aboutsummaryrefslogtreecommitdiff
path: root/openssl/doc/apps/s_server.pod
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/doc/apps/s_server.pod')
-rw-r--r--openssl/doc/apps/s_server.pod40
1 files changed, 40 insertions, 0 deletions
diff --git a/openssl/doc/apps/s_server.pod b/openssl/doc/apps/s_server.pod
index f9b9ca532..2105b603b 100644
--- a/openssl/doc/apps/s_server.pod
+++ b/openssl/doc/apps/s_server.pod
@@ -35,6 +35,7 @@ B<openssl> B<s_server>
[B<-CAfile filename>]
[B<-nocert>]
[B<-cipher cipherlist>]
+[B<-serverpref>]
[B<-quiet>]
[B<-no_tmp_rsa>]
[B<-ssl2>]
@@ -55,6 +56,11 @@ B<openssl> B<s_server>
[B<-no_ticket>]
[B<-id_prefix arg>]
[B<-rand file(s)>]
+[B<-status>]
+[B<-status_verbose>]
+[B<-status_timeout nsec>]
+[B<-status_url url>]
+[B<-nextprotoneg protocols>]
=head1 DESCRIPTION
@@ -150,6 +156,9 @@ the client. With the B<-verify> option a certificate is requested but the
client does not have to send one, with the B<-Verify> option the client
must supply a certificate or an error occurs.
+If the ciphersuite cannot request a client certificate (for example an
+anonymous ciphersuite or PSK) this option has no effect.
+
=item B<-crl_check>, B<-crl_check_all>
Check the peer certificate has not been revoked by its CA.
@@ -231,6 +240,10 @@ also included in the server list is used. Because the client specifies
the preference order, the order of the server cipherlist irrelevant. See
the B<ciphers> command for more information.
+=item B<-serverpref>
+
+use the server's cipher preferences, rather than the client's preferences.
+
=item B<-tlsextdebug>
print out a hex dump of any TLS extensions received from the server.
@@ -282,6 +295,33 @@ Multiple files can be specified separated by a OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
+=item B<-status>
+
+enables certificate status request support (aka OCSP stapling).
+
+=item B<-status_verbose>
+
+enables certificate status request support (aka OCSP stapling) and gives
+a verbose printout of the OCSP response.
+
+=item B<-status_timeout nsec>
+
+sets the timeout for OCSP response to B<nsec> seconds.
+
+=item B<-status_url url>
+
+sets a fallback responder URL to use if no responder URL is present in the
+server certificate. Without this option an error is returned if the server
+certificate does not contain a responder address.
+
+=item B<-nextprotoneg protocols>
+
+enable Next Protocol Negotiation TLS extension and provide a
+comma-separated list of supported protocol names.
+The list should contain most wanted protocols first.
+Protocol names are printable ASCII strings, for example "http/1.1" or
+"spdy/3".
+
=back
=head1 CONNECTED COMMANDS