gnutls\-servSection: User Commands (1)
Updated: December 1st 2003
Index Return to Main Contents
NAMEgnutls-serv - GNU TLS test server
DESCRIPTIONSimple server program that listens to incoming TLS connections.
Program control options
- -d, --debug LEVEL
- Specify the debug level. Default is 1.
- -h, --help
- prints this help
- -l, --list
- Print a list of the supported algorithms and modes.
- -q, --quiet
- Suppress some messages.
- -v, --version
prints the program's version number
- -p, --port integer
- The port to listen on.
- Does not use the resume database.
- Act as an HTTP Server.
Act as an Echo Server.
TLS/SSL control options
- --priority PRIORITY STRING
- TLS algorithms and protocols to enable. Unless the first keyword is "NONE" the defaults are:
- Protocols: TLS1.1, TLS1.0, and SSL3.0.
- Compression: NULL.
- Certificate types: X.509, OpenPGP.
- You can also use predefined sets of ciphersuites such as:
- PERFORMANCE all the "secure" ciphersuites are enabled, limited to 128 bit ciphers and sorted by terms of speed performance.
- NORMAL option enables all "secure" ciphersuites. The 256-bit ciphers are included as a fallback only. The ciphers are sorted by security margin.
- SECURE128 flag enables all "secure" ciphersuites with ciphers up to 128 bits, sorted by security margin.
- SECURE256 flag enables all "secure" ciphersuites including the 256 bit ciphers, sorted by security margin.
- EXPORT all the ciphersuites are enabled, including the low-security 40 bit ciphers.
- NONE nothing is enabled. This disables even protocols and compression methods.
- Special keywords:
- "%UNSAFE_RENEGOTIATION" Permits (re-)handshakes even unsafe ones.
- "%PARTIAL_RENEGOTIATION" Prevents renegotiation with clients and servers not supporting the safe renegotiation extension. (default)
- "%SAFE_RENEGOTIATION" will enable safe renegotiation. This is the most secure and recommended option for clients. However this will prevent from connecting to legacy servers.
- To avoid collisions in order to specify a compression algorithm in this string you have to prefix it with "COMP-", protocol versions with "VERS-" and certificate types with "CTYPE-". All other algorithms don't need a prefix.
- -g, --generate
- Generate Diffie-Hellman Parameters.
- --kx kx1 kx2...
- Key exchange methods to enable (use gnutls-cli --list to show the supported key exchange methods).
- -p, --port integer
The port to connect to.
- --pgpcertfile FILE
- PGP Public Key (certificate) file to use.
- --pgpkeyfile FILE
- PGP Key file to use.
- --pgpkeyring FILE
- PGP Key ring file to use.
- --pgptrustdb FILE
- PGP trustdb file to use.
- --srppasswd FILE
- SRP password file to use.
- --srppasswdconf FILE
- SRP password configuration file to use.
- --x509cafile FILE
- Certificate file to use.
- --x509certfile FILE
- X.509 Certificate file to use.
- Use DER format for certificates
- --x509keyfile FILE
X.509 key file to use.
SEE ALSOgnutls-cli(1), gnutls-cli-debug(1)
Nikos Mavroyanopoulos <[email protected]> and others; see /usr/share/doc/gnutls-bin/AUTHORS for a complete list.
This manual page was written by Ivo Timmermans <[email protected]>, for the Debian GNU/Linux system (but may be used by others).
- SEE ALSO
This document was created by man2html, using the manual pages.
Time: 05:29:04 GMT, December 24, 2015