diff options
Diffstat (limited to 'doc/apps/s_server.pod')
-rw-r--r-- | doc/apps/s_server.pod | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 7c1a9581d..3e503e17e 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -12,6 +12,8 @@ B<openssl> B<s_server> [B<-context id>] [B<-verify depth>] [B<-Verify depth>] +[B<-crl_check>] +[B<-crl_check_all>] [B<-cert filename>] [B<-certform DER|PEM>] [B<-key keyfile>] @@ -48,6 +50,8 @@ B<openssl> B<s_server> [B<-WWW>] [B<-HTTP>] [B<-engine id>] +[B<-tlsextdebug>] +[B<-no_ticket>] [B<-id_prefix arg>] [B<-rand file(s)>] @@ -140,6 +144,12 @@ the client. With the B<-verify> option a certificate is requested but the client does not have to send one, with the B<-Verify> option the client must supply a certificate or an error occurs. +=item B<-crl_check>, B<-crl_check_all> + +Check the peer certificate has not been revoked by its CA. +The CRL(s) are appended to the certificate file. With the B<-crl_check_all> +option all CRLs of all CAs in the chain are checked. + =item B<-CApath directory> The directory to use for client certificate verification. This directory @@ -181,6 +191,16 @@ this option translated a line feed from the terminal into CR+LF. inhibit printing of session and certificate information. +=item B<-psk_hint hint> + +Use the PSK identity hint B<hint> when using a PSK cipher suite. + +=item B<-psk key> + +Use the PSK key B<key> when using a PSK cipher suite. The key is +given as a hexadecimal number without leading 0x, for example -psk +1a2b3c4d. + =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> these options disable the use of certain SSL or TLS protocols. By default @@ -205,6 +225,14 @@ also included in the server list is used. Because the client specifies the preference order, the order of the server cipherlist irrelevant. See the B<ciphers> command for more information. +=item B<-tlsextdebug> + +print out a hex dump of any TLS extensions received from the server. + +=item B<-no_ticket> + +disable RFC4507bis session ticket support. + =item B<-www> sends a status message back to the client when it connects. This includes @@ -228,7 +256,7 @@ are part of the HTTP response line and headers must end with CRLF). =item B<-engine id> -specifying an engine (by it's unique B<id> string) will cause B<s_server> +specifying an engine (by its unique B<id> string) will cause B<s_server> to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. |