1 | |
---|
2 | =pod |
---|
3 | |
---|
4 | =head1 NAME |
---|
5 | |
---|
6 | s_server - SSL/TLS server program |
---|
7 | |
---|
8 | =head1 SYNOPSIS |
---|
9 | |
---|
10 | B<openssl> B<s_server> |
---|
11 | [B<-accept port>] |
---|
12 | [B<-context id>] |
---|
13 | [B<-verify depth>] |
---|
14 | [B<-Verify depth>] |
---|
15 | [B<-cert filename>] |
---|
16 | [B<-key keyfile>] |
---|
17 | [B<-dcert filename>] |
---|
18 | [B<-dkey keyfile>] |
---|
19 | [B<-dhparam filename>] |
---|
20 | [B<-nbio>] |
---|
21 | [B<-nbio_test>] |
---|
22 | [B<-crlf>] |
---|
23 | [B<-debug>] |
---|
24 | [B<-msg>] |
---|
25 | [B<-state>] |
---|
26 | [B<-CApath directory>] |
---|
27 | [B<-CAfile filename>] |
---|
28 | [B<-nocert>] |
---|
29 | [B<-cipher cipherlist>] |
---|
30 | [B<-quiet>] |
---|
31 | [B<-no_tmp_rsa>] |
---|
32 | [B<-ssl2>] |
---|
33 | [B<-ssl3>] |
---|
34 | [B<-tls1>] |
---|
35 | [B<-no_ssl2>] |
---|
36 | [B<-no_ssl3>] |
---|
37 | [B<-no_tls1>] |
---|
38 | [B<-no_dhe>] |
---|
39 | [B<-bugs>] |
---|
40 | [B<-hack>] |
---|
41 | [B<-www>] |
---|
42 | [B<-WWW>] |
---|
43 | [B<-HTTP>] |
---|
44 | [B<-engine id>] |
---|
45 | [B<-rand file(s)>] |
---|
46 | |
---|
47 | =head1 DESCRIPTION |
---|
48 | |
---|
49 | The B<s_server> command implements a generic SSL/TLS server which listens |
---|
50 | for connections on a given port using SSL/TLS. |
---|
51 | |
---|
52 | =head1 OPTIONS |
---|
53 | |
---|
54 | =over 4 |
---|
55 | |
---|
56 | =item B<-accept port> |
---|
57 | |
---|
58 | the TCP port to listen on for connections. If not specified 4433 is used. |
---|
59 | |
---|
60 | =item B<-context id> |
---|
61 | |
---|
62 | sets the SSL context id. It can be given any string value. If this option |
---|
63 | is not present a default value will be used. |
---|
64 | |
---|
65 | =item B<-cert certname> |
---|
66 | |
---|
67 | The certificate to use, most servers cipher suites require the use of a |
---|
68 | certificate and some require a certificate with a certain public key type: |
---|
69 | for example the DSS cipher suites require a certificate containing a DSS |
---|
70 | (DSA) key. If not specified then the filename "server.pem" will be used. |
---|
71 | |
---|
72 | =item B<-key keyfile> |
---|
73 | |
---|
74 | The private key to use. If not specified then the certificate file will |
---|
75 | be used. |
---|
76 | |
---|
77 | =item B<-dcert filename>, B<-dkey keyname> |
---|
78 | |
---|
79 | specify an additional certificate and private key, these behave in the |
---|
80 | same manner as the B<-cert> and B<-key> options except there is no default |
---|
81 | if they are not specified (no additional certificate and key is used). As |
---|
82 | noted above some cipher suites require a certificate containing a key of |
---|
83 | a certain type. Some cipher suites need a certificate carrying an RSA key |
---|
84 | and some a DSS (DSA) key. By using RSA and DSS certificates and keys |
---|
85 | a server can support clients which only support RSA or DSS cipher suites |
---|
86 | by using an appropriate certificate. |
---|
87 | |
---|
88 | =item B<-nocert> |
---|
89 | |
---|
90 | if this option is set then no certificate is used. This restricts the |
---|
91 | cipher suites available to the anonymous ones (currently just anonymous |
---|
92 | DH). |
---|
93 | |
---|
94 | =item B<-dhparam filename> |
---|
95 | |
---|
96 | the DH parameter file to use. The ephemeral DH cipher suites generate keys |
---|
97 | using a set of DH parameters. If not specified then an attempt is made to |
---|
98 | load the parameters from the server certificate file. If this fails then |
---|
99 | a static set of parameters hard coded into the s_server program will be used. |
---|
100 | |
---|
101 | =item B<-no_dhe> |
---|
102 | |
---|
103 | if this option is set then no DH parameters will be loaded effectively |
---|
104 | disabling the ephemeral DH cipher suites. |
---|
105 | |
---|
106 | =item B<-no_tmp_rsa> |
---|
107 | |
---|
108 | certain export cipher suites sometimes use a temporary RSA key, this option |
---|
109 | disables temporary RSA key generation. |
---|
110 | |
---|
111 | =item B<-verify depth>, B<-Verify depth> |
---|
112 | |
---|
113 | The verify depth to use. This specifies the maximum length of the |
---|
114 | client certificate chain and makes the server request a certificate from |
---|
115 | the client. With the B<-verify> option a certificate is requested but the |
---|
116 | client does not have to send one, with the B<-Verify> option the client |
---|
117 | must supply a certificate or an error occurs. |
---|
118 | |
---|
119 | =item B<-CApath directory> |
---|
120 | |
---|
121 | The directory to use for client certificate verification. This directory |
---|
122 | must be in "hash format", see B<verify> for more information. These are |
---|
123 | also used when building the server certificate chain. |
---|
124 | |
---|
125 | =item B<-CAfile file> |
---|
126 | |
---|
127 | A file containing trusted certificates to use during client authentication |
---|
128 | and to use when attempting to build the server certificate chain. The list |
---|
129 | is also used in the list of acceptable client CAs passed to the client when |
---|
130 | a certificate is requested. |
---|
131 | |
---|
132 | =item B<-state> |
---|
133 | |
---|
134 | prints out the SSL session states. |
---|
135 | |
---|
136 | =item B<-debug> |
---|
137 | |
---|
138 | print extensive debugging information including a hex dump of all traffic. |
---|
139 | |
---|
140 | =item B<-msg> |
---|
141 | |
---|
142 | show all protocol messages with hex dump. |
---|
143 | |
---|
144 | =item B<-nbio_test> |
---|
145 | |
---|
146 | tests non blocking I/O |
---|
147 | |
---|
148 | =item B<-nbio> |
---|
149 | |
---|
150 | turns on non blocking I/O |
---|
151 | |
---|
152 | =item B<-crlf> |
---|
153 | |
---|
154 | this option translated a line feed from the terminal into CR+LF. |
---|
155 | |
---|
156 | =item B<-quiet> |
---|
157 | |
---|
158 | inhibit printing of session and certificate information. |
---|
159 | |
---|
160 | =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> |
---|
161 | |
---|
162 | these options disable the use of certain SSL or TLS protocols. By default |
---|
163 | the initial handshake uses a method which should be compatible with all |
---|
164 | servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. |
---|
165 | |
---|
166 | =item B<-bugs> |
---|
167 | |
---|
168 | there are several known bug in SSL and TLS implementations. Adding this |
---|
169 | option enables various workarounds. |
---|
170 | |
---|
171 | =item B<-hack> |
---|
172 | |
---|
173 | this option enables a further workaround for some some early Netscape |
---|
174 | SSL code (?). |
---|
175 | |
---|
176 | =item B<-cipher cipherlist> |
---|
177 | |
---|
178 | this allows the cipher list used by the server to be modified. When |
---|
179 | the client sends a list of supported ciphers the first client cipher |
---|
180 | also included in the server list is used. Because the client specifies |
---|
181 | the preference order, the order of the server cipherlist irrelevant. See |
---|
182 | the B<ciphers> command for more information. |
---|
183 | |
---|
184 | =item B<-www> |
---|
185 | |
---|
186 | sends a status message back to the client when it connects. This includes |
---|
187 | lots of information about the ciphers used and various session parameters. |
---|
188 | The output is in HTML format so this option will normally be used with a |
---|
189 | web browser. |
---|
190 | |
---|
191 | =item B<-WWW> |
---|
192 | |
---|
193 | emulates a simple web server. Pages will be resolved relative to the |
---|
194 | current directory, for example if the URL https://myhost/page.html is |
---|
195 | requested the file ./page.html will be loaded. |
---|
196 | |
---|
197 | =item B<-HTTP> |
---|
198 | |
---|
199 | emulates a simple web server. Pages will be resolved relative to the |
---|
200 | current directory, for example if the URL https://myhost/page.html is |
---|
201 | requested the file ./page.html will be loaded. The files loaded are |
---|
202 | assumed to contain a complete and correct HTTP response (lines that |
---|
203 | are part of the HTTP response line and headers must end with CRLF). |
---|
204 | |
---|
205 | =item B<-engine id> |
---|
206 | |
---|
207 | specifying an engine (by it's unique B<id> string) will cause B<s_server> |
---|
208 | to attempt to obtain a functional reference to the specified engine, |
---|
209 | thus initialising it if needed. The engine will then be set as the default |
---|
210 | for all available algorithms. |
---|
211 | |
---|
212 | =item B<-rand file(s)> |
---|
213 | |
---|
214 | a file or files containing random data used to seed the random number |
---|
215 | generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). |
---|
216 | Multiple files can be specified separated by a OS-dependent character. |
---|
217 | The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for |
---|
218 | all others. |
---|
219 | |
---|
220 | =back |
---|
221 | |
---|
222 | =head1 CONNECTED COMMANDS |
---|
223 | |
---|
224 | If a connection request is established with an SSL client and neither the |
---|
225 | B<-www> nor the B<-WWW> option has been used then normally any data received |
---|
226 | from the client is displayed and any key presses will be sent to the client. |
---|
227 | |
---|
228 | Certain single letter commands are also recognized which perform special |
---|
229 | operations: these are listed below. |
---|
230 | |
---|
231 | =over 4 |
---|
232 | |
---|
233 | =item B<q> |
---|
234 | |
---|
235 | end the current SSL connection but still accept new connections. |
---|
236 | |
---|
237 | =item B<Q> |
---|
238 | |
---|
239 | end the current SSL connection and exit. |
---|
240 | |
---|
241 | =item B<r> |
---|
242 | |
---|
243 | renegotiate the SSL session. |
---|
244 | |
---|
245 | =item B<R> |
---|
246 | |
---|
247 | renegotiate the SSL session and request a client certificate. |
---|
248 | |
---|
249 | =item B<P> |
---|
250 | |
---|
251 | send some plain text down the underlying TCP connection: this should |
---|
252 | cause the client to disconnect due to a protocol violation. |
---|
253 | |
---|
254 | =item B<S> |
---|
255 | |
---|
256 | print out some session cache status information. |
---|
257 | |
---|
258 | =back |
---|
259 | |
---|
260 | =head1 NOTES |
---|
261 | |
---|
262 | B<s_server> can be used to debug SSL clients. To accept connections from |
---|
263 | a web browser the command: |
---|
264 | |
---|
265 | openssl s_server -accept 443 -www |
---|
266 | |
---|
267 | can be used for example. |
---|
268 | |
---|
269 | Most web browsers (in particular Netscape and MSIE) only support RSA cipher |
---|
270 | suites, so they cannot connect to servers which don't use a certificate |
---|
271 | carrying an RSA key or a version of OpenSSL with RSA disabled. |
---|
272 | |
---|
273 | Although specifying an empty list of CAs when requesting a client certificate |
---|
274 | is strictly speaking a protocol violation, some SSL clients interpret this to |
---|
275 | mean any CA is acceptable. This is useful for debugging purposes. |
---|
276 | |
---|
277 | The session parameters can printed out using the B<sess_id> program. |
---|
278 | |
---|
279 | =head1 BUGS |
---|
280 | |
---|
281 | Because this program has a lot of options and also because some of |
---|
282 | the techniques used are rather old, the C source of s_server is rather |
---|
283 | hard to read and not a model of how things should be done. A typical |
---|
284 | SSL server program would be much simpler. |
---|
285 | |
---|
286 | The output of common ciphers is wrong: it just gives the list of ciphers that |
---|
287 | OpenSSL recognizes and the client supports. |
---|
288 | |
---|
289 | There should be a way for the B<s_server> program to print out details of any |
---|
290 | unknown cipher suites a client says it supports. |
---|
291 | |
---|
292 | =head1 SEE ALSO |
---|
293 | |
---|
294 | L<sess_id(1)|sess_id(1)>, L<s_client(1)|s_client(1)>, L<ciphers(1)|ciphers(1)> |
---|
295 | |
---|
296 | =cut |
---|