summaryrefslogtreecommitdiffstats
path: root/secure/usr.bin/openssl/man/s_server.1
diff options
context:
space:
mode:
Diffstat (limited to 'secure/usr.bin/openssl/man/s_server.1')
-rw-r--r--secure/usr.bin/openssl/man/s_server.136
1 files changed, 35 insertions, 1 deletions
diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1
index b81481d..aad3a54 100644
--- a/secure/usr.bin/openssl/man/s_server.1
+++ b/secure/usr.bin/openssl/man/s_server.1
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "S_SERVER 1"
-.TH S_SERVER 1 "2014-06-05" "1.0.1h" "OpenSSL"
+.TH S_SERVER 1 "2014-08-06" "1.0.1i" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -161,6 +161,7 @@ s_server \- SSL/TLS server program
[\fB\-CAfile filename\fR]
[\fB\-nocert\fR]
[\fB\-cipher cipherlist\fR]
+[\fB\-serverpref\fR]
[\fB\-quiet\fR]
[\fB\-no_tmp_rsa\fR]
[\fB\-ssl2\fR]
@@ -181,6 +182,11 @@ s_server \- SSL/TLS server program
[\fB\-no_ticket\fR]
[\fB\-id_prefix arg\fR]
[\fB\-rand file(s)\fR]
+[\fB\-status\fR]
+[\fB\-status_verbose\fR]
+[\fB\-status_timeout nsec\fR]
+[\fB\-status_url url\fR]
+[\fB\-nextprotoneg protocols\fR]
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBs_server\fR command implements a generic \s-1SSL/TLS\s0 server which listens
@@ -257,6 +263,9 @@ client certificate chain and makes the server request a certificate from
the client. With the \fB\-verify\fR option a certificate is requested but the
client does not have to send one, with the \fB\-Verify\fR option the client
must supply a certificate or an error occurs.
+.Sp
+If the ciphersuite cannot request a client certificate (for example an
+anonymous ciphersuite or \s-1PSK\s0) this option has no effect.
.IP "\fB\-crl_check\fR, \fB\-crl_check_all\fR" 4
.IX Item "-crl_check, -crl_check_all"
Check the peer certificate has not been revoked by its \s-1CA\s0.
@@ -322,6 +331,9 @@ the client sends a list of supported ciphers the first client cipher
also included in the server list is used. Because the client specifies
the preference order, the order of the server cipherlist irrelevant. See
the \fBciphers\fR command for more information.
+.IP "\fB\-serverpref\fR" 4
+.IX Item "-serverpref"
+use the server's cipher preferences, rather than the client's preferences.
.IP "\fB\-tlsextdebug\fR" 4
.IX Item "-tlsextdebug"
print out a hex dump of any \s-1TLS\s0 extensions received from the server.
@@ -365,6 +377,28 @@ generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)).
Multiple files can be specified separated by a OS-dependent character.
The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for
all others.
+.IP "\fB\-status\fR" 4
+.IX Item "-status"
+enables certificate status request support (aka \s-1OCSP\s0 stapling).
+.IP "\fB\-status_verbose\fR" 4
+.IX Item "-status_verbose"
+enables certificate status request support (aka \s-1OCSP\s0 stapling) and gives
+a verbose printout of the \s-1OCSP\s0 response.
+.IP "\fB\-status_timeout nsec\fR" 4
+.IX Item "-status_timeout nsec"
+sets the timeout for \s-1OCSP\s0 response to \fBnsec\fR seconds.
+.IP "\fB\-status_url url\fR" 4
+.IX Item "-status_url url"
+sets a fallback responder \s-1URL\s0 to use if no responder \s-1URL\s0 is present in the
+server certificate. Without this option an error is returned if the server
+certificate does not contain a responder address.
+.IP "\fB\-nextprotoneg protocols\fR" 4
+.IX Item "-nextprotoneg protocols"
+enable Next Protocol Negotiation \s-1TLS\s0 extension and provide a
+comma-separated list of supported protocol names.
+The list should contain most wanted protocols first.
+Protocol names are printable \s-1ASCII\s0 strings, for example \*(L"http/1.1\*(R" or
+\&\*(L"spdy/3\*(R".
.SH "CONNECTED COMMANDS"
.IX Header "CONNECTED COMMANDS"
If a connection request is established with an \s-1SSL\s0 client and neither the
OpenPOWER on IntegriCloud