openssl s_server & s_client 相关命令参数

openssl s_server & s_client 和相关命令参数

示例:

更新动态链接库名字列表
sudo ldconfig

openssl s_server -accept 443 -key server.pem -cert server.pem -debug -msg

openssl s_client -connect 127.0.0.1:443 -debug -msg


ln -s /usr/local/ssl3/lib/libssl.so.3 /usr/lib64/libssl.so.3
ln -s /usr/local/ssl3/lib/libcrypto.so.3 /usr/lib64/libcrypto.so.3

sudo ln -s /usr/local/ssl3/lib64/libssl.so.1.1 /usr/local/lib64/libssl.so.1.1
sudo ln -s /usr/local/ssl3/lib64/libcrypto.so.1.1 /usr/local/lib64/libcrypto.so.1.1

openssl s_server 命令

[root@centos ~]#openssl s_server --help
Usage: s_server [options]
Valid options are:
 -help                      Display this summary
 -port +int                 TCP/IP port to listen on for connections (default is 4433)
 -accept val                TCP/IP optional host and port to listen on for connections (default is *:4433)
 -unix val                  Unix domain socket to accept on
 -4                         Use IPv4 only
 -6                         Use IPv6 only
 -unlink                    For -unix, unlink existing socket first
 -context val               Set session ID context
 -verify int                Turn on peer certificate verification
 -Verify int                Turn on peer certificate verification, must have a cert
 -cert infile               Certificate file to use; default is server.pem
 -nameopt val               Various certificate name options
 -naccept +int              Terminate after #num connections
 -serverinfo val            PEM serverinfo file for certificate
 -certform PEM|DER          Certificate format (PEM or DER) PEM default
 -key val                   Private Key if not in -cert; default is server.pem
 -keyform format            Key format (PEM, DER or ENGINE) PEM default
 -pass val                  Private key file pass phrase source
 -dcert infile              Second certificate file to use (usually for DSA)
 -dhparam infile            DH parameters file to use
 -dcertform PEM|DER         Second certificate format (PEM or DER) PEM default
 -dkey infile               Second private key file to use (usually for DSA)
 -dkeyform PEM|DER          Second key format (PEM, DER or ENGINE) PEM default
 -dpass val                 Second private key file pass phrase source
 -nbio_test                 Test with the non-blocking test bio
 -crlf                      Convert LF from terminal into CRLF
 -debug                     Print more output
 -msg                       Show protocol messages
 -msgfile outfile           File to send output of -msg or -trace, instead of stdout
 -state                     Print the SSL states
 -CAfile infile             PEM format file of CA's
 -CApath dir                PEM format directory of CA's
 -no-CAfile                 Do not load the default certificates file
 -no-CApath                 Do not load certificates from the default certificates directory
 -nocert                    Don't use any certificates (Anon-DH)
 -quiet                     No server output
 -no_resume_ephemeral       Disable caching and tickets if ephemeral (EC)DH is used
 -www                       Respond to a 'GET /' with a status page
 -WWW                       Respond to a 'GET with the file ./path
 -servername val            Servername for HostName TLS extension
 -servername_fatal          mismatch send fatal alert (default warning alert)
 -cert2 infile              Certificate file to use for servername; default isserver2.pem
 -key2 infile               -Private Key file to use for servername if not in -cert2
 -tlsextdebug               Hex dump of all TLS extensions received
 -HTTP                      Like -WWW but ./path includes HTTP headers
 -id_prefix val             Generate SSL/TLS session IDs prefixed by arg
 -rand val                  Load the file(s) into the random number generator
 -writerand outfile         Write random data to the specified file
 -keymatexport val          Export keying material using label
 -keymatexportlen +int      Export len bytes of keying material (default 20)
 -CRL infile                CRL file to use
 -crl_download              Download CRL from distribution points
 -cert_chain infile         certificate chain file in PEM format
 -dcert_chain infile        second certificate chain file in PEM format
 -chainCApath dir           use dir as certificate store path to build CA certificate chain
 -verifyCApath dir          use dir as certificate store path to verify CA certificate
 -no_cache                  Disable session cache
 -ext_cache                 Disable internal cache, setup and use external cache
 -CRLform PEM|DER           CRL format (PEM or DE

你可能感兴趣的:(openssl,网络,openssl,s_client,s_server)