Openssl s_server命令
2015-07-24 20:36
513 查看
一、简介
s_server是openssl提供的一个SSL服务程序。使用此程序前,需要生成各种证书。本命令可以用来测试ssl客户端,比如各种浏览器的https协议支持
二、语法
选项
三、实例
1、启动s_server服务(站点证书及私钥,证书链,协议版本,算法组合)
![](http://images0.cnblogs.com/blog/593399/201507/250005504751986.png)
s_server是openssl提供的一个SSL服务程序。使用此程序前,需要生成各种证书。本命令可以用来测试ssl客户端,比如各种浏览器的https协议支持
二、语法
openssl s_server [-accept port] [-context id] [-verify depth] [-Verify depth] [-crl_check] [-crl_check_all] [-cert filename] [-certform DER|PEM] [-key filename] [-keyform DER|PEM] [-pass arg] [-dcert filename] [-dcertform DER|PEM ] [-dkey keyfile] [-dkeyform DER|PEM ] [-dpass arg] [-dhparam filename] [-name_curve arg][-nbio] [-nbio_test] [-crlf] [-debug] [-msg] [-state] [-CApath directory] [-CAfile filename] [-nocert] [-cipher cipherlist] [-quiet] [-no_tmp_rsa] [-ssl2] [-ssl3] [-tls1_1] [-tls1_2] [-tls1] [-dtls1] [-timeout] [-mtu] [-chain] [-no_ssl2][-no_ssl3] [-no_tls1] [-no_tls1_1] [-no_tls1_2] [-no_dhe] [-no_ecdhe][-bugs] [-hack] [-www] [-WWW] [-HTTP][-engine id] [-tlsextdebug] [-no_ticket] [-id_prefix arg] [-rand file(s)]
选项
-accept arg - port to accept on (default is 4433) -context arg - set session ID context -verify arg - turn on peer certificate verification -Verify arg - turn on peer certificate verification, must have a cert. -cert arg - certificate file to use (default is server.pem) -crl_check - check the peer certificate has not been revoked by its CA. The CRL(s) are appended to the certificate file -crl_check_all - check the peer certificate has not been revoked by its CA or any other CRL in the CA chain. CRL(s) are appened to the the certificate file. -certform arg - certificate format (PEM or DER) PEM default -key arg - Private Key file to use, in cert file if not specified (default is server.pem) -keyform arg - key format (PEM, DER or ENGINE) PEM default -pass arg - private key file pass phrase source -dcert arg - second certificate file to use (usually for DSA) -dcertform x - second certificate format (PEM or DER) PEM default -dkey arg - second private key file to use (usually for DSA) -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default -dpass arg - second private key file pass phrase source -dhparam arg - DH parameter file to use, in cert file if not specified or a default set of parameters is used -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys. Use "openssl ecparam -list_curves" for all names (default is nistp256). -nbio - Run with non-blocking IO -nbio_test - test with the non-blocking test bio -crlf - convert LF from terminal into CRLF -debug - Print more output -msg - Show protocol messages -state - Print the SSL states -CApath arg - PEM format directory of CA's -CAfile arg - PEM format file of CA's -trusted_first - Use trusted CA's first when building the trust chain -nocert - Don't use any certificates (Anon-DH) -cipher arg - play with 'openssl ciphers' to see what goes here -serverpref - Use server's cipher preferences -quiet - No server output -no_tmp_rsa - Do not generate a tmp RSA key -psk_hint arg - PSK identity hint to use -psk arg - PSK in hex (without 0x) -ssl2 - Just talk SSLv2 -ssl3 - Just talk SSLv3 -tls1_2 - Just talk TLSv1.2 -tls1_1 - Just talk TLSv1.1 -tls1 - Just talk TLSv1 -dtls1 - Just talk DTLSv1 -timeout - Enable timeouts -mtu - Set link layer MTU -chain - Read a certificate chain -no_ssl2 - Just disable SSLv2 -no_ssl3 - Just disable SSLv3 -no_tls1 - Just disable TLSv1 -no_tls1_1 - Just disable TLSv1.1 -no_tls1_2 - Just disable TLSv1.2 -no_dhe - Disable ephemeral DH -no_ecdhe - Disable ephemeral ECDH -bugs - Turn on SSL bug compatibility -www - Respond to a 'GET /' with a status page -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path> -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path> with the assumption it contains a complete HTTP response. -engine id - Initialise and use the specified engine -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg' -rand file:file:... -servername host - servername for HostName TLS extension -servername_fatal - on mismatch send fatal alert (default warning alert) -cert2 arg - certificate file to use for servername (default is server2.pem) -key2 arg - Private Key file to use for servername, in cert file if not specified (default is server2.pem) -tlsextdebug - hex dump of all TLS extensions received -no_ticket - disable use of RFC4507bis session tickets -legacy_renegotiation - enable use of legacy renegotiation (dangerous) -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list) -use_srtp profiles - Offer SRTP key management with a colon-separated profile list -keymatexport label - Export keying material using label -keymatexportlen len - Export len bytes of keying material (default 20)
三、实例
1、启动s_server服务(站点证书及私钥,证书链,协议版本,算法组合)
openssl s_server -accept 2009 -key serverprikey.pem -cert server.pem -ssl3 -cipher EXP-KRB5-RC4-MD5 -chain -debug -msg
![](http://images0.cnblogs.com/blog/593399/201507/250005504751986.png)
参考:http://blog.csdn.net/as3luyuan123/article/details/16850727 http://www.tuicool.com/articles/6ny6Fv
相关文章推荐
- Linux Fedora 22 配置IP地址文件
- Top 10 Algorithms of 20th and 21st Century
- Linux Kernel系列 - 黄牛X内核代码凝视
- shell脚本对服务器的监控
- 七月二十二日 Linux操作系统c语言学习笔记
- hibernate 4.2.5 properties
- 如何编译得到64bit version的opencv2.2.0(opencv2.1)
- 七月二十三日 Linux操作系统c语言学习笔记
- top命令的Load average 含义及性能参考基值
- docker镜像的创建
- COMPUTER OPENCART 主题模板 ABC-0060
- COMPUTER OPENCART 主题模板 ABC-0060
- docker镜像的创建
- CentOS下php使用127.0.0.1不能连接mysql的解决方法
- linux 64位系统 mod_encoding解决中文文件名不能下载问题
- 阿里云 Centos6.5 mysql5.6 数据文件迁移
- 七月二十四日 Linux操作系统c语言学习笔记
- shell 进入日期目录tar包
- opengl在VS中配置错误原因
- linux0.11学习笔记(2)