一、简介

s_server是openssl提供的一个SSL服务程序。使用此程序前,需要生成各种证书。本命令可以用来测试ssl客户端,比如各种浏览器的https协议支持

二、语法

openssl s_server [-accept port] [-context id] [-verify depth] [-Verify depth] [-crl_check] [-crl_check_all] [-cert filename] [-certform DER|PEM] [-key filename] [-keyform DER|PEM] [-pass arg] [-dcert filename] [-dcertform DER|PEM ] [-dkey keyfile] [-dkeyform DER|PEM ] [-dpass arg] [-dhparam filename] [-name_curve arg][-nbio] [-nbio_test] [-crlf] [-debug] [-msg] [-state] [-CApath directory] [-CAfile filename] [-nocert] [-cipher cipherlist] [-quiet] [-no_tmp_rsa] [-ssl2] [-ssl3] [-tls1_1] [-tls1_2] [-tls1] [-dtls1] [-timeout] [-mtu] [-chain] [-no_ssl2][-no_ssl3] [-no_tls1] [-no_tls1_1] [-no_tls1_2] [-no_dhe] [-no_ecdhe][-bugs] [-hack] [-www] [-WWW] [-HTTP][-engine id] [-tlsextdebug] [-no_ticket] [-id_prefix arg] [-rand file(s)]

选项

 -accept arg   - port to accept on (default is )

 -context arg  - set session ID context

 -verify arg   - turn on peer certificate verification

 -Verify arg   - turn on peer certificate verification, must have a cert.

 -cert arg     - certificate file to use

                 (default is server.pem)

 -crl_check    - check the peer certificate has not been revoked by its CA.

                 The CRL(s) are appended to the certificate file

 -crl_check_all - check the peer certificate has not been revoked by its CA

                 or any other CRL in the CA chain. CRL(s) are appened to the

                 the certificate file.

 -certform arg - certificate format (PEM or DER) PEM default

 -key arg      - Private Key file to use, in cert file if

                 not specified (default is server.pem)

 -keyform arg  - key format (PEM, DER or ENGINE) PEM default

 -pass arg     - private key file pass phrase source

 -dcert arg    - second certificate file to use (usually for DSA)

 -dcertform x  - second certificate format (PEM or DER) PEM default

 -dkey arg     - second private key file to use (usually for DSA)

 -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default

 -dpass arg    - second private key file pass phrase source

 -dhparam arg  - DH parameter file to use, in cert file if not specified

                 or a default set of parameters is used

 -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.

                 Use "openssl ecparam -list_curves" for all names

                 (default is nistp256).

 -nbio         - Run with non-blocking IO

 -nbio_test    - test with the non-blocking test bio

 -crlf         - convert LF from terminal into CRLF

 -debug        - Print more output

 -msg          - Show protocol messages

 -state        - Print the SSL states

 -CApath arg   - PEM format directory of CA's

 -CAfile arg   - PEM format file of CA's

 -trusted_first - Use trusted CA's first when building the trust chain

 -nocert       - Don't use any certificates (Anon-DH)

 -cipher arg   - play with 'openssl ciphers' to see what goes here

 -serverpref   - Use server's cipher preferences

 -quiet        - No server output

 -no_tmp_rsa   - Do not generate a tmp RSA key

 -psk_hint arg - PSK identity hint to use

 -psk arg      - PSK in hex (without 0x)

 -ssl2         - Just talk SSLv2

 -ssl3         - Just talk SSLv3

 -tls1_2       - Just talk TLSv1.

 -tls1_1       - Just talk TLSv1.

 -tls1         - Just talk TLSv1

 -dtls1        - Just talk DTLSv1

 -timeout      - Enable timeouts

 -mtu          - Set link layer MTU

 -chain        - Read a certificate chain

 -no_ssl2      - Just disable SSLv2

 -no_ssl3      - Just disable SSLv3

 -no_tls1      - Just disable TLSv1

 -no_tls1_1    - Just disable TLSv1.

 -no_tls1_2    - Just disable TLSv1.

 -no_dhe       - Disable ephemeral DH

 -no_ecdhe     - Disable ephemeral ECDH

 -bugs         - Turn on SSL bug compatibility

 -www          - Respond to a 'GET /' with a status page

 -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>

 -HTTP         - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>

                 with the assumption it contains a complete HTTP response.

 -engine id    - Initialise and use the specified engine

 -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'

 -rand file:file:...

 -servername host - servername for HostName TLS extension

 -servername_fatal - on mismatch send fatal alert (default warning alert)

 -cert2 arg    - certificate file to use for servername

                 (default is server2.pem)

 -key2 arg     - Private Key file to use for servername, in cert file if

                 not specified (default is server2.pem)

 -tlsextdebug  - hex dump of all TLS extensions received

 -no_ticket    - disable use of RFC4507bis session tickets

 -legacy_renegotiation - enable use of legacy renegotiation (dangerous)

 -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)

 -use_srtp profiles - Offer SRTP key management with a colon-separated profile list

 -keymatexport label   - Export keying material using label

 -keymatexportlen len  - Export len bytes of keying material (default )

三、实例

1、启动s_server服务(站点证书及私钥,证书链,协议版本,算法组合)

openssl s_server -accept 2009 -key serverprikey.pem -cert server.pem -ssl3 -cipher EXP-KRB5-RC4-MD5 -chain -debug -msg

Openssl s_server命令的更多相关文章

  1. OpenSSL s_server / s_client 应用实例

    netkiller openssl tls 目录[-] 12.6. s_server / s_client 12.6.1. SSL POP3 / SMTP / IMAP 12.6.2. server ...

  2. openssl常用命令行汇总

    openssl常用命令行汇总 随机数 openssl rand -out rand.dat -base64 32 摘要 直接做摘要 openssl dgst -sha1 -out dgst.dat p ...

  3. (转)openssl 命令: openssl req 命令详解

                                      openssl req命令主要的功能有,生成证书请求文件, 查看验证证书请求文件,还有就是生成自签名证书.本文就主要记录一下open ...

  4. Openssl asn1parse命令

    一.简介 asn1parse命令是一种用来诊断ASN.1结构的工具,也能用于从ASN1.1数据中提取数据 二.语法 openssl asn1parse [-inform PEM|DER] [-in f ...

  5. Openssl pkcs7命令

    一.简介 pkcs7命令用于处理DER或者PEM格式的pkcs#7文件.   二.语法 openssl pkcs7 [-inform PEM|DER] [-outform PEM|DER] [-in ...

  6. Openssl crl2pkcs7命令

    一.简介 crl2pkcs命令用来根据CRL或证书来生成pkcs#7消息.   二.语法 openssl crl2pkcs7 [-inform PEM|DER ] [-outform PEM|DER ...

  7. Openssl verify命令

    一.简介 verify命令对证书的有效性进行验证,verify 指令会沿着证书链一直向上验证,直到一个自签名的CA 二.语法 openssl verify [-CApath directory] [- ...

  8. Openssl rsa命令

    一.简介 Rsa命令用于处理RSA密钥.格式转换和打印信息 二.语法 openssl rsa [-inform PEM|NET|DER] [-outform PEM|NET|DER] [-in fil ...

  9. Openssl pkeyutl命令

    一.简介 pkeyutl命令能够测试所支持的密钥算法的性能 二.语法 openssl rsautl [-in file] [-out file] [-sigfile file] [-inkey fil ...

随机推荐

  1. net start mongodb发生系统错误2 系统找不到指定的文件

    安装mongodb时, 将mongodb 作为系统服务启动 net start mongodb,报错发生系统错误2 系统找不到指定的文件 . 查找原因是因为,系统服务的可执行文件地址有误. 修改服务地 ...

  2. Struts2的fliter与interceptor

    struts2   fliter与interceptor的区别 1.拦截器是基于java反射机制的,而过滤器是基于函数回调的.2.过滤器依赖于servlet容器,而拦截器不依赖于servlet容器.3 ...

  3. zookeeper的四种类型的节点

    znode创建类型(CreateMode),有以下四种: PERSISTENT 持久化节点 PERSISTENT_SEQUENTIAL 顺序自动编号持久化节点,这种节点会根据当前已存在的节点数自动加 ...

  4. Hive中的用户自定义函数UDF

    Hive中的自定义函数允许用户扩展HiveQL,是一个非常强大的功能.Hive中具有多种类型的用户自定义函数.show functions命令可以列举出当前Hive会话中的所加载进来的函数,包括内置的 ...

  5. 基于七牛Python SDK写的一个批量下载脚本

    前言 上一篇基于七牛Python SDK写的一个同步脚本所写的脚本只支持上传,不支持文件下载. 虽然这个需求不太强烈,但有可能有人(在备份.迁移时)需要,而官方有没提供对应的工具,所以我就把这个功能也 ...

  6. 加密算法blowfish 多语言

    php加密算法blowfish <?php /** * Created by PhpStorm. * User: Administrator * Date: 2016-02-14 * Time: ...

  7. Maven中dependencyManagement使用

    在Maven中dependencyManagement的作用其实相当于一个对所依赖jar包进行版本管理的管理器. 在dependencyManagement下申明的dependencies,Maven ...

  8. Linux git 关联 github仓库

    背景: 由于最近学习Spring cloud docker 一键部署, 需要把github仓库项目, 放在Linux上面启动, (以下位置在/root/目录中执行)步骤, 1:安装 git >y ...

  9. httpd 系统错误 无法启动此程序,因为计算机中丢失VCRUNTIME140.dll

    说来话长的搭了一个discuz论坛,服务器是apache,我本地的是直接从官网下的(值得吐槽的是官网居然拿不提供编译版本么要从第三方网站获取,不知道为何....),对应apache之前是搭bug管理系 ...

  10. ffmpeg最简单的解码保存YUV数据 <转>

    video的raw data一般都是YUV420p的格式,简单的记录下这个格式的细节,如有不对希望大家能指出.   YUV图像通常有两种格式,一种是packet 还有一种是planar    从字面上 ...