zoukankan      html  css  js  c++  java
  • Openssl s_server命令

    一、简介

    s_server是openssl提供的一个SSL服务程序。使用此程序前,需要生成各种证书。本命令可以用来测试ssl客户端,比如各种浏览器的https协议支持

    二、语法

    openssl s_server [-accept port] [-context id] [-verify depth] [-Verify depth] [-crl_check] [-crl_check_all] [-cert filename] [-certform DER|PEM] [-key filename] [-keyform DER|PEM] [-pass arg] [-dcert filename] [-dcertform DER|PEM ] [-dkey keyfile] [-dkeyform DER|PEM ] [-dpass arg] [-dhparam filename] [-name_curve arg][-nbio] [-nbio_test] [-crlf] [-debug] [-msg] [-state] [-CApath directory] [-CAfile filename] [-nocert] [-cipher cipherlist] [-quiet] [-no_tmp_rsa] [-ssl2] [-ssl3] [-tls1_1] [-tls1_2] [-tls1] [-dtls1] [-timeout] [-mtu] [-chain] [-no_ssl2][-no_ssl3] [-no_tls1] [-no_tls1_1] [-no_tls1_2] [-no_dhe] [-no_ecdhe][-bugs] [-hack] [-www] [-WWW] [-HTTP][-engine id] [-tlsextdebug] [-no_ticket] [-id_prefix arg] [-rand file(s)]

    选项

     -accept arg   - port to accept on (default is 4433)
     -context arg  - set session ID context
     -verify arg   - turn on peer certificate verification
     -Verify arg   - turn on peer certificate verification, must have a cert.
     -cert arg     - certificate file to use
                     (default is server.pem)
     -crl_check    - check the peer certificate has not been revoked by its CA.
                     The CRL(s) are appended to the certificate file
     -crl_check_all - check the peer certificate has not been revoked by its CA
                     or any other CRL in the CA chain. CRL(s) are appened to the
                     the certificate file.
     -certform arg - certificate format (PEM or DER) PEM default
     -key arg      - Private Key file to use, in cert file if
                     not specified (default is server.pem)
     -keyform arg  - key format (PEM, DER or ENGINE) PEM default
     -pass arg     - private key file pass phrase source
     -dcert arg    - second certificate file to use (usually for DSA)
     -dcertform x  - second certificate format (PEM or DER) PEM default
     -dkey arg     - second private key file to use (usually for DSA)
     -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default
     -dpass arg    - second private key file pass phrase source
     -dhparam arg  - DH parameter file to use, in cert file if not specified
                     or a default set of parameters is used
     -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.
                     Use "openssl ecparam -list_curves" for all names
                     (default is nistp256).
     -nbio         - Run with non-blocking IO
     -nbio_test    - test with the non-blocking test bio
     -crlf         - convert LF from terminal into CRLF
     -debug        - Print more output
     -msg          - Show protocol messages
     -state        - Print the SSL states
     -CApath arg   - PEM format directory of CA's
     -CAfile arg   - PEM format file of CA's
     -trusted_first - Use trusted CA's first when building the trust chain
     -nocert       - Don't use any certificates (Anon-DH)
     -cipher arg   - play with 'openssl ciphers' to see what goes here
     -serverpref   - Use server's cipher preferences
     -quiet        - No server output
     -no_tmp_rsa   - Do not generate a tmp RSA key
     -psk_hint arg - PSK identity hint to use
     -psk arg      - PSK in hex (without 0x)
     -ssl2         - Just talk SSLv2
     -ssl3         - Just talk SSLv3
     -tls1_2       - Just talk TLSv1.2
     -tls1_1       - Just talk TLSv1.1
     -tls1         - Just talk TLSv1
     -dtls1        - Just talk DTLSv1
     -timeout      - Enable timeouts
     -mtu          - Set link layer MTU
     -chain        - Read a certificate chain
     -no_ssl2      - Just disable SSLv2
     -no_ssl3      - Just disable SSLv3
     -no_tls1      - Just disable TLSv1
     -no_tls1_1    - Just disable TLSv1.1
     -no_tls1_2    - Just disable TLSv1.2
     -no_dhe       - Disable ephemeral DH
     -no_ecdhe     - Disable ephemeral ECDH
     -bugs         - Turn on SSL bug compatibility
     -www          - Respond to a 'GET /' with a status page
     -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>
     -HTTP         - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>
                     with the assumption it contains a complete HTTP response.
     -engine id    - Initialise and use the specified engine
     -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'
     -rand file:file:...
     -servername host - servername for HostName TLS extension
     -servername_fatal - on mismatch send fatal alert (default warning alert)
     -cert2 arg    - certificate file to use for servername
                     (default is server2.pem)
     -key2 arg     - Private Key file to use for servername, in cert file if
                     not specified (default is server2.pem)
     -tlsextdebug  - hex dump of all TLS extensions received
     -no_ticket    - disable use of RFC4507bis session tickets
     -legacy_renegotiation - enable use of legacy renegotiation (dangerous)
     -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)
     -use_srtp profiles - Offer SRTP key management with a colon-separated profile list
     -keymatexport label   - Export keying material using label
     -keymatexportlen len  - Export len bytes of keying material (default 20)

    三、实例

    1、启动s_server服务(站点证书及私钥,证书链,协议版本,算法组合)

    openssl s_server -accept 2009 -key serverprikey.pem -cert server.pem -ssl3 -cipher EXP-KRB5-RC4-MD5 -chain -debug -msg

    image

  • 相关阅读:
    CSS——制作天天生鲜主页
    HTML——制作一个图片列表
    HTML——制作一个简易菜单栏
    CSS——三种页面引入方法
    【20170903】模拟赛
    【LA 3942】 Remember the word
    【BZOJ 1036】 树的统计count
    UVA 12299 RMQ with shifts
    【20170706】次短路
    【20170706】保卫萝卜
  • 原文地址:https://www.cnblogs.com/274914765qq/p/4674482.html
Copyright © 2011-2022 走看看