OPENSSL-S_SERVER(1ssl) OpenSSL OPENSSL-S_SERVER(1ssl) openssl-s_server - SSL/TLS openssl s_server [-help] [-port +int] [-accept ] [-unix ] [-4] [-6] [-unlink] [-context ] [-verify ] [-Verify ] [-cert _] [-cert2 _] [-certform DER|PEM|P12] [-cert_chain _] [-build_chain] [-serverinfo ] [-key _|_] [-key2 _|_] [-keyform DER|PEM|P12|ENGINE] [-pass ] [-dcert _] [-dcertform DER|PEM|P12] [-dcert_chain _] [-dkey _|_] [-dkeyform DER|PEM|P12|ENGINE] [-dpass ] [-nbio_test] [-crlf] [-debug] [-msg] [-msgfile _] [-state] [-nocert] [-quiet] [-no_resume_ephemeral] [-www] [-WWW] [-http_server_binmode] [-no_ca_names] [-ignore_unexpected_eof] [-servername] [-servername_fatal] [-tlsextdebug] [-HTTP] [-id_prefix ] [-keymatexport ] [-keymatexportlen +int] [-CRL _] [-CRLform DER|PEM] [-crl_download] [-chainCAfile _] [-chainCApath ] [-chainCAstore _] [-verifyCAfile _] [-verifyCApath ] [-verifyCAstore _] [-no_cache] [-ext_cache] [-verify_return_error] [-verify_quiet] [-ign_eof] [-no_ign_eof] [-no_ems] [-status] [-status_all] [-status_verbose] [-status_timeout ] [-proxy [http[s]://][userinfo@]host[:port][/path][?query][#fragment]] [-no_proxy ] [-status_url ] [-status_file _] [-ssl_config ] [-trace] [-security_debug] [-security_debug_verbose] [-brief] [-rev] [-async] [-max_send_frag +int] [-split_send_frag +int] [-max_pipelines +int] [-naccept +int] [-read_buf +int] [-no_tx_cert_comp] [-no_rx_cert_comp] [-dhparam _] [-nbio] [-psk_identity ] [-psk_hint ] [-psk ] [-psk_session ] [-srpvfile _] [-srpuserseed ] [-timeout] [-mtu +int] [-listen] [-sctp] [-sctp_label_bug] [-use_srtp ] [-no_dhe] [-nextprotoneg ] [-alpn ] [-ktls] [-sendfile] [-zerocopy_sendfile] [-keylogfile _] [-recv_max_early_data ] [-max_early_data ] [-early_data] [-stateless] [-anti_replay] [-no_anti_replay] [-num_tickets] [-tfo] [-cert_comp] [-nameopt ] [-no_ssl3] [-no_tls1] [-no_tls1_1] [-no_tls1_2] [-no_tls1_3] [-ssl3] [-tls1] [-tls1_1] [-tls1_2] [-tls1_3] [-dtls] [-dtls1] [-dtls1_2] [-allow_proxy_certs] [-attime _] [-no_check_time] [-check_ss_sig] [-crl_check] [-crl_check_all] [-explicit_policy] [-extended_crl] [-ignore_critical] [-inhibit_any] [-inhibit_map] [-partial_chain] [-policy ] [-policy_check] [-policy_print] [-purpose ] [-suiteB_128] [-suiteB_128_only] [-suiteB_192] [-trusted_first] [-no_alt_chains] [-use_deltas] [-auth_level ] [-verify_depth ] [-verify_email ] [-verify_hostname _] [-verify_ip _ip] [-verify_name ] [-x509_strict] [-issuer_checks] [-bugs] [-no_comp] [-comp] [-no_ticket] [-serverpref] [-client_renegotiation] [-legacy_renegotiation] [-no_renegotiation] [-no_resumption_on_reneg] [-legacy_server_connect] [-no_legacy_server_connect] [-no_etm] [-allow_no_dhe_kex] [-prefer_no_dhe_kex] [-prioritize_chacha] [-strict] [-sigalgs ] [-client_sigalgs ] [-groups ] [-curves ] [-named_curve ] [-cipher ] [-ciphersuites _1.3] [-min_protocol _] [-max_protocol _] [-record_padding ] [-debug_broken_protocol] [-no_middlebox] [-xkey _] [-xcert ] [-xchain ] [-xchain_build ] [-xcertform DER|PEM]> [-xkeyform DER|PEM]> [-CAfile ] [-no-CAfile] [-CApath ] [-no-CApath] [-CAstore _] [-no-CAstore] [-rand ] [-writerand ] [-engine ] [-provider ] [-provider-path ] [-provparam [:]=] [-propquery ] [-enable_server_rpk] [-enable_client_rpk] SSL/TLS SSL/TLS. " " SSL_CONF_cmd(3) -help . -port + TCP . 4433. -accept TCP . *:4433. -unix . -4 IPv4 . -6 IPv6 . -unlink -unix (unlink) . -context SSL. . . -verify -Verify . . -verify -Verify . ( PSK) . (D)TLS ("sslclient"). "Certificate Extensions" openssl-verification-options(1). -cert _ : DSS DSS (DSA). server.pem. -cert2 _ "server2.pem". -certform DER|PEM|P12 . openssl-format-options(1) . -cert_chain -cert. ( OCSP stapling). PEM DER PKCS#12. -build_chain . -serverinfo PEM. PEM TLS ServerHello ( 2 2 "length" ). TLS ClientHello ServerHello . -key _|_ . . -key2 _|_ -cert2. -keyform DER|PEM|P12|ENGINE . openssl-format-options(1) . -pass . openssl-passphrase-options(1). -dcert _ -dkey _|_ -cert -key ( ). . RSA DSS (DSA). RSA DSS RSA DSS . -dcert_chain -dcert. PEM DER PKCS#12. -dcertform DER|PEM|P12 . openssl-format-options(1) . -dkeyform DER|PEM|P12|ENGINE . openssl-format-options(1) . -dpass . openssl-passphrase-options(1). -nbio_test / (non blocking). -crlf CR+LF. -debug . -security_debug SSL/TLS. -security_debug_verbose SSL/TLS -msg . -msgfile _ -msg -trace . -state SSL. -CRL _ CRL . -CRLform DER|PEM CRL . openssl-format-options(1) . -crl_download CRL CDP -verifyCAfile _ PEM (CA) . -verifyCApath . " " openssl-verify(1) . -verifyCAstore uri (URI) . -chainCAfile PEM . -chainCApath . " " openssl-verify(1) . -chainCAstore uri (URI) . . "file:" -chainCAfile -chainCApath . ossl_store-file(7) "file:". -nocert . ( DH ). -quiet . -no_resume_ephemeral (EC)DH . -tlsextdebug TLS . -www . . HTML . "/renegcert" "/reneg" . -WWW -HTTP . "https://myhost/page.html" ./page.html. -HTTP HTTP ( ). -WWW Content-Type. "html" "htm" "php" "text/html" "text/plain". "/stats" -www. -http_server_binmode ( -WWW -HTTP) . -no_ca_names TLS (CA Names). Windows TLS 1024 . -ignore_unexpected_eof TLS close_notify . close_notify . close_notify . SSL_shutdown(3). -servername TLS (HostName). -servername_fatal (: ). -id_prefix SSL/TLS . SSL/TLS ( ) ( ). -keymatexport . -keymatexportlen 20. -no_cache . -ext_cache. . -verify_return_error . . -verify_quiet . -ign_eof (EOF) (: -quiet). -no_ign_eof (EOF) . -no_ems . -status ( OCSP stapling): OCSP () . -status_all TLS v1.3 ( ) . -status_verbose ( OCSP stapling) OCSP. -cert_chain . -status_timeout int OCSP int . -proxy [http[s]://][userinfo@]host[:port][/path][?query][#fragment] HTTP(S) OCSP -no_proxy . IPv6 "[" "]". 80 443 "https" "http://" "https://" . "http_proxy" "HTTP_PROXY" TLS "https_proxy" "HTTPS_PROXY". -no_proxy IP / DNS HTTP(S) / ( "..."). "no_proxy" "NO_PROXY". -status_url val URL URL . . URL. . -status_file infile URL OCSP OCSP . DER. OCSP . -ssl_config val SSL_CTX . -trace . -brief . -rev . -brief. -early_data. -async (asynchronous mode). . -engine. async (dasync) ( ). -max_send_frag +int . SSL_CTX_set_max_send_fragment(3) . -split_send_frag +int . max_pipelines. max_pipelines 1. SSL_CTX_set_split_send_fragment(3) . -max_pipelines +int / . ( dasync) . 1. SSL_CTX_set_max_pipelines(3) . -naccept +int . -read_buf +int . (pipelining) ( SSL_CTX_set_default_read_buffer_len(3) ). -no_tx_cert_comp TLSv1.3 . -no_rx_cert_comp TLSv1.3 . -no_comp TLS. TLS OpenSSL 1.1.0. -num_tickets TLSv1.3. 2. . -dhparam infile DH . DH DH. . . -nbio / . -timeout . -mtu (MTU) . -psk_identity val PSK val PSK . PSK "Client_identity". -psk_hint val PSK val PSK. -psk val PSK val PSK. 0x -psk 1a2b3c4d. PSK. -psk_session SSL_SESSION pem file PSK. TLSv1.3. -srpvfile SRP. . -srpuserseed . . -listen DTLS . UDP . ClientHellos . HelloVerifyRequest. ClientHello . -sctp SCTP UDP DTLS. -dtls -dtls1 -dtls1_2. OpenSSL SCTP. -sctp_label_bug OpenSSL DTLS/SCTP. . -sctp. OpenSSL SCTP. -use_srtp SRTP . -no_dhe DH DH . -alpn -nextprotoneg (ALPN) (NPN) . ALPN IETF NPN. . . ASCII "http/1.1" "spdy/3". -nextprotoneg -tls1_3. -ktls Kernel TLS . OpenSSL 3.2.0. Kernel TLS OpenSSL 3.2.0. -sendfile KTLS SSL_sendfile() BIO_write() HTTP . -ktls -WWW -HTTP. -zerocopy_sendfile SSL_sendfile() (zerocopy TX) KTLS. TLS . -sendfile -sendfile . KTLS sendfile FreeBSD . -keylogfile _ TLS ( Wireshark) TLS. -max_early_data _ ( -early_data). 16 . 0. -recv_max_early_data _ . -early_data . -www -WWW -HTTP -rev. -stateless TLSv1.3. -anti_replay -no_anti_replay . . OpenSSL TLSv1.3 . . . -tfo TCP Fast Open (RFC7413). -cert_comp (RFC8879) . -nameopt . openssl-namedisplay-options(1) . -no_ssl3 -no_tls1 -no_tls1_1 -no_tls1_2 -no_tls1_3 -ssl3 -tls1 -tls1_1 -tls1_2 -tls1_3 " TLS" openssl(1). -dtls -dtls1 -dtls1_2 DTLS TLS. " TLS" openssl(1). -bugs -comp -no_comp -no_ticket -serverpref -client_renegotiation -legacy_renegotiation -no_renegotiation -no_resumption_on_reneg -legacy_server_connect -no_legacy_server_connect -no_etm -allow_no_dhe_kex -prefer_no_dhe_kex -prioritize_chacha -strict -sigalgs algs -client_sigalgs algs -groups groups -curves curves -named_curve curve -cipher ciphers -ciphersuites 1.3ciphers -min_protocol minprot -max_protocol maxprot -record_padding padding -debug_broken_protocol -no_middlebox "SUPPORTED COMMAND LINE COMMANDS" SSL_CONF_cmd(3) . -xkey _ -xcert -xchain -xchain_build -xcertform DER|PEM -xkeyform DER|PEM . "Extended Verification Options" openssl-verification-options(1) . -CAfile -no-CAfile -CApath -no-CApath -CAstore _ -no-CAstore "Trusted Certificate Options" openssl-verification-options(1) . -rand -writerand " " openssl(1) . -engine " " openssl(1). . -provider -provider-path -provparam [:]= -propquery _ " " openssl(1) provider(7) property(7). -allow_proxy_certs -attime -no_check_time -check_ss_sig -crl_check -crl_check_all -explicit_policy -extended_crl -ignore_critical -inhibit_any -inhibit_map -no_alt_chains -partial_chain -policy -policy_check -policy_print -purpose -suiteB_128 -suiteB_128_only -suiteB_192 -trusted_first -use_deltas -auth_level -verify_depth -verify_email -verify_hostname -verify_ip -verify_name -x509_strict -issuer_checks . " " openssl-verification-options(1) . -verify_return_error. -enable_server_rpk (RFC7250) . . X.509 X.509 . / . -enable_client_rpk (RFC7250) . X.509 . X.509 X.509 . / . SSL -www -WWW . . . . q SSL . Q SSL . r SSL (TLSv1.2 ). R SSL (TLSv1.2 ). P TCP : . S . k (TLSv1.3 ) K (TLSv1.3 ) c (TLSv1.3 ) SSL. : openssl s_server -accept 443 -www . (CAs) SSL . . openssl-sess_id(1). C . SSL . : OpenSSL . . openssl(1), openssl-sess_id(1), openssl-s_client(1), openssl-ciphers(1), SSL_CONF_cmd(3), SSL_CTX_set_max_send_fragment(3), SSL_CTX_set_split_send_fragment(3), SSL_CTX_set_max_pipelines(3), ossl_store-file(7) -no_alt_chains OpenSSL 1.1.0. -allow-no-dhe-kex -prioritize_chacha OpenSSL 1.1.1. -srpvfile -srpuserseed -engine OpenSSL 3.0. -enable_client_rpk -enable_server_rpk -no_rx_cert_comp -no_tx_cert_comp -tfo OpenSSL 3.2. -status_all OpenSSL 3.6. 2000-2025 OpenSSL. . Apache 2.0 ( ""). . LICENSE . 3 . . : . 3.6.2 7 2026 OPENSSL-S_SERVER(1ssl)