Lines Matching +full:current +full:- +full:boost +full:- +full:limit
1 .\" -*- mode: troff; coding: utf-8 -*-
57 .IX Title "OPENSSL-S_SERVER 1ossl"
58 .TH OPENSSL-S_SERVER 1ossl 2025-09-30 3.5.4 OpenSSL
64 openssl\-s_server \- SSL/TLS server program
68 [\fB\-help\fR]
69 [\fB\-port\fR \fI+int\fR]
70 [\fB\-accept\fR \fIval\fR]
71 [\fB\-unix\fR \fIval\fR]
72 [\fB\-4\fR]
73 [\fB\-6\fR]
74 [\fB\-unlink\fR]
75 [\fB\-context\fR \fIval\fR]
76 [\fB\-verify\fR \fIint\fR]
77 [\fB\-Verify\fR \fIint\fR]
78 [\fB\-cert\fR \fIinfile\fR]
79 [\fB\-cert2\fR \fIinfile\fR]
80 [\fB\-certform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR]
81 [\fB\-cert_chain\fR \fIinfile\fR]
82 [\fB\-build_chain\fR]
83 [\fB\-serverinfo\fR \fIval\fR]
84 [\fB\-key\fR \fIfilename\fR|\fIuri\fR]
85 [\fB\-key2\fR \fIfilename\fR|\fIuri\fR]
86 [\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR]
87 [\fB\-pass\fR \fIval\fR]
88 [\fB\-dcert\fR \fIinfile\fR]
89 [\fB\-dcertform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR]
90 [\fB\-dcert_chain\fR \fIinfile\fR]
91 [\fB\-dkey\fR \fIfilename\fR|\fIuri\fR]
92 [\fB\-dkeyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR]
93 [\fB\-dpass\fR \fIval\fR]
94 [\fB\-nbio_test\fR]
95 [\fB\-crlf\fR]
96 [\fB\-debug\fR]
97 [\fB\-msg\fR]
98 [\fB\-msgfile\fR \fIoutfile\fR]
99 [\fB\-state\fR]
100 [\fB\-nocert\fR]
101 [\fB\-quiet\fR]
102 [\fB\-no_resume_ephemeral\fR]
103 [\fB\-www\fR]
104 [\fB\-WWW\fR]
105 [\fB\-http_server_binmode\fR]
106 [\fB\-no_ca_names\fR]
107 [\fB\-ignore_unexpected_eof\fR]
108 [\fB\-servername\fR]
109 [\fB\-servername_fatal\fR]
110 [\fB\-tlsextdebug\fR]
111 [\fB\-HTTP\fR]
112 [\fB\-id_prefix\fR \fIval\fR]
113 [\fB\-keymatexport\fR \fIval\fR]
114 [\fB\-keymatexportlen\fR \fI+int\fR]
115 [\fB\-CRL\fR \fIinfile\fR]
116 [\fB\-CRLform\fR \fBDER\fR|\fBPEM\fR]
117 [\fB\-crl_download\fR]
118 [\fB\-chainCAfile\fR \fIinfile\fR]
119 [\fB\-chainCApath\fR \fIdir\fR]
120 [\fB\-chainCAstore\fR \fIuri\fR]
121 [\fB\-verifyCAfile\fR \fIinfile\fR]
122 [\fB\-verifyCApath\fR \fIdir\fR]
123 [\fB\-verifyCAstore\fR \fIuri\fR]
124 [\fB\-no_cache\fR]
125 [\fB\-ext_cache\fR]
126 [\fB\-verify_return_error\fR]
127 [\fB\-verify_quiet\fR]
128 [\fB\-ign_eof\fR]
129 [\fB\-no_ign_eof\fR]
130 [\fB\-no_ems\fR]
131 [\fB\-status\fR]
132 [\fB\-status_verbose\fR]
133 [\fB\-status_timeout\fR \fIint\fR]
134 [\fB\-proxy\fR \fI[http[s]://][userinfo@]host[:port][/path][?query][#fragment]\fR]
135 [\fB\-no_proxy\fR \fIaddresses\fR]
136 [\fB\-status_url\fR \fIval\fR]
137 [\fB\-status_file\fR \fIinfile\fR]
138 [\fB\-ssl_config\fR \fIval\fR]
139 [\fB\-trace\fR]
140 [\fB\-security_debug\fR]
141 [\fB\-security_debug_verbose\fR]
142 [\fB\-brief\fR]
143 [\fB\-rev\fR]
144 [\fB\-async\fR]
145 [\fB\-max_send_frag\fR \fI+int\fR]
146 [\fB\-split_send_frag\fR \fI+int\fR]
147 [\fB\-max_pipelines\fR \fI+int\fR]
148 [\fB\-naccept\fR \fI+int\fR]
149 [\fB\-read_buf\fR \fI+int\fR]
150 [\fB\-no_tx_cert_comp\fR]
151 [\fB\-no_rx_cert_comp\fR]
152 [\fB\-dhparam\fR \fIinfile\fR]
153 [\fB\-nbio\fR]
154 [\fB\-psk_identity\fR \fIval\fR]
155 [\fB\-psk_hint\fR \fIval\fR]
156 [\fB\-psk\fR \fIval\fR]
157 [\fB\-psk_session\fR \fIfile\fR]
158 [\fB\-srpvfile\fR \fIinfile\fR]
159 [\fB\-srpuserseed\fR \fIval\fR]
160 [\fB\-timeout\fR]
161 [\fB\-mtu\fR \fI+int\fR]
162 [\fB\-listen\fR]
163 [\fB\-sctp\fR]
164 [\fB\-sctp_label_bug\fR]
165 [\fB\-use_srtp\fR \fIval\fR]
166 [\fB\-no_dhe\fR]
167 [\fB\-nextprotoneg\fR \fIval\fR]
168 [\fB\-alpn\fR \fIval\fR]
169 [\fB\-ktls\fR]
170 [\fB\-sendfile\fR]
171 [\fB\-zerocopy_sendfile\fR]
172 [\fB\-keylogfile\fR \fIoutfile\fR]
173 [\fB\-recv_max_early_data\fR \fIint\fR]
174 [\fB\-max_early_data\fR \fIint\fR]
175 [\fB\-early_data\fR]
176 [\fB\-stateless\fR]
177 [\fB\-anti_replay\fR]
178 [\fB\-no_anti_replay\fR]
179 [\fB\-num_tickets\fR]
180 [\fB\-tfo\fR]
181 [\fB\-cert_comp\fR]
182 [\fB\-nameopt\fR \fIoption\fR]
183 [\fB\-no_ssl3\fR]
184 [\fB\-no_tls1\fR]
185 [\fB\-no_tls1_1\fR]
186 [\fB\-no_tls1_2\fR]
187 [\fB\-no_tls1_3\fR]
188 [\fB\-ssl3\fR]
189 [\fB\-tls1\fR]
190 [\fB\-tls1_1\fR]
191 [\fB\-tls1_2\fR]
192 [\fB\-tls1_3\fR]
193 [\fB\-dtls\fR]
194 [\fB\-dtls1\fR]
195 [\fB\-dtls1_2\fR]
196 [\fB\-allow_proxy_certs\fR]
197 [\fB\-attime\fR \fItimestamp\fR]
198 [\fB\-no_check_time\fR]
199 [\fB\-check_ss_sig\fR]
200 [\fB\-crl_check\fR]
201 [\fB\-crl_check_all\fR]
202 [\fB\-explicit_policy\fR]
203 [\fB\-extended_crl\fR]
204 [\fB\-ignore_critical\fR]
205 [\fB\-inhibit_any\fR]
206 [\fB\-inhibit_map\fR]
207 [\fB\-partial_chain\fR]
208 [\fB\-policy\fR \fIarg\fR]
209 [\fB\-policy_check\fR]
210 [\fB\-policy_print\fR]
211 [\fB\-purpose\fR \fIpurpose\fR]
212 [\fB\-suiteB_128\fR]
213 [\fB\-suiteB_128_only\fR]
214 [\fB\-suiteB_192\fR]
215 [\fB\-trusted_first\fR]
216 [\fB\-no_alt_chains\fR]
217 [\fB\-use_deltas\fR]
218 [\fB\-auth_level\fR \fInum\fR]
219 [\fB\-verify_depth\fR \fInum\fR]
220 [\fB\-verify_email\fR \fIemail\fR]
221 [\fB\-verify_hostname\fR \fIhostname\fR]
222 [\fB\-verify_ip\fR \fIip\fR]
223 [\fB\-verify_name\fR \fIname\fR]
224 [\fB\-x509_strict\fR]
225 [\fB\-issuer_checks\fR]
226 [\fB\-bugs\fR]
227 [\fB\-no_comp\fR]
228 [\fB\-comp\fR]
229 [\fB\-no_ticket\fR]
230 [\fB\-serverpref\fR]
231 [\fB\-client_renegotiation\fR]
232 [\fB\-legacy_renegotiation\fR]
233 [\fB\-no_renegotiation\fR]
234 [\fB\-no_resumption_on_reneg\fR]
235 [\fB\-legacy_server_connect\fR]
236 [\fB\-no_legacy_server_connect\fR]
237 [\fB\-no_etm\fR]
238 [\fB\-allow_no_dhe_kex\fR]
239 [\fB\-prefer_no_dhe_kex\fR]
240 [\fB\-prioritize_chacha\fR]
241 [\fB\-strict\fR]
242 [\fB\-sigalgs\fR \fIalgs\fR]
243 [\fB\-client_sigalgs\fR \fIalgs\fR]
244 [\fB\-groups\fR \fIgroups\fR]
245 [\fB\-curves\fR \fIcurves\fR]
246 [\fB\-named_curve\fR \fIcurve\fR]
247 [\fB\-cipher\fR \fIciphers\fR]
248 [\fB\-ciphersuites\fR \fI1.3ciphers\fR]
249 [\fB\-min_protocol\fR \fIminprot\fR]
250 [\fB\-max_protocol\fR \fImaxprot\fR]
251 [\fB\-record_padding\fR \fIpadding\fR]
252 [\fB\-debug_broken_protocol\fR]
253 [\fB\-no_middlebox\fR]
254 [\fB\-xkey\fR \fIinfile\fR]
255 [\fB\-xcert\fR \fIfile\fR]
256 [\fB\-xchain\fR \fIfile\fR]
257 [\fB\-xchain_build\fR \fIfile\fR]
258 [\fB\-xcertform\fR \fBDER\fR|\fBPEM\fR]>
259 [\fB\-xkeyform\fR \fBDER\fR|\fBPEM\fR]>
260 [\fB\-CAfile\fR \fIfile\fR]
261 [\fB\-no\-CAfile\fR]
262 [\fB\-CApath\fR \fIdir\fR]
263 [\fB\-no\-CApath\fR]
264 [\fB\-CAstore\fR \fIuri\fR]
265 [\fB\-no\-CAstore\fR]
266 [\fB\-rand\fR \fIfiles\fR]
267 [\fB\-writerand\fR \fIfile\fR]
268 [\fB\-engine\fR \fIid\fR]
269 [\fB\-provider\fR \fIname\fR]
270 [\fB\-provider\-path\fR \fIpath\fR]
271 [\fB\-provparam\fR \fI[name:]key=value\fR]
272 [\fB\-propquery\fR \fIpropq\fR]
273 [\fB\-enable_server_rpk\fR]
274 [\fB\-enable_client_rpk\fR]
284 .IP \fB\-help\fR 4
285 .IX Item "-help"
287 .IP "\fB\-port\fR \fI+int\fR" 4
288 .IX Item "-port +int"
290 .IP "\fB\-accept\fR \fIval\fR" 4
291 .IX Item "-accept val"
293 .IP "\fB\-unix\fR \fIval\fR" 4
294 .IX Item "-unix val"
296 .IP \fB\-4\fR 4
297 .IX Item "-4"
299 .IP \fB\-6\fR 4
300 .IX Item "-6"
302 .IP \fB\-unlink\fR 4
303 .IX Item "-unlink"
304 For \-unix, unlink any existing socket first.
305 .IP "\fB\-context\fR \fIval\fR" 4
306 .IX Item "-context val"
309 .IP "\fB\-verify\fR \fIint\fR, \fB\-Verify\fR \fIint\fR" 4
310 .IX Item "-verify int, -Verify int"
313 the client. With the \fB\-verify\fR option a certificate is requested but the
314 client does not have to send one, with the \fB\-Verify\fR option the client
322 For details see "Certificate Extensions" in \fBopenssl\-verification\-options\fR\|(1).
323 .IP "\fB\-cert\fR \fIinfile\fR" 4
324 .IX Item "-cert infile"
329 .IP "\fB\-cert2\fR \fIinfile\fR" 4
330 .IX Item "-cert2 infile"
332 .IP "\fB\-certform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR" 4
333 .IX Item "-certform DER|PEM|P12"
335 See \fBopenssl\-format\-options\fR\|(1) for details.
336 .IP \fB\-cert_chain\fR 4
337 .IX Item "-cert_chain"
339 certificate chain related to the certificate specified via the \fB\-cert\fR option.
343 .IP \fB\-build_chain\fR 4
344 .IX Item "-build_chain"
347 .IP "\fB\-serverinfo\fR \fIval\fR" 4
348 .IX Item "-serverinfo val"
354 .IP "\fB\-key\fR \fIfilename\fR|\fIuri\fR" 4
355 .IX Item "-key filename|uri"
358 .IP "\fB\-key2\fR \fIfilename\fR|\fIuri\fR" 4
359 .IX Item "-key2 filename|uri"
360 The private Key file to use for servername if not given via \fB\-cert2\fR.
361 .IP "\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR" 4
362 .IX Item "-keyform DER|PEM|P12|ENGINE"
364 See \fBopenssl\-format\-options\fR\|(1) for details.
365 .IP "\fB\-pass\fR \fIval\fR" 4
366 .IX Item "-pass val"
369 see \fBopenssl\-passphrase\-options\fR\|(1).
370 .IP "\fB\-dcert\fR \fIinfile\fR, \fB\-dkey\fR \fIfilename\fR|\fIuri\fR" 4
371 .IX Item "-dcert infile, -dkey filename|uri"
373 same manner as the \fB\-cert\fR and \fB\-key\fR options except there is no default
380 .IP \fB\-dcert_chain\fR 4
381 .IX Item "-dcert_chain"
383 server certificate chain when a certificate specified via the \fB\-dcert\fR option
386 .IP "\fB\-dcertform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR" 4
387 .IX Item "-dcertform DER|PEM|P12"
389 See \fBopenssl\-format\-options\fR\|(1) for details.
390 .IP "\fB\-dkeyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR" 4
391 .IX Item "-dkeyform DER|PEM|P12|ENGINE"
393 See \fBopenssl\-format\-options\fR\|(1) for details.
394 .IP "\fB\-dpass\fR \fIval\fR" 4
395 .IX Item "-dpass val"
398 see \fBopenssl\-passphrase\-options\fR\|(1).
399 .IP \fB\-nbio_test\fR 4
400 .IX Item "-nbio_test"
402 .IP \fB\-crlf\fR 4
403 .IX Item "-crlf"
405 .IP \fB\-debug\fR 4
406 .IX Item "-debug"
408 .IP \fB\-security_debug\fR 4
409 .IX Item "-security_debug"
411 .IP \fB\-security_debug_verbose\fR 4
412 .IX Item "-security_debug_verbose"
414 .IP \fB\-msg\fR 4
415 .IX Item "-msg"
417 .IP "\fB\-msgfile\fR \fIoutfile\fR" 4
418 .IX Item "-msgfile outfile"
419 File to send output of \fB\-msg\fR or \fB\-trace\fR to, default standard output.
420 .IP \fB\-state\fR 4
421 .IX Item "-state"
423 .IP "\fB\-CRL\fR \fIinfile\fR" 4
424 .IX Item "-CRL infile"
426 .IP "\fB\-CRLform\fR \fBDER\fR|\fBPEM\fR" 4
427 .IX Item "-CRLform DER|PEM"
429 See \fBopenssl\-format\-options\fR\|(1) for details.
430 .IP \fB\-crl_download\fR 4
431 .IX Item "-crl_download"
433 .IP "\fB\-verifyCAfile\fR \fIfilename\fR" 4
434 .IX Item "-verifyCAfile filename"
437 .IP "\fB\-verifyCApath\fR \fIdir\fR" 4
438 .IX Item "-verifyCApath dir"
442 see \fBopenssl\-verify\fR\|(1) for more information.
443 .IP "\fB\-verifyCAstore\fR \fIuri\fR" 4
444 .IX Item "-verifyCAstore uri"
447 .IP "\fB\-chainCAfile\fR \fIfile\fR" 4
448 .IX Item "-chainCAfile file"
451 .IP "\fB\-chainCApath\fR \fIdir\fR" 4
452 .IX Item "-chainCApath dir"
456 see \fBopenssl\-verify\fR\|(1) for more information.
457 .IP "\fB\-chainCAstore\fR \fIuri\fR" 4
458 .IX Item "-chainCAstore uri"
462 With URIs in the \f(CW\*(C`file:\*(C'\fR scheme, this acts as \fB\-chainCAfile\fR or
463 \&\fB\-chainCApath\fR, depending on if the URI indicates a directory or a
465 See \fBossl_store\-file\fR\|(7) for more information on the \f(CW\*(C`file:\*(C'\fR scheme.
466 .IP \fB\-nocert\fR 4
467 .IX Item "-nocert"
471 .IP \fB\-quiet\fR 4
472 .IX Item "-quiet"
474 .IP \fB\-no_resume_ephemeral\fR 4
475 .IX Item "-no_resume_ephemeral"
477 .IP \fB\-tlsextdebug\fR 4
478 .IX Item "-tlsextdebug"
480 .IP \fB\-www\fR 4
481 .IX Item "-www"
487 .IP "\fB\-WWW\fR, \fB\-HTTP\fR" 4
488 .IX Item "-WWW, -HTTP"
490 current directory, for example if the URL \f(CW\*(C`https://myhost/page.html\*(C'\fR is
492 If the \fB\-HTTP\fR flag is used, the files are sent directly, and should contain
494 If the \fB\-WWW\fR option is used,
496 examined to determine the \fBContent-Type\fR header.
500 information like the \fB\-www\fR option.
501 .IP \fB\-http_server_binmode\fR 4
502 .IX Item "-http_server_binmode"
503 When acting as web-server (using option \fB\-WWW\fR or \fB\-HTTP\fR) open files requested
505 .IP \fB\-no_ca_names\fR 4
506 .IX Item "-no_ca_names"
510 .IP \fB\-ignore_unexpected_eof\fR 4
511 .IX Item "-ignore_unexpected_eof"
518 .IP \fB\-servername\fR 4
519 .IX Item "-servername"
521 .IP \fB\-servername_fatal\fR 4
522 .IX Item "-servername_fatal"
524 .IP "\fB\-id_prefix\fR \fIval\fR" 4
525 .IX Item "-id_prefix val"
530 .IP \fB\-keymatexport\fR 4
531 .IX Item "-keymatexport"
533 .IP \fB\-keymatexportlen\fR 4
534 .IX Item "-keymatexportlen"
536 .IP \fB\-no_cache\fR 4
537 .IX Item "-no_cache"
539 .IP \fB\-ext_cache\fR. 4
540 .IX Item "-ext_cache."
542 .IP \fB\-verify_return_error\fR 4
543 .IX Item "-verify_return_error"
547 .IP \fB\-verify_quiet\fR 4
548 .IX Item "-verify_quiet"
550 .IP \fB\-ign_eof\fR 4
551 .IX Item "-ign_eof"
552 Ignore input EOF (default: when \fB\-quiet\fR).
553 .IP \fB\-no_ign_eof\fR 4
554 .IX Item "-no_ign_eof"
556 .IP \fB\-no_ems\fR 4
557 .IX Item "-no_ems"
559 .IP \fB\-status\fR 4
560 .IX Item "-status"
562 .IP \fB\-status_verbose\fR 4
563 .IX Item "-status_verbose"
566 Use the \fB\-cert_chain\fR option to specify the certificate of the server's
568 .IP "\fB\-status_timeout\fR \fIint\fR" 4
569 .IX Item "-status_timeout int"
571 .IP "\fB\-proxy\fR \fI[http[s]://][userinfo@]host[:port][/path][?query][#fragment]\fR" 4
572 .IX Item "-proxy [http[s]://][userinfo@]host[:port][/path][?query][#fragment]"
573 The HTTP(S) proxy server to use for reaching the OCSP server unless \fB\-no_proxy\fR
581 .IP "\fB\-no_proxy\fR \fIaddresses\fR" 4
582 .IX Item "-no_proxy addresses"
587 .IP "\fB\-status_url\fR \fIval\fR" 4
588 .IX Item "-status_url val"
594 .IP "\fB\-status_file\fR \fIinfile\fR" 4
595 .IX Item "-status_file infile"
598 .IP "\fB\-ssl_config\fR \fIval\fR" 4
599 .IX Item "-ssl_config val"
601 .IP \fB\-trace\fR 4
602 .IX Item "-trace"
604 .IP \fB\-brief\fR 4
605 .IX Item "-brief"
608 .IP \fB\-rev\fR 4
609 .IX Item "-rev"
610 Simple echo server that sends back received text reversed. Also sets \fB\-brief\fR.
611 Cannot be used in conjunction with \fB\-early_data\fR.
612 .IP \fB\-async\fR 4
613 .IX Item "-async"
616 is also used via the \fB\-engine\fR option. For test purposes the dummy async engine
618 .IP "\fB\-max_send_frag\fR \fI+int\fR" 4
619 .IX Item "-max_send_frag +int"
622 .IP "\fB\-split_send_frag\fR \fI+int\fR" 4
623 .IX Item "-split_send_frag +int"
630 .IP "\fB\-max_pipelines\fR \fI+int\fR" 4
631 .IX Item "-max_pipelines +int"
636 .IP "\fB\-naccept\fR \fI+int\fR" 4
637 .IX Item "-naccept +int"
640 .IP "\fB\-read_buf\fR \fI+int\fR" 4
641 .IX Item "-read_buf +int"
646 .IP \fB\-no_tx_cert_comp\fR 4
647 .IX Item "-no_tx_cert_comp"
649 .IP \fB\-no_rx_cert_comp\fR 4
650 .IX Item "-no_rx_cert_comp"
652 .IP \fB\-no_comp\fR 4
653 .IX Item "-no_comp"
657 .IP \fB\-num_tickets\fR 4
658 .IX Item "-num_tickets"
662 .IP "\fB\-dhparam\fR \fIinfile\fR" 4
663 .IX Item "-dhparam infile"
669 .IP \fB\-nbio\fR 4
670 .IX Item "-nbio"
672 .IP \fB\-timeout\fR 4
673 .IX Item "-timeout"
675 .IP \fB\-mtu\fR 4
676 .IX Item "-mtu"
677 Set link-layer MTU.
678 .IP "\fB\-psk_identity\fR \fIval\fR" 4
679 .IX Item "-psk_identity val"
683 .IP "\fB\-psk_hint\fR \fIval\fR" 4
684 .IX Item "-psk_hint val"
686 .IP "\fB\-psk\fR \fIval\fR" 4
687 .IX Item "-psk val"
689 given as a hexadecimal number without leading 0x, for example \-psk
692 .IP "\fB\-psk_session\fR \fIfile\fR" 4
693 .IX Item "-psk_session file"
696 .IP \fB\-srpvfile\fR 4
697 .IX Item "-srpvfile"
700 .IP \fB\-srpuserseed\fR 4
701 .IX Item "-srpuserseed"
704 .IP \fB\-listen\fR 4
705 .IX Item "-listen"
714 .IP \fB\-sctp\fR 4
715 .IX Item "-sctp"
717 conjunction with \fB\-dtls\fR, \fB\-dtls1\fR or \fB\-dtls1_2\fR. This option is only
719 .IP \fB\-sctp_label_bug\fR 4
720 .IX Item "-sctp_label_bug"
722 endpoint-pair shared secrets for DTLS/SCTP. This allows communication with
724 implementations. Must be used in conjunction with \fB\-sctp\fR. This option is only
726 .IP \fB\-use_srtp\fR 4
727 .IX Item "-use_srtp"
728 Offer SRTP key management with a colon-separated profile list.
729 .IP \fB\-no_dhe\fR 4
730 .IX Item "-no_dhe"
733 .IP "\fB\-alpn\fR \fIval\fR, \fB\-nextprotoneg\fR \fIval\fR" 4
734 .IX Item "-alpn val, -nextprotoneg val"
735 These flags enable the Application-Layer Protocol Negotiation
738 The \fIval\fR list is a comma-separated list of supported protocol
742 The flag \fB\-nextprotoneg\fR cannot be specified if \fB\-tls1_3\fR is used.
743 .IP \fB\-ktls\fR 4
744 .IX Item "-ktls"
748 .IP \fB\-sendfile\fR 4
749 .IX Item "-sendfile"
752 This option is only valid when \fB\-ktls\fR along with \fB\-WWW\fR or \fB\-HTTP\fR
754 .IP \fB\-zerocopy_sendfile\fR 4
755 .IX Item "-zerocopy_sendfile"
757 a performance boost when used with KTLS hardware offload. Note that invalid
759 This option depends on \fB\-sendfile\fR; when used alone, \fB\-sendfile\fR is implied,
762 .IP "\fB\-keylogfile\fR \fIoutfile\fR" 4
763 .IX Item "-keylogfile outfile"
766 .IP "\fB\-max_early_data\fR \fIint\fR" 4
767 .IX Item "-max_early_data int"
769 and any incoming early data (when used in conjunction with the \fB\-early_data\fR
772 .IP "\fB\-recv_max_early_data\fR \fIint\fR" 4
773 .IX Item "-recv_max_early_data int"
774 Specify the hard limit on the maximum number of early data bytes that will
776 .IP \fB\-early_data\fR 4
777 .IX Item "-early_data"
778 Accept early data where possible. Cannot be used in conjunction with \fB\-www\fR,
779 \&\fB\-WWW\fR, \fB\-HTTP\fR or \fB\-rev\fR.
780 .IP \fB\-stateless\fR 4
781 .IX Item "-stateless"
783 .IP "\fB\-anti_replay\fR, \fB\-no_anti_replay\fR" 4
784 .IX Item "-anti_replay, -no_anti_replay"
791 .IP \fB\-tfo\fR 4
792 .IX Item "-tfo"
794 .IP \fB\-cert_comp\fR 4
795 .IX Item "-cert_comp"
796 Pre-compresses certificates (RFC8879) that will be sent during the handshake.
797 .IP "\fB\-nameopt\fR \fIoption\fR" 4
798 .IX Item "-nameopt option"
800 See \fBopenssl\-namedisplay\-options\fR\|(1) for details.
801 …-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR, \fB\-ssl3\f…
802 .IX Item "-no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3, -ssl3, -tls1, -tls1_1, -tls1_2, -…
804 .IP "\fB\-dtls\fR, \fB\-dtls1\fR, \fB\-dtls1_2\fR" 4
805 .IX Item "-dtls, -dtls1, -dtls1_2"
808 …-bugs\fR, \fB\-comp\fR, \fB\-no_comp\fR, \fB\-no_ticket\fR, \fB\-serverpref\fR, \fB\-client_renego…
809 …-bugs, -comp, -no_comp, -no_ticket, -serverpref, -client_renegotiation, -legacy_renegotiation, -no…
811 …-xkey\fR \fIinfile\fR, \fB\-xcert\fR \fIfile\fR, \fB\-xchain\fR \fIfile\fR, \fB\-xchain_build\fR \…
812 .IX Item "-xkey infile, -xcert file, -xchain file, -xchain_build file, -xcertform DER|PEM, -xkeyfor…
814 See "Extended Verification Options" in \fBopenssl\-verification\-options\fR\|(1) for details.
815 .IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \…
816 .IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore"
817 See "Trusted Certificate Options" in \fBopenssl\-verification\-options\fR\|(1) for details.
818 .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4
819 .IX Item "-rand files, -writerand file"
821 .IP "\fB\-engine\fR \fIid\fR" 4
822 .IX Item "-engine id"
825 .IP "\fB\-provider\fR \fIname\fR" 4
826 .IX Item "-provider name"
828 .IP "\fB\-provider\-path\fR \fIpath\fR" 4
829 .IX Item "-provider-path path"
830 .IP "\fB\-provparam\fR \fI[name:]key=value\fR" 4
831 .IX Item "-provparam [name:]key=value"
832 .IP "\fB\-propquery\fR \fIpropq\fR" 4
833 .IX Item "-propquery propq"
836 …-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check…
837 …-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_…
839 See "Verification Options" in \fBopenssl\-verification\-options\fR\|(1) for details.
843 proceed unless the \fB\-verify_return_error\fR option is used.
844 .IP \fB\-enable_server_rpk\fR 4
845 .IX Item "-enable_server_rpk"
853 .IP \fB\-enable_client_rpk\fR 4
854 .IX Item "-enable_client_rpk"
865 \&\fB\-www\fR nor the \fB\-WWW\fR option has been used then normally any data received
873 End the current SSL connection but still accept new connections.
876 End the current SSL connection and exit.
906 \& openssl s_server \-accept 443 \-www
915 The session parameters can printed out using the \fBopenssl\-sess_id\fR\|(1) command.
931 \&\fBopenssl\-sess_id\fR\|(1),
932 \&\fBopenssl\-s_client\fR\|(1),
933 \&\fBopenssl\-ciphers\fR\|(1),
938 \&\fBossl_store\-file\fR\|(7)
941 The \-no_alt_chains option was added in OpenSSL 1.1.0.
944 \&\-allow\-no\-dhe\-kex and \-prioritize_chacha options were added in OpenSSL 1.1.1.
946 The \fB\-srpvfile\fR, \fB\-srpuserseed\fR, and \fB\-engine\fR
950 \&\fB\-enable_client_rpk\fR,
951 \&\fB\-enable_server_rpk\fR,
952 \&\fB\-no_rx_cert_comp\fR,
953 \&\fB\-no_tx_cert_comp\fR,
954 and \fB\-tfo\fR
958 Copyright 2000\-2025 The OpenSSL Project Authors. All Rights Reserved.