openssl/doc/openssl.pod
Ralf S. Engelschall ea14a91f64 Move s_server -dcert and -dkey options out of the undocumented feature area
because they are useful for the DSA situation and should be recognized by the
users. Thanks to Steve for the original hint.
1999-02-25 11:26:26 +00:00

304 lines
5 KiB
Text

=pod
=head1 NAME
openssl - OpenSSL command line tool
=head1 SYNOPSIS
B<openssl>
I<command>
[ I<command_opts> ]
[ I<command_args> ]
=head1 DESCRIPTION
OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL
v2/v3) and Transport Layer Security (TLS v1) network protocols and related
cryptography standards required by them.
The B<openssl> program is a command line tool for using the various
cryptography functions of OpenSSL's B<crypto> library from the shell.
It can be used for
o Creation of RSA, DH and DSA key parameters
o Creation of X.509 certificates, CSRs and CRLs
o Calculation of Message Digests
o Encryption and Decryption with Ciphers
o SSL/TLS Client and Server Tests
=head1 COMMAND SUMMARY
The B<openssl> program provides a rich variety of commands (I<command> in the
SYNOPSIS above), each of which often has a wealth of options and arguments
(I<command_opts> and I<command_args> in the SYNOPSIS).
=head2 STANDARD COMMANDS
=over 10
=item B<asn1parse>
Parse an ASN.1 sequence.
=item B<ca>
Certificate Authority (CA) Management.
=item B<ciphers>
Cipher Suite Description Determination.
=item B<crl>
Certificate Revokation List (CRL) Management.
=item B<crl2pkcs7>
CRL2 to PKCS#7 Conversion.
=item B<dgst>
Message Digest Calculation.
=item B<dh>
Diffie-Hellman Data Management.
=item B<dsa>
DSA Data Management.
=item B<dsaparam>
DSA Parameter Generation.
=item B<enc>
Encoding with Ciphers.
=item B<errstr>
Error Number to Error String Conversion.
=item B<gendh>
Generation of Diffie-Hellman Parameters.
=item B<gendsa>
Generation of DSA Parameters.
=item B<genrsa>
Generation of RSA Parameters.
=item B<pkcs7>
PKCS#7 Data Management.
=item B<req>
X.509 Certificate Signing Request (CSR) Management.
=item B<rsa>
RSA Data Management.
=item B<s_client>
This implements a generic SSL/TLS client which can establish a transparent
connection to a remote server speaking SSL/TLS. It's intended for testing
purposes only and provides only rudimentary interface functionality but
internally uses mostly all functionality of the OpenSSL B<ssl> library.
=item B<s_server>
This implements a generic SSL/TLS server which accepts connections from remote
clients speaking SSL/TLS. It's intended for testing purposes only and provides
only rudimentary interface functionality but internally uses mostly all
functionality of the OpenSSL B<ssl> library. It provides both an own command
line oriented protocol for testing SSL functions and a simple HTTP response
facility to emulate an SSL/TLS-aware webserver.
=item B<s_time>
SSL Connection Timer.
=item B<sess_id>
SSL Session Data Management.
=item B<speed>
Algorithm Speed Measurement.
=item B<verify>
X.509 Certificate Verification.
=item B<version>
OpenSSL Version Information.
=item B<x509>
X.509 Certificate Data Management.
=back
=head2 MESSAGE DIGEST COMMANDS
=over 10
=item B<md2>
MD2 Digest
=item B<md5>
MD5 Digest
=item B<mdc2>
MDC2 Digest
=item B<rmd160>
RMD-160 Digest
=item B<sha>
SHA Digest
=item B<sha1>
SHA-1 Digest
=back
=head2 ENCODING AND CIPHER COMMANDS
=over 10
=item B<base64>
Base64 Encoding
=item B<bf bf-cbc bf-cfb bf-ecb bf-ofb>
Blowfish Cipher
=item B<cast cast-cbc>
CAST Cipher
=item B<cast5-cbc cast5-cfb cast5-ecb cast5-ofb>
CAST5 Cipher
=item B<des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb>
DES Cipher
=item B<des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb>
Triple-DES Cipher
=item B<idea idea-cbc idea-cfb idea-ecb idea-ofb>
IDEA Cipher
=item B<rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb>
RC2 Cipher
=item B<rc4>
RC4 Cipher
=item B<rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb>
RC5 Cipher
=back
=head1 DETAILED COMMAND DESCRIPTION
The following is a detailed description of every B<openssl> I<command>.
=over 4
=item B<openssl> B<s_client>
[B<-connect> I<host>B<:>I<port>]
[B<-verify> I<arg>]
[B<-cert> I<arg>]
[B<-key> I<arg>]
[B<-CApath> I<arg>]
[B<-CAfile> I<arg>]
[B<-reconnect>]
[B<-pause>]
[B<-debug>]
[B<-nbio_test>]
[B<-state>]
[B<-nbio>]
[B<-quiet>]
[B<-ssl2>]
[B<-ssl3>]
[B<-tls1>]
[B<-no_ssl2>]
[B<-no_ssl3>]
[B<-no_tls1>]
[B<-bugs>]
[B<-cipher>]
The B<s_client> command implements a generic SSL/TLS client which can
establish a transparent connection to a remote I<host> and I<port> speaking
SSL/TLS.
=item B<openssl> B<s_server>
[B<-accept> I<port>]
[B<-verify> I<arg>]
[B<-Verify> I<arg>]
[B<-cert> I<arg>]
[B<-key> I<arg>]
[B<-dcert> I<arg>]
[B<-dkey> I<arg>]
[B<-nbio>]
[B<-nbio_test>]
[B<-debug>]
[B<-state>]
[B<-CApath> I<arg>]
[B<-CAfile> I<arg>]
[B<-nocert>]
[B<-cipher> I<arg>]
[B<-quiet>]
[B<-no_tmp_rsa>]
[B<-ssl2>]
[B<-ssl3>]
[B<-tls1>]
[B<-no_ssl2>]
[B<-no_ssl3>]
[B<-no_tls1>]
[B<-bugs>]
[B<-www>]
[B<-WWW>]
The B<s_server> command implements a generic SSL/TLS server which accepts
connections from remote clients on I<port> speaking SSL/TLS.
=back
...
=head1 SEE ALSO
crypto(3), ssl(3)
=head1 HISTORY
The openssl(3) document appeared in OpenSSL 0.9.2
=cut