一、简介

s_server是openssl提供的一个SSL服务程序。使用此程序前,需要生成各种证书。本命令可以用来测试ssl客户端,比如各种浏览器的https协议支持

二、语法

openssl s_server [-accept port] [-context id] [-verify depth] [-Verify depth] [-crl_check] [-crl_check_all] [-cert filename] [-certform DER|PEM] [-key filename] [-keyform DER|PEM] [-pass arg] [-dcert filename] [-dcertform DER|PEM ] [-dkey keyfile] [-dkeyform DER|PEM ] [-dpass arg] [-dhparam filename] [-name_curve arg][-nbio] [-nbio_test] [-crlf] [-debug] [-msg] [-state] [-CApath directory] [-CAfile filename] [-nocert] [-cipher cipherlist] [-quiet] [-no_tmp_rsa] [-ssl2] [-ssl3] [-tls1_1] [-tls1_2] [-tls1] [-dtls1] [-timeout] [-mtu] [-chain] [-no_ssl2][-no_ssl3] [-no_tls1] [-no_tls1_1] [-no_tls1_2] [-no_dhe] [-no_ecdhe][-bugs] [-hack] [-www] [-WWW] [-HTTP][-engine id] [-tlsextdebug] [-no_ticket] [-id_prefix arg] [-rand file(s)]

选项

 -accept arg   - port to accept on (default is )

 -context arg  - set session ID context

 -verify arg   - turn on peer certificate verification

 -Verify arg   - turn on peer certificate verification, must have a cert.

 -cert arg     - certificate file to use

                 (default is server.pem)

 -crl_check    - check the peer certificate has not been revoked by its CA.

                 The CRL(s) are appended to the certificate file

 -crl_check_all - check the peer certificate has not been revoked by its CA

                 or any other CRL in the CA chain. CRL(s) are appened to the

                 the certificate file.

 -certform arg - certificate format (PEM or DER) PEM default

 -key arg      - Private Key file to use, in cert file if

                 not specified (default is server.pem)

 -keyform arg  - key format (PEM, DER or ENGINE) PEM default

 -pass arg     - private key file pass phrase source

 -dcert arg    - second certificate file to use (usually for DSA)

 -dcertform x  - second certificate format (PEM or DER) PEM default

 -dkey arg     - second private key file to use (usually for DSA)

 -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default

 -dpass arg    - second private key file pass phrase source

 -dhparam arg  - DH parameter file to use, in cert file if not specified

                 or a default set of parameters is used

 -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.

                 Use "openssl ecparam -list_curves" for all names

                 (default is nistp256).

 -nbio         - Run with non-blocking IO

 -nbio_test    - test with the non-blocking test bio

 -crlf         - convert LF from terminal into CRLF

 -debug        - Print more output

 -msg          - Show protocol messages

 -state        - Print the SSL states

 -CApath arg   - PEM format directory of CA's

 -CAfile arg   - PEM format file of CA's

 -trusted_first - Use trusted CA's first when building the trust chain

 -nocert       - Don't use any certificates (Anon-DH)

 -cipher arg   - play with 'openssl ciphers' to see what goes here

 -serverpref   - Use server's cipher preferences

 -quiet        - No server output

 -no_tmp_rsa   - Do not generate a tmp RSA key

 -psk_hint arg - PSK identity hint to use

 -psk arg      - PSK in hex (without 0x)

 -ssl2         - Just talk SSLv2

 -ssl3         - Just talk SSLv3

 -tls1_2       - Just talk TLSv1.

 -tls1_1       - Just talk TLSv1.

 -tls1         - Just talk TLSv1

 -dtls1        - Just talk DTLSv1

 -timeout      - Enable timeouts

 -mtu          - Set link layer MTU

 -chain        - Read a certificate chain

 -no_ssl2      - Just disable SSLv2

 -no_ssl3      - Just disable SSLv3

 -no_tls1      - Just disable TLSv1

 -no_tls1_1    - Just disable TLSv1.

 -no_tls1_2    - Just disable TLSv1.

 -no_dhe       - Disable ephemeral DH

 -no_ecdhe     - Disable ephemeral ECDH

 -bugs         - Turn on SSL bug compatibility

 -www          - Respond to a 'GET /' with a status page

 -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>

 -HTTP         - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>

                 with the assumption it contains a complete HTTP response.

 -engine id    - Initialise and use the specified engine

 -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'

 -rand file:file:...

 -servername host - servername for HostName TLS extension

 -servername_fatal - on mismatch send fatal alert (default warning alert)

 -cert2 arg    - certificate file to use for servername

                 (default is server2.pem)

 -key2 arg     - Private Key file to use for servername, in cert file if

                 not specified (default is server2.pem)

 -tlsextdebug  - hex dump of all TLS extensions received

 -no_ticket    - disable use of RFC4507bis session tickets

 -legacy_renegotiation - enable use of legacy renegotiation (dangerous)

 -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)

 -use_srtp profiles - Offer SRTP key management with a colon-separated profile list

 -keymatexport label   - Export keying material using label

 -keymatexportlen len  - Export len bytes of keying material (default )

三、实例

1、启动s_server服务(站点证书及私钥,证书链,协议版本,算法组合)

openssl s_server -accept 2009 -key serverprikey.pem -cert server.pem -ssl3 -cipher EXP-KRB5-RC4-MD5 -chain -debug -msg

Openssl s_server命令的更多相关文章

  1. OpenSSL s_server / s_client 应用实例

    netkiller openssl tls 目录[-] 12.6. s_server / s_client 12.6.1. SSL POP3 / SMTP / IMAP 12.6.2. server ...

  2. openssl常用命令行汇总

    openssl常用命令行汇总 随机数 openssl rand -out rand.dat -base64 32 摘要 直接做摘要 openssl dgst -sha1 -out dgst.dat p ...

  3. (转)openssl 命令: openssl req 命令详解

                                      openssl req命令主要的功能有,生成证书请求文件, 查看验证证书请求文件,还有就是生成自签名证书.本文就主要记录一下open ...

  4. Openssl asn1parse命令

    一.简介 asn1parse命令是一种用来诊断ASN.1结构的工具,也能用于从ASN1.1数据中提取数据 二.语法 openssl asn1parse [-inform PEM|DER] [-in f ...

  5. Openssl pkcs7命令

    一.简介 pkcs7命令用于处理DER或者PEM格式的pkcs#7文件.   二.语法 openssl pkcs7 [-inform PEM|DER] [-outform PEM|DER] [-in ...

  6. Openssl crl2pkcs7命令

    一.简介 crl2pkcs命令用来根据CRL或证书来生成pkcs#7消息.   二.语法 openssl crl2pkcs7 [-inform PEM|DER ] [-outform PEM|DER ...

  7. Openssl verify命令

    一.简介 verify命令对证书的有效性进行验证,verify 指令会沿着证书链一直向上验证,直到一个自签名的CA 二.语法 openssl verify [-CApath directory] [- ...

  8. Openssl rsa命令

    一.简介 Rsa命令用于处理RSA密钥.格式转换和打印信息 二.语法 openssl rsa [-inform PEM|NET|DER] [-outform PEM|NET|DER] [-in fil ...

  9. Openssl pkeyutl命令

    一.简介 pkeyutl命令能够测试所支持的密钥算法的性能 二.语法 openssl rsautl [-in file] [-out file] [-sigfile file] [-inkey fil ...

随机推荐

  1. for, while的用法

    for循环求1+2+3+4+....+100 # include <stdio.h> int main(void) { int i; //循环中更新的变量i不能定义成浮点型 ; ; i&l ...

  2. 【备忘】windows环境下20行php代码搞定音频裁剪

    先上图,由于最近的需求需要对语音文件进行处理,所以抽空研究了下php处理音/视频文件的处理,简单的demo处理,截取一个音频文件的前20秒,并保存新的媒体文件. 操作步骤: ①在此站点下载所需的辅助程 ...

  3. Python中dir()与help()的使用

    python内置了很多内置函数.类方法属性及各种模块.当我们想要当我们想要了解某种类型有哪些属性方法以及每种方法该怎么使用时,我们可以使用dir()函数和help()函数在python ide交互式模 ...

  4. AT 指令和常见错误码

    一. 一般命令 1. AT+CGMI 给出模块厂商的标识. 2. AT+CGMM 获得模块标识.这个命令用来得到支持的频带(GSM 900,DCS 1800 或PCS 1900).当模块有多频带时,回 ...

  5. Erlang generic standard behaviours -- gen_server hibernate

    hibernate 主要用于在内存空闲时,通过整理进程的stack,回收进程的heap 来达到回收内存节省资源的效果. hibernate 可用于OTP 进程以及普通进程, hibernate 的官方 ...

  6. shell中date命令对month进行加减操作的bug

    shell脚本中如何取上个月的月份呢?很容易能想到下面的命令: date +%Y%m -d '-1 month' 或者 date +%Y%m -d 'last month'   在大部分情况下这个命令 ...

  7. web页面取用户控件页面中服务器控件的值

    用户控件页面后台: public string P_Name { get { return txt_P_name.Value; } set { txt_P_name.Value = value; } ...

  8. Tkinter学习

    from tkinter import * window = Tk() # 创建一个窗口 window.mainloop() # 消息循环,显示窗口 window.title("窗口标题&q ...

  9. 使用wifi网卡笔记3---工具wpa_supplicant(STA模式)

    1.  wpa_supplicant介绍 supplicant是恳求者的意思,是wpa的发起者,是发送认证请求的设备(手机),手机--AP--认证服务器,可用于上述4种"认证/加密" ...

  10. Oracle ASM操作管理

    查看ASM磁盘情况 SQL> select group_number,disk_number,mount_status,header_status,mode_status,state,failg ...