
466 =item B<-keymatexport>
470 =item B<-keymatexportlen>
474 =item B<-no_cache>
478 =item B<-ext_cache>.
482 =item B<-verify_return_error>
488 =item B<-verify_quiet>
492 =item B<-ign_eof>
494 Ignore input EOF (default: when B<-quiet>).
496 =item B<-no_ign_eof>
500 =item B<-no_etm>
504 =item B<-no_ems>
508 =item B<-status>
512 =item B<-status_verbose>
516 Use the B<-cert_chain> option to specify the certificate of the server's
519 =item B<-status_timeout> I<int>
523 =item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>
525 The HTTP(S) proxy server to use for reaching the OCSP server unless B<-no_proxy>
534 =item B<-no_proxy> I<addresses>
541 =item B<-status_url> I<val>
549 =item B<-status_file> I<infile>
554 =item B<-ssl_config> I<val>
558 =item B<-trace>
562 =item B<-brief>
567 =item B<-rev>
569 Simple echo server that sends back received text reversed. Also sets B<-brief>.
570 Cannot be used in conjunction with B<-early_data>.
572 =item B<-async>
576 is also used via the B<-engine> option. For test purposes the dummy async engine
579 =item B<-max_send_frag> I<+int>
584 =item B<-split_send_frag> I<+int>
593 =item B<-max_pipelines> I<+int>
600 =item B<-naccept> I<+int>
605 =item B<-read_buf> I<+int>
612 =item B<-bugs>
617 =item B<-no_tx_cert_comp>
621 =item B<-no_rx_cert_comp>
625 =item B<-no_comp>
631 =item B<-comp>
639 B<-cipher> option to change the security level. See L<openssl-ciphers(1)> for
642 =item B<-no_ticket>
645 is negotiated. See B<-num_tickets>.
647 =item B<-num_tickets>
653 =item B<-serverpref>
657 =item B<-prioritize_chacha>
659 Prioritize ChaCha ciphers when preferred by clients. Requires B<-serverpref>.
661 =item B<-no_resumption_on_reneg>
663 Set the B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> option.
665 =item B<-client_sigalgs> I<val>
670 =item B<-named_curve> I<val>
680 =item B<-cipher> I<val>
689 =item B<-ciphersuites> I<val>
699 =item B<-dhparam> I<infile>
707 =item B<-nbio>
711 =item B<-timeout>
715 =item B<-mtu>
719 =item B<-psk_identity> I<val>
725 =item B<-psk_hint> I<val>
729 =item B<-psk> I<val>
736 =item B<-psk_session> I<file>
741 =item B<-srpvfile>
746 =item B<-srpuserseed>
751 =item B<-listen>
762 =item B<-sctp>
765 conjunction with B<-dtls>, B<-dtls1> or B<-dtls1_2>. This option is only
768 =item B<-sctp_label_bug>
773 implementations. Must be used in conjunction with B<-sctp>. This option is only
776 =item B<-use_srtp>
780 =item B<-no_dhe>
785 =item B<-alpn> I<val>, B<-nextprotoneg> I<val>
794 The flag B<-nextprotoneg> cannot be specified if B<-tls1_3> is used.
796 =item B<-ktls>
802 =item B<-sendfile>
806 This option is only valid when B<-ktls> along with B<-WWW> or B<-HTTP>
809 =item B<-zerocopy_sendfile>
814 This option depends on B<-sendfile>; when used alone, B<-sendfile> is implied,
818 =item B<-keylogfile> I<outfile>
823 =item B<-max_early_data> I<int>
826 and any incoming early data (when used in conjunction with the B<-early_data>
830 =item B<-recv_max_early_data> I<int>
835 =item B<-early_data>
837 Accept early data where possible. Cannot be used in conjunction with B<-www>,
838 B<-WWW>, B<-HTTP> or B<-rev>.
840 =item B<-stateless>
844 =item B<-anti_replay>, B<-no_anti_replay>
853 =item B<-tfo>
857 =item B<-cert_comp>
881 proceed unless the B<-verify_return_error> option is used.
883 =item B<-enable_server_rpk>
893 =item B<-enable_client_rpk>
908 B<-www> nor the B<-WWW> option has been used then normally any data received
917 =item B<q>
921 =item B<Q>
925 =item B<r>
929 =item B<R>
934 =item B<P>
939 =item B<S>
943 =item B<k>
947 =item B<K>
951 =item B<c>
1004 The B<-srpvfile>, B<-srpuserseed>, and B<-engine>
1008 B<-enable_client_rpk>,
1009 B<-enable_server_rpk>,
1010 B<-no_rx_cert_comp>,
1011 B<-no_tx_cert_comp>,
1012 and B<-tfo>

Last Index update Fri Nov 22 14:03:13 UTC 2024

Dedicated to & Maintained by Room-11