一、简介

s_server是openssl提供的一个SSL服务程序。使用此程序前,需要生成各种证书。本命令可以用来测试ssl客户端,比如各种浏览器的https协议支持

二、语法

openssl s_server [-accept port] [-context id] [-verify depth] [-Verify depth] [-crl_check] [-crl_check_all] [-cert filename] [-certform DER|PEM] [-key filename] [-keyform DER|PEM] [-pass arg] [-dcert filename] [-dcertform DER|PEM ] [-dkey keyfile] [-dkeyform DER|PEM ] [-dpass arg] [-dhparam filename] [-name_curve arg][-nbio] [-nbio_test] [-crlf] [-debug] [-msg] [-state] [-CApath directory] [-CAfile filename] [-nocert] [-cipher cipherlist] [-quiet] [-no_tmp_rsa] [-ssl2] [-ssl3] [-tls1_1] [-tls1_2] [-tls1] [-dtls1] [-timeout] [-mtu] [-chain] [-no_ssl2][-no_ssl3] [-no_tls1] [-no_tls1_1] [-no_tls1_2] [-no_dhe] [-no_ecdhe][-bugs] [-hack] [-www] [-WWW] [-HTTP][-engine id] [-tlsextdebug] [-no_ticket] [-id_prefix arg] [-rand file(s)]

选项

 -accept arg   - port to accept on (default is )

 -context arg  - set session ID context

 -verify arg   - turn on peer certificate verification

 -Verify arg   - turn on peer certificate verification, must have a cert.

 -cert arg     - certificate file to use

                 (default is server.pem)

 -crl_check    - check the peer certificate has not been revoked by its CA.

                 The CRL(s) are appended to the certificate file

 -crl_check_all - check the peer certificate has not been revoked by its CA

                 or any other CRL in the CA chain. CRL(s) are appened to the

                 the certificate file.

 -certform arg - certificate format (PEM or DER) PEM default

 -key arg      - Private Key file to use, in cert file if

                 not specified (default is server.pem)

 -keyform arg  - key format (PEM, DER or ENGINE) PEM default

 -pass arg     - private key file pass phrase source

 -dcert arg    - second certificate file to use (usually for DSA)

 -dcertform x  - second certificate format (PEM or DER) PEM default

 -dkey arg     - second private key file to use (usually for DSA)

 -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default

 -dpass arg    - second private key file pass phrase source

 -dhparam arg  - DH parameter file to use, in cert file if not specified

                 or a default set of parameters is used

 -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.

                 Use "openssl ecparam -list_curves" for all names

                 (default is nistp256).

 -nbio         - Run with non-blocking IO

 -nbio_test    - test with the non-blocking test bio

 -crlf         - convert LF from terminal into CRLF

 -debug        - Print more output

 -msg          - Show protocol messages

 -state        - Print the SSL states

 -CApath arg   - PEM format directory of CA's

 -CAfile arg   - PEM format file of CA's

 -trusted_first - Use trusted CA's first when building the trust chain

 -nocert       - Don't use any certificates (Anon-DH)

 -cipher arg   - play with 'openssl ciphers' to see what goes here

 -serverpref   - Use server's cipher preferences

 -quiet        - No server output

 -no_tmp_rsa   - Do not generate a tmp RSA key

 -psk_hint arg - PSK identity hint to use

 -psk arg      - PSK in hex (without 0x)

 -ssl2         - Just talk SSLv2

 -ssl3         - Just talk SSLv3

 -tls1_2       - Just talk TLSv1.

 -tls1_1       - Just talk TLSv1.

 -tls1         - Just talk TLSv1

 -dtls1        - Just talk DTLSv1

 -timeout      - Enable timeouts

 -mtu          - Set link layer MTU

 -chain        - Read a certificate chain

 -no_ssl2      - Just disable SSLv2

 -no_ssl3      - Just disable SSLv3

 -no_tls1      - Just disable TLSv1

 -no_tls1_1    - Just disable TLSv1.

 -no_tls1_2    - Just disable TLSv1.

 -no_dhe       - Disable ephemeral DH

 -no_ecdhe     - Disable ephemeral ECDH

 -bugs         - Turn on SSL bug compatibility

 -www          - Respond to a 'GET /' with a status page

 -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>

 -HTTP         - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>

                 with the assumption it contains a complete HTTP response.

 -engine id    - Initialise and use the specified engine

 -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'

 -rand file:file:...

 -servername host - servername for HostName TLS extension

 -servername_fatal - on mismatch send fatal alert (default warning alert)

 -cert2 arg    - certificate file to use for servername

                 (default is server2.pem)

 -key2 arg     - Private Key file to use for servername, in cert file if

                 not specified (default is server2.pem)

 -tlsextdebug  - hex dump of all TLS extensions received

 -no_ticket    - disable use of RFC4507bis session tickets

 -legacy_renegotiation - enable use of legacy renegotiation (dangerous)

 -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)

 -use_srtp profiles - Offer SRTP key management with a colon-separated profile list

 -keymatexport label   - Export keying material using label

 -keymatexportlen len  - Export len bytes of keying material (default )

三、实例

1、启动s_server服务(站点证书及私钥,证书链,协议版本,算法组合)

openssl s_server -accept 2009 -key serverprikey.pem -cert server.pem -ssl3 -cipher EXP-KRB5-RC4-MD5 -chain -debug -msg

Openssl s_server命令的更多相关文章

  1. OpenSSL s_server / s_client 应用实例

    netkiller openssl tls 目录[-] 12.6. s_server / s_client 12.6.1. SSL POP3 / SMTP / IMAP 12.6.2. server ...

  2. openssl常用命令行汇总

    openssl常用命令行汇总 随机数 openssl rand -out rand.dat -base64 32 摘要 直接做摘要 openssl dgst -sha1 -out dgst.dat p ...

  3. (转)openssl 命令: openssl req 命令详解

                                      openssl req命令主要的功能有,生成证书请求文件, 查看验证证书请求文件,还有就是生成自签名证书.本文就主要记录一下open ...

  4. Openssl asn1parse命令

    一.简介 asn1parse命令是一种用来诊断ASN.1结构的工具,也能用于从ASN1.1数据中提取数据 二.语法 openssl asn1parse [-inform PEM|DER] [-in f ...

  5. Openssl pkcs7命令

    一.简介 pkcs7命令用于处理DER或者PEM格式的pkcs#7文件.   二.语法 openssl pkcs7 [-inform PEM|DER] [-outform PEM|DER] [-in ...

  6. Openssl crl2pkcs7命令

    一.简介 crl2pkcs命令用来根据CRL或证书来生成pkcs#7消息.   二.语法 openssl crl2pkcs7 [-inform PEM|DER ] [-outform PEM|DER ...

  7. Openssl verify命令

    一.简介 verify命令对证书的有效性进行验证,verify 指令会沿着证书链一直向上验证,直到一个自签名的CA 二.语法 openssl verify [-CApath directory] [- ...

  8. Openssl rsa命令

    一.简介 Rsa命令用于处理RSA密钥.格式转换和打印信息 二.语法 openssl rsa [-inform PEM|NET|DER] [-outform PEM|NET|DER] [-in fil ...

  9. Openssl pkeyutl命令

    一.简介 pkeyutl命令能够测试所支持的密钥算法的性能 二.语法 openssl rsautl [-in file] [-out file] [-sigfile file] [-inkey fil ...

随机推荐

  1. Linux 准确查找结构体定义位置

    例如:查找文件操作结构体 struct file_operations, 使用转移符 "\" $ grep struct\ file_operations\ { kernel/in ...

  2. 数据结构与算法JavaScript描述——列表

    1.列表的抽象数据类型定义   2.实现列表类: 2.1 append:给列表添加元素: 2.2 remove: 从列表中删除元素: 2.3 find方法: 2.4 length:列表中有多少个元素: ...

  3. postman 设置代理

    点击右上角 图标(亮着的为录制中) 设置端口 和存放位置 把浏览器设置代理 localhost 8080 即可 filter中可以通过正则表达式来匹配自己关心的url     2018.9 后记: 今 ...

  4. hdu 1576 A/B(拓展欧几里得)

    A/B Time Limit: 1000/1000 MS (Java/Others)    Memory Limit: 32768/32768 K (Java/Others)Total Submiss ...

  5. ROS6.16开始支持802.11ac了,扫盲下

    Wi-Fi的5G频段与802.11AC背后那些事儿本文章来自某路由论坛,作者为张导,本人转载,原地址http://bbs.hiwifi.com/thread-9086-1-1.html 曾几何时,大家 ...

  6. linux 下java环境的配置

    注意:这里选择下载jdk并自行安装,而不是通过源直接安装(apt-get install) 1.下载jkd( http://www.oracle.com/technetwork/java/javase ...

  7. sqlserver并发处理,锁和事务

      本文系转载,谢谢:http://www.cnblogs.com/cxd4321/archive/2008/12/10/1351792.html     另外这个也不错 http://www.cnb ...

  8. SQL DATE_SUB 函数用法

    SQL DATE_SUB 是一个mySql函数.不象SQL DATE_ADD 函数 增加时间值,SQL DATE_SUB 将从一个日期/时间值中减去一个时间值(时间间隔). SQL DATE_SUB ...

  9. 版本控制git之一 - 仓库管理

    git 再开始这个话题之前,让我想起了一件很痛苦的事情,在我大学写毕业论文的时候,我当时的文件是这样保存的 毕业论文_初稿.doc 毕业论文_修改1.doc 毕业论文_修改2.doc 毕业论文_修改3 ...

  10. vue组件之echarts报表

    vue组件之echarts报表 将echarts报表封装成组件,动态传入数据,显示图表. 1.饼状图 父组件: <MPie :datas="piedata"></ ...