openssl s_server & s_client 和相关命令参数
示例:
更新动态链接库名字列表
sudo ldconfig
openssl s_server -accept 443 -key server.pem -cert server.pem -debug -msg
openssl s_client -connect 127.0.0.1:443 -debug -msg
ln -s /usr/local/ssl3/lib/libssl.so.3 /usr/lib64/libssl.so.3
ln -s /usr/local/ssl3/lib/libcrypto.so.3 /usr/lib64/libcrypto.so.3
sudo ln -s /usr/local/ssl3/lib64/libssl.so.1.1 /usr/local/lib64/libssl.so.1.1
sudo ln -s /usr/local/ssl3/lib64/libcrypto.so.1.1 /usr/local/lib64/libcrypto.so.1.1
openssl s_server 命令
[root@centos ~]#openssl s_server --help
Usage: s_server [options]
Valid options are:
-help Display this summary
-port +int TCP/IP port to listen on for connections (default is 4433)
-accept val TCP/IP optional host and port to listen on for connections (default is *:4433)
-unix val Unix domain socket to accept on
-4 Use IPv4 only
-6 Use IPv6 only
-unlink For -unix, unlink existing socket first
-context val Set session ID context
-verify int Turn on peer certificate verification
-Verify int Turn on peer certificate verification, must have a cert
-cert infile Certificate file to use; default is server.pem
-nameopt val Various certificate name options
-naccept +int Terminate after #num connections
-serverinfo val PEM serverinfo file for certificate
-certform PEM|DER Certificate format (PEM or DER) PEM default
-key val Private Key if not in -cert; default is server.pem
-keyform format Key format (PEM, DER or ENGINE) PEM default
-pass val Private key file pass phrase source
-dcert infile Second certificate file to use (usually for DSA)
-dhparam infile DH parameters file to use
-dcertform PEM|DER Second certificate format (PEM or DER) PEM default
-dkey infile Second private key file to use (usually for DSA)
-dkeyform PEM|DER Second key format (PEM, DER or ENGINE) PEM default
-dpass val Second private key file pass phrase source
-nbio_test Test with the non-blocking test bio
-crlf Convert LF from terminal into CRLF
-debug Print more output
-msg Show protocol messages
-msgfile outfile File to send output of -msg or -trace, instead of stdout
-state Print the SSL states
-CAfile infile PEM format file of CA's
-CApath dir PEM format directory of CA's
-no-CAfile Do not load the default certificates file
-no-CApath Do not load certificates from the default certificates directory
-nocert Don't use any certificates (Anon-DH)
-quiet No server output
-no_resume_ephemeral Disable caching and tickets if ephemeral (EC)DH is used
-www Respond to a 'GET /' with a status page
-WWW Respond to a 'GET with the file ./path
-servername val Servername for HostName TLS extension
-servername_fatal mismatch send fatal alert (default warning alert)
-cert2 infile Certificate file to use for servername; default isserver2.pem
-key2 infile -Private Key file to use for servername if not in -cert2
-tlsextdebug Hex dump of all TLS extensions received
-HTTP Like -WWW but ./path includes HTTP headers
-id_prefix val Generate SSL/TLS session IDs prefixed by arg
-rand val Load the file(s) into the random number generator
-writerand outfile Write random data to the specified file
-keymatexport val Export keying material using label
-keymatexportlen +int Export len bytes of keying material (default 20)
-CRL infile CRL file to use
-crl_download Download CRL from distribution points
-cert_chain infile certificate chain file in PEM format
-dcert_chain infile second certificate chain file in PEM format
-chainCApath dir use dir as certificate store path to build CA certificate chain
-verifyCApath dir use dir as certificate store path to verify CA certificate
-no_cache Disable session cache
-ext_cache Disable internal cache, setup and use external cache
-CRLform PEM|DER CRL format (PEM or DE