Openssl s_server命令
一、简介
s_server是openssl提供的一个SSL服务程序。使用此程序前,需要生成各种证书。本命令可以用来测试ssl客户端,比如各种浏览器的https协议支持
二、语法
openssl s_server [-accept port] [-context id] [-verify depth] [-Verify depth] [-crl_check] [-crl_check_all] [-cert filename] [-certform DER|PEM] [-key filename] [-keyform DER|PEM] [-pass arg] [-dcert filename] [-dcertform DER|PEM ] [-dkey keyfile] [-dkeyform DER|PEM ] [-dpass arg] [-dhparam filename] [-name_curve arg][-nbio] [-nbio_test] [-crlf] [-debug] [-msg] [-state] [-CApath directory] [-CAfile filename] [-nocert] [-cipher cipherlist] [-quiet] [-no_tmp_rsa] [-ssl2] [-ssl3] [-tls1_1] [-tls1_2] [-tls1] [-dtls1] [-timeout] [-mtu] [-chain] [-no_ssl2][-no_ssl3] [-no_tls1] [-no_tls1_1] [-no_tls1_2] [-no_dhe] [-no_ecdhe][-bugs] [-hack] [-www] [-WWW] [-HTTP][-engine id] [-tlsextdebug] [-no_ticket] [-id_prefix arg] [-rand file(s)]
选项
-accept arg - port to accept on (default is 4433)-context arg - set session ID context-verify arg - turn on peer certificate verification-Verify arg - turn on peer certificate verification, must have a cert.-cert arg - certificate file to use(default is server.pem)-crl_check - check the peer certificate has not been revoked by its CA.The CRL(s) are appended to the certificate file-crl_check_all - check the peer certificate has not been revoked by its CAor any other CRL in the CA chain. CRL(s) are appened to thethe certificate file.-certform arg - certificate format (PEM or DER) PEM default-key arg - Private Key file to use, in cert file ifnot specified (default is server.pem)-keyform arg - key format (PEM, DER or ENGINE) PEM default-pass arg - private key file pass phrase source-dcert arg - second certificate file to use (usually for DSA)-dcertform x - second certificate format (PEM or DER) PEM default-dkey arg - second private key file to use (usually for DSA)-dkeyform arg - second key format (PEM, DER or ENGINE) PEM default-dpass arg - second private key file pass phrase source-dhparam arg - DH parameter file to use, in cert file if not specifiedor a default set of parameters is used-named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.Use "openssl ecparam -list_curves" for all names(default is nistp256).-nbio - Run with non-blocking IO-nbio_test - test with the non-blocking test bio-crlf - convert LF from terminal into CRLF-debug - Print more output-msg - Show protocol messages-state - Print the SSL states-CApath arg - PEM format directory of CA's-CAfile arg - PEM format file of CA's-trusted_first - Use trusted CA's first when building the trust chain-nocert - Don't use any certificates (Anon-DH)-cipher arg - play with 'openssl ciphers' to see what goes here-serverpref - Use server's cipher preferences-quiet - No server output-no_tmp_rsa - Do not generate a tmp RSA key-psk_hint arg - PSK identity hint to use-psk arg - PSK in hex (without 0x)-ssl2 - Just talk SSLv2-ssl3 - Just talk SSLv3-tls1_2 - Just talk TLSv1.2-tls1_1 - Just talk TLSv1.1-tls1 - Just talk TLSv1-dtls1 - Just talk DTLSv1-timeout - Enable timeouts-mtu - Set link layer MTU-chain - Read a certificate chain-no_ssl2 - Just disable SSLv2-no_ssl3 - Just disable SSLv3-no_tls1 - Just disable TLSv1-no_tls1_1 - Just disable TLSv1.1-no_tls1_2 - Just disable TLSv1.2-no_dhe - Disable ephemeral DH-no_ecdhe - Disable ephemeral ECDH-bugs - Turn on SSL bug compatibility-www - Respond to a 'GET /' with a status page-WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>-HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>with the assumption it contains a complete HTTP response.-engine id - Initialise and use the specified engine-id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'-rand file:file:...-servername host - servername for HostName TLS extension-servername_fatal - on mismatch send fatal alert (default warning alert)-cert2 arg - certificate file to use for servername(default is server2.pem)-key2 arg - Private Key file to use for servername, in cert file ifnot specified (default is server2.pem)-tlsextdebug - hex dump of all TLS extensions received-no_ticket - disable use of RFC4507bis session tickets-legacy_renegotiation - enable use of legacy renegotiation (dangerous)-nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)-use_srtp profiles - Offer SRTP key management with a colon-separated profile list-keymatexport label - Export keying material using label-keymatexportlen len - Export len bytes of keying material (default 20)
三、实例
1、启动s_server服务(站点证书及私钥,证书链,协议版本,算法组合)
openssl s_server -accept 2009 -key serverprikey.pem -cert server.pem -ssl3 -cipher EXP-KRB5-RC4-MD5 -chain -debug -msg
参考:http://blog.csdn.net/as3luyuan123/article/details/16850727 http://www.tuicool.com/articles/6ny6Fv
Openssl s_server命令相关推荐
- openssl s_server s_client 相关命令参数
openssl s_server & s_client 和相关命令参数 示例: 更新动态链接库名字列表 sudo ldconfigopenssl s_server -accept 443 -k ...
- openssl s_server
用途: s_server是oepnssl提供的一个SSL服务程序.使用此程序前,需要生成各种证书. 语法: openssl s_server [-accept port] [-context id] ...
- OpenSSL常用命令快速上手
OpenSSL常用命令快速上手 RSA篇 我们的操作流程为: 生成RSA密钥key.pem(也称私钥,密钥对). 从key.pem中导出公钥pubkey.pem. 使用公钥pubkey.pem对文件t ...
- linux查看openssh和openssl版本命令
查看openssh版本命令 ssh -V查看openssl版本命令 openssl version
- signature=1e627a907c86a2ecea855afa2fce9a87,熟练掌握 openssl 证书命令说明
熟练掌握 openssl 证书命令说明 发布时间:2020-05-10 09:03:43 来源:51CTO 阅读:257 作者:17gongdeng 熟练掌握 openssl 证书命令说明 2.在我电 ...
- php OpenSSL工具命令导出.cer证书密钥
本文主要讲述Windows系统下使用 OpenSSL工具导出.cer证书密钥 1.安装OpenSSL 官方地址:https://www.openssl.org/source/ 2.安装完成,打开 cm ...
- 【ssl认证、证书】openssl genrsa 命令详解
文章目录 一.openssl genrsa 命令介绍 二.openssl genrsa 命令的语法及选项 三.实例 1.生成512位的 RSA 秘钥,输出到屏幕. 2.生成512位 RSA 私钥,输出 ...
- openssl 使用命令
在linux系统中,直接运行openssl命令 1.查看openssl版本 $ openssl version OpenSSL 1.0.1e-fips 11 Feb 2013 2.查看openss ...
- Openssl rand命令
一.简介 rand命令用来产生伪随机字节,随机数字产生器需要一个seed,在没有/dev/srandom系统下的解决方法是自己做一个~/.rnd文件 二.语法 openssl rand [-out f ...
最新文章
- javascript中变量
- Bootstrap全局css样式_按钮
- 用户id生成规则_阿里/网易/美团/58用户画像中的ID体系建设
- Vue 项目上线优化
- 面经——Linux相关
- 考试用计算机反思800字,考试反思作文800字
- linux环境下redis5.0的安装配置
- 交叉渡线道岔规格_交叉渡线道岔选择基本原则
- 如何写标题摘要关键字
- 视觉SLAM笔记(6) 坐标系
- numpy-np.concatenate
- java从0单排之java就业培训教程复习与面试题回顾——02
- python pandas中文手册-Pandas速查手册中文版(转)
- codeblock图形界面编程(二)
- 电压跟随器的一点理解
- java怎么写脚本_一名资深牛人写的Java脚本编程指南
- 小程序确定取消弹窗_小程序弹窗取消和确定 微信小程序怎么做
- word2016中的毕设论文——页眉页脚相关设置及页眉横线的删除
- linux文件权限说明(drwxr-xr-x)
- linux 安装pkg文件,pkgfile (简体中文)
热门文章
- 亲密关系沟通-【归属感】提升归属感的沟通方法
- fiddler抓包第一课--手机数据抓包
- linux正则表达式脚本实例,Shell下的正则表达式及实例
- 计算机技术应用论文参考,计算机技术应用参考论文(2)
- 编辑器单引号如何不被转码_微信公众号文章内如何插入视频?
- PAT甲级1054 map的使用
- pyspider all 只启动了_Python 爬虫:Pyspider 安装与测试
- mysql regexp边界_MySQL中REGEXP正则表达式使用大全
- Java 压缩解压缩 第三方组件,推荐一个强大的Java开发工具类库!
- DE14 Interpretation of the Exceptional Case: Resonance