diff options
Diffstat (limited to 'crypto/openssl/doc/apps/s_server.pod')
-rw-r--r-- | crypto/openssl/doc/apps/s_server.pod | 48 |
1 files changed, 47 insertions, 1 deletions
diff --git a/crypto/openssl/doc/apps/s_server.pod b/crypto/openssl/doc/apps/s_server.pod index 3e503e17e107..2105b603b7ba 100644 --- a/crypto/openssl/doc/apps/s_server.pod +++ b/crypto/openssl/doc/apps/s_server.pod @@ -35,6 +35,7 @@ B<openssl> B<s_server> [B<-CAfile filename>] [B<-nocert>] [B<-cipher cipherlist>] +[B<-serverpref>] [B<-quiet>] [B<-no_tmp_rsa>] [B<-ssl2>] @@ -44,6 +45,7 @@ B<openssl> B<s_server> [B<-no_ssl3>] [B<-no_tls1>] [B<-no_dhe>] +[B<-no_ecdhe>] [B<-bugs>] [B<-hack>] [B<-www>] @@ -54,6 +56,11 @@ B<openssl> B<s_server> [B<-no_ticket>] [B<-id_prefix arg>] [B<-rand file(s)>] +[B<-status>] +[B<-status_verbose>] +[B<-status_timeout nsec>] +[B<-status_url url>] +[B<-nextprotoneg protocols>] =head1 DESCRIPTION @@ -111,7 +118,7 @@ by using an appropriate certificate. =item B<-dcertform format>, B<-dkeyform format>, B<-dpass arg> -addtional certificate and private key format and passphrase respectively. +additional certificate and private key format and passphrase respectively. =item B<-nocert> @@ -131,6 +138,11 @@ a static set of parameters hard coded into the s_server program will be used. if this option is set then no DH parameters will be loaded effectively disabling the ephemeral DH cipher suites. +=item B<-no_ecdhe> + +if this option is set then no ECDH parameters will be loaded effectively +disabling the ephemeral ECDH cipher suites. + =item B<-no_tmp_rsa> certain export cipher suites sometimes use a temporary RSA key, this option @@ -144,6 +156,9 @@ the client. With the B<-verify> option a certificate is requested but the client does not have to send one, with the B<-Verify> option the client must supply a certificate or an error occurs. +If the ciphersuite cannot request a client certificate (for example an +anonymous ciphersuite or PSK) this option has no effect. + =item B<-crl_check>, B<-crl_check_all> Check the peer certificate has not been revoked by its CA. @@ -225,6 +240,10 @@ also included in the server list is used. Because the client specifies the preference order, the order of the server cipherlist irrelevant. See the B<ciphers> command for more information. +=item B<-serverpref> + +use the server's cipher preferences, rather than the client's preferences. + =item B<-tlsextdebug> print out a hex dump of any TLS extensions received from the server. @@ -276,6 +295,33 @@ Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item B<-status> + +enables certificate status request support (aka OCSP stapling). + +=item B<-status_verbose> + +enables certificate status request support (aka OCSP stapling) and gives +a verbose printout of the OCSP response. + +=item B<-status_timeout nsec> + +sets the timeout for OCSP response to B<nsec> seconds. + +=item B<-status_url url> + +sets a fallback responder URL to use if no responder URL is present in the +server certificate. Without this option an error is returned if the server +certificate does not contain a responder address. + +=item B<-nextprotoneg protocols> + +enable Next Protocol Negotiation TLS extension and provide a +comma-separated list of supported protocol names. +The list should contain most wanted protocols first. +Protocol names are printable ASCII strings, for example "http/1.1" or +"spdy/3". + =back =head1 CONNECTED COMMANDS |