一、简介

s_server是openssl提供的一个SSL服务程序。使用此程序前,需要生成各种证书。本命令可以用来测试ssl客户端,比如各种浏览器的https协议支持

二、语法

openssl s_server [-accept port] [-context id] [-verify depth] [-Verify depth] [-crl_check] [-crl_check_all] [-cert filename] [-certform DER|PEM] [-key filename] [-keyform DER|PEM] [-pass arg] [-dcert filename] [-dcertform DER|PEM ] [-dkey keyfile] [-dkeyform DER|PEM ] [-dpass arg] [-dhparam filename] [-name_curve arg][-nbio] [-nbio_test] [-crlf] [-debug] [-msg] [-state] [-CApath directory] [-CAfile filename] [-nocert] [-cipher cipherlist] [-quiet] [-no_tmp_rsa] [-ssl2] [-ssl3] [-tls1_1] [-tls1_2] [-tls1] [-dtls1] [-timeout] [-mtu] [-chain] [-no_ssl2][-no_ssl3] [-no_tls1] [-no_tls1_1] [-no_tls1_2] [-no_dhe] [-no_ecdhe][-bugs] [-hack] [-www] [-WWW] [-HTTP][-engine id] [-tlsextdebug] [-no_ticket] [-id_prefix arg] [-rand file(s)]

选项

 -accept arg   - port to accept on (default is )

 -context arg  - set session ID context

 -verify arg   - turn on peer certificate verification

 -Verify arg   - turn on peer certificate verification, must have a cert.

 -cert arg     - certificate file to use

                 (default is server.pem)

 -crl_check    - check the peer certificate has not been revoked by its CA.

                 The CRL(s) are appended to the certificate file

 -crl_check_all - check the peer certificate has not been revoked by its CA

                 or any other CRL in the CA chain. CRL(s) are appened to the

                 the certificate file.

 -certform arg - certificate format (PEM or DER) PEM default

 -key arg      - Private Key file to use, in cert file if

                 not specified (default is server.pem)

 -keyform arg  - key format (PEM, DER or ENGINE) PEM default

 -pass arg     - private key file pass phrase source

 -dcert arg    - second certificate file to use (usually for DSA)

 -dcertform x  - second certificate format (PEM or DER) PEM default

 -dkey arg     - second private key file to use (usually for DSA)

 -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default

 -dpass arg    - second private key file pass phrase source

 -dhparam arg  - DH parameter file to use, in cert file if not specified

                 or a default set of parameters is used

 -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.

                 Use "openssl ecparam -list_curves" for all names

                 (default is nistp256).

 -nbio         - Run with non-blocking IO

 -nbio_test    - test with the non-blocking test bio

 -crlf         - convert LF from terminal into CRLF

 -debug        - Print more output

 -msg          - Show protocol messages

 -state        - Print the SSL states

 -CApath arg   - PEM format directory of CA's

 -CAfile arg   - PEM format file of CA's

 -trusted_first - Use trusted CA's first when building the trust chain

 -nocert       - Don't use any certificates (Anon-DH)

 -cipher arg   - play with 'openssl ciphers' to see what goes here

 -serverpref   - Use server's cipher preferences

 -quiet        - No server output

 -no_tmp_rsa   - Do not generate a tmp RSA key

 -psk_hint arg - PSK identity hint to use

 -psk arg      - PSK in hex (without 0x)

 -ssl2         - Just talk SSLv2

 -ssl3         - Just talk SSLv3

 -tls1_2       - Just talk TLSv1.

 -tls1_1       - Just talk TLSv1.

 -tls1         - Just talk TLSv1

 -dtls1        - Just talk DTLSv1

 -timeout      - Enable timeouts

 -mtu          - Set link layer MTU

 -chain        - Read a certificate chain

 -no_ssl2      - Just disable SSLv2

 -no_ssl3      - Just disable SSLv3

 -no_tls1      - Just disable TLSv1

 -no_tls1_1    - Just disable TLSv1.

 -no_tls1_2    - Just disable TLSv1.

 -no_dhe       - Disable ephemeral DH

 -no_ecdhe     - Disable ephemeral ECDH

 -bugs         - Turn on SSL bug compatibility

 -www          - Respond to a 'GET /' with a status page

 -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>

 -HTTP         - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>

                 with the assumption it contains a complete HTTP response.

 -engine id    - Initialise and use the specified engine

 -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'

 -rand file:file:...

 -servername host - servername for HostName TLS extension

 -servername_fatal - on mismatch send fatal alert (default warning alert)

 -cert2 arg    - certificate file to use for servername

                 (default is server2.pem)

 -key2 arg     - Private Key file to use for servername, in cert file if

                 not specified (default is server2.pem)

 -tlsextdebug  - hex dump of all TLS extensions received

 -no_ticket    - disable use of RFC4507bis session tickets

 -legacy_renegotiation - enable use of legacy renegotiation (dangerous)

 -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)

 -use_srtp profiles - Offer SRTP key management with a colon-separated profile list

 -keymatexport label   - Export keying material using label

 -keymatexportlen len  - Export len bytes of keying material (default )

三、实例

1、启动s_server服务(站点证书及私钥,证书链,协议版本,算法组合)

openssl s_server -accept 2009 -key serverprikey.pem -cert server.pem -ssl3 -cipher EXP-KRB5-RC4-MD5 -chain -debug -msg

Openssl s_server命令的更多相关文章

  1. OpenSSL s_server / s_client 应用实例

    netkiller openssl tls 目录[-] 12.6. s_server / s_client 12.6.1. SSL POP3 / SMTP / IMAP 12.6.2. server ...

  2. openssl常用命令行汇总

    openssl常用命令行汇总 随机数 openssl rand -out rand.dat -base64 32 摘要 直接做摘要 openssl dgst -sha1 -out dgst.dat p ...

  3. (转)openssl 命令: openssl req 命令详解

                                      openssl req命令主要的功能有,生成证书请求文件, 查看验证证书请求文件,还有就是生成自签名证书.本文就主要记录一下open ...

  4. Openssl asn1parse命令

    一.简介 asn1parse命令是一种用来诊断ASN.1结构的工具,也能用于从ASN1.1数据中提取数据 二.语法 openssl asn1parse [-inform PEM|DER] [-in f ...

  5. Openssl pkcs7命令

    一.简介 pkcs7命令用于处理DER或者PEM格式的pkcs#7文件.   二.语法 openssl pkcs7 [-inform PEM|DER] [-outform PEM|DER] [-in ...

  6. Openssl crl2pkcs7命令

    一.简介 crl2pkcs命令用来根据CRL或证书来生成pkcs#7消息.   二.语法 openssl crl2pkcs7 [-inform PEM|DER ] [-outform PEM|DER ...

  7. Openssl verify命令

    一.简介 verify命令对证书的有效性进行验证,verify 指令会沿着证书链一直向上验证,直到一个自签名的CA 二.语法 openssl verify [-CApath directory] [- ...

  8. Openssl rsa命令

    一.简介 Rsa命令用于处理RSA密钥.格式转换和打印信息 二.语法 openssl rsa [-inform PEM|NET|DER] [-outform PEM|NET|DER] [-in fil ...

  9. Openssl pkeyutl命令

    一.简介 pkeyutl命令能够测试所支持的密钥算法的性能 二.语法 openssl rsautl [-in file] [-out file] [-sigfile file] [-inkey fil ...

随机推荐

  1. TCP 、UDP、IP包的最大长度

    1.概述 首先要看TCP/IP协议,涉及到四层:链路层,网络层,传输层,应用层. 其中以太网(Ethernet)的数据帧在链路层 IP包在网络层 TCP或UDP包在传输层 TCP或UDP中的数据(Da ...

  2. java代码---------常用的方法indexOf()和substring()方法的小结、主要是下标都是从0开始,很重要,错了就那个差远了啊

    package com.s.x; //indexOf()方法从字符起始处的第一个位子开始的位置 //substring public class Wang { public static void m ...

  3. 汇编_压缩BCD码和非压缩BCD码

    BCD码是表示十进制数的,非压缩BCD码是用8位表示的,其实只用低4位,高4位全为0. 例如,十进制数36,用非压缩BCD码表示为:0000 0011 0000 0110 ,这是两个字节. 压缩BCD ...

  4. Mac brew安装MongoDB

    brew简介安装 brew 又叫Homebrew,是Mac OSX上的软件包管理工具,能在Mac中方便的安装软件或者卸载软件, 只需要一个命令, 非常方便 brew类似ubuntu系统下的apt-ge ...

  5. html中的响应式图片

    html中的响应式图片 img sizes 指定屏幕尺寸 srcset 指定可以使用的图片和大小,多个使用逗号分隔,需要指定图片的真实宽度,个人觉得没有picture好用 <img sizes= ...

  6. js控制电池

    js控制电池 判断设备是否在充电 navigator.getBattery().then(function(battery){ if(battery.charging) { alert("电 ...

  7. Ubuntu13.10:密码忘记了怎么办?

    重启ubuntu系统,开机时长按shift按键进入GRUB菜单,选择第二个高级模式. 新版的UBUNTU系统居然启用了GRUNB2.0的内核!虽然传说相当的牛X,但是用起来感觉就是非常看不清楚字体,要 ...

  8. SVN专题(Visual SVN Server + TortoiseSVN + Visual SVN)

    参考资料: 1.Windows环境下搭建SVN服务器.原文地址:https://blog.csdn.net/lu1024188315/article/details/74082227 2.Git|SV ...

  9. 转:Ubuntu下用Sublime输入中文

    最近用上ubuntu跑theano,碰到的一个问题就是用sublime编辑代码的时候无法输入中文. 读代码经常要写注释不能用中文是在是麻烦. 曾经考虑过使用别的文本编辑器,但是sublime的用户界面 ...

  10. 简单获取各大视频网站的flash地址

    最近做网站的时候遇到一个需求:给定一个视频地址,获取它的swf地址.例如,给一个优酷的视频地址:http://v.youku.com /v_show/id_XNDg4MzY5ODU2.html,想获取 ...