The TCP port to listen on for connections. If not specified 4433 is used.

The optional TCP host and port to listen on for connections. If not specified, *:4433 is used.

The server will exit after receiving number connections, default unlimited.

Unix domain socket to accept on.

For -unix, unlink existing socket first.

Use IPv4 only.

Use IPv6 only.

Sets the SSL context id. It can be given any string value. If this option is not present a default value will be used.

The certificate to use, most servers cipher suites require the use of a certificate and some require a certificate with a certain public key type: for example the DSS cipher suites require a certificate containing a DSS (DSA) key. If not specified then the filename "server.pem" will be used.

The certificate format to use: DER or PEM. PEM is the default.

The private key to use. If not specified then the certificate file will be used.

The private format to use: DER or PEM. PEM is the default.

Additional certificate and private key format and passphrase respectively.

If this option is set then no certificate is used. This restricts the cipher suites available to the anonymous ones (currently just anonymous DH).

The DH parameter file to use. The ephemeral DH cipher suites generate keys using a set of DH parameters. If not specified then an attempt is made to load the parameters from the server certificate file. If this fails then a static set of parameters hard coded into the s_server program will be used.

If this option is set then no DH parameters will be loaded effectively disabling the ephemeral DH cipher suites.

Check the peer certificate has not been revoked by its CA. The CRL(s) are appended to the certificate file. With the -crl_check_all option all CRLs of all CAs in the chain are checked.

The directory to use for client certificate verification. This directory must be in "hash format", see verify for more information. These are also used when building the server certificate chain.

A file containing trusted certificates to use during client authentication and to use when attempting to build the server certificate chain. The list is also used in the list of acceptable client CAs passed to the client when a certificate is requested.

Do not load the trusted CA certificates from the default file location

Do not load the trusted CA certificates from the default directory location

The verify depth to use. This specifies the maximum length of the client certificate chain and makes the server request a certificate from the client. With the -verify option a certificate is requested but the client does not have to send one, with the -Verify option the client must supply a certificate or an error occurs.

If the ciphersuite cannot request a client certificate (for example an anonymous ciphersuite or PSK) this option has no effect.

Prints the SSL session states.

Print extensive debugging information including a hex dump of all traffic.

Show all protocol messages with hex dump.

Show verbose trace output of protocol messages. OpenSSL needs to be compiled with enable-ssl-trace for this option to work.

File to send output of -msg or -trace to, default standard output.

Tests non blocking I/O

Turns on non blocking I/O

This option translated a line feed from the terminal into CR+LF.

Inhibit printing of session and certificate information.

Use the PSK identity hint hint when using a PSK cipher suite.

Use the PSK key key when using a PSK cipher suite. The key is given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. This option must be provided in order to use a PSK cipher.

These options require or disable the use of the specified SSL or TLS protocols. By default s_server will negotiate the highest mutually supported protocol version. When a specific TLS version is required, only that version will be accepted from the client.

These options make s_server use DTLS protocols instead of TLS. With -dtls, s_server will negotiate any supported DTLS protocol version, whilst -dtls1 and -dtls1_2 will only support DTLSv1.0 and DTLSv1.2 respectively.

This option can only be used in conjunction with one of the DTLS options above. With this option s_server will listen on a UDP port for incoming connections. Any ClientHellos that arrive will be checked to see if they have a cookie in them or not. Any without a cookie will be responded to with a HelloVerifyRequest. If a ClientHello with a cookie is received then s_server will connect to that peer and complete the handshake.

Switch on asynchronous mode. Cryptographic operations will be performed asynchronously. This will only have an effect if an asynchronous capable engine is also used via the -engine option. For test purposes the dummy async engine (dasync) can be used (if available).

Enable negotiation of TLS compression. This option was introduced in OpenSSL 1.1.0. TLS compression is not recommended and is off by default as of OpenSSL 1.1.0.

Disable negotiation of TLS compression. TLS compression is not recommended and is off by default as of OpenSSL 1.1.0.

Provide a brief summary of connection parameters instead of the normal verbose output.

Signature algorithms to support for client certificate authentication (colon-separated list)

Specifies the elliptic curve to use. NOTE: this is single curve, not a list. For a list of all possible curves, use:

$ openssl ecparam -list_curves

This allows the cipher list used by the server to be modified. When the client sends a list of supported ciphers the first client cipher also included in the server list is used. Because the client specifies the preference order, the order of the server cipherlist irrelevant. See the ciphers command for more information.

Use the server's cipher preferences, rather than the client's preferences.

Print a hex dump of any TLS extensions received from the server.

Disable RFC4507bis session ticket support.

Sends a status message back to the client when it connects. This includes information about the ciphers used and various session parameters. The output is in HTML format so this option will normally be used with a web browser.

Emulates a simple web server. Pages will be resolved relative to the current directory, for example if the URL https://myhost/page.html is requested the file ./page.html will be loaded.

Emulates a simple web server. Pages will be resolved relative to the current directory, for example if the URL https://myhost/page.html is requested the file ./page.html will be loaded. The files loaded are assumed to contain a complete and correct HTTP response (lines that are part of the HTTP response line and headers must end with CRLF).

Simple test server which just reverses the text received from the client and sends it back to the server. Also sets -brief.

Specifying an engine (by its unique id string) will cause s_server to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

Generate SSL/TLS session IDs prefixed by arg. This is mostly useful for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple servers, when each of which might be generating a unique range of session IDs (eg. with a certain prefix).

Set the SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION option.

Enables certificate status request support (aka OCSP stapling).

Enables certificate status request support (aka OCSP stapling) and gives a verbose printout of the OCSP response.

Sets the timeout for OCSP response to nsec seconds.

Sets a fallback responder URL to use if no responder URL is present in the server certificate. Without this option an error is returned if the server certificate does not contain a responder address.

these flags enable the Enable the Application-Layer Protocol Negotiation or Next Protocol Negotiation extension, respectively. ALPN is the IETF standard and replaces NPN. The protocols list is a comma-separated list of supported protocol names. The list should contain most wanted protocols first. Protocol names are printable ASCII strings, for example "http/1.1" or "spdy/3".