| blob | 9b8c4252ea5898d950ffbdff19885c9e01cd8284 |
1 .TH gnutls\-serv 1 "December 1st 2003"
2 .SH NAME
3 gnutls\-serv \- GNU TLS test server
4 .SH SYNOPSIS
5 gnutls\-serv [\fIoptions\fR]
6 .SH DESCRIPTION
7 Simple server program that listens to incoming TLS connections.
8 .SH OPTIONS
9 .SS Program control options
10 .IP "\-d, \-\-debug LEVEL"
11 Specify the debug level. Default is 1.
12 .IP "\-h, \-\-help"
13 prints this help
14 .IP "\-l, \-\-list"
15 Print a list of the supported algorithms and modes.
16 .IP "\-q, \-\-quiet"
17 Suppress some messages.
18 .IP "\-v, \-\-version"
19 prints the program's version number
21 .SS Server options
22 .IP "\-p, \-\-port \fIinteger\fR"
23 The port to listen on.
24 .IP "\-\-nodb"
25 Does not use the resume database.
26 .IP "\-\-http"
27 Act as an HTTP Server.
28 .IP "\-\-echo"
29 Act as an Echo Server.
31 .SS TLS/SSL control options
32 .IP "\-\-priority \fIPRIORITY STRING\fR"
33 TLS algorithms and protocols to enable.
34 Unless the first keyword is "NONE" the defaults are:
35 .IP
36 Protocols: TLS1.1, TLS1.0, and SSL3.0.
37 .IP
38 Compression: NULL.
39 .IP
40 Certificate types: X.509, OpenPGP.
41 .IP
42 You can also use predefined sets of ciphersuites such as:
43 .IP
44 .B "PERFORMANCE"
45 all the "secure" ciphersuites are enabled, limited to 128 bit
46 ciphers and sorted by terms of speed performance.
47 .IP
48 .B "NORMAL"
49 option enables all "secure" ciphersuites. The 256-bit ciphers
50 are included as a fallback only. The ciphers are sorted by security
51 margin.
52 .IP
53 .B "SECURE128"
54 flag enables all "secure" ciphersuites with ciphers up to
55 128 bits, sorted by security margin.
56 .IP
57 .B "SECURE256"
58 flag enables all "secure" ciphersuites including the 256 bit
59 ciphers, sorted by security margin.
60 .IP
61 .B "EXPORT"
62 all the ciphersuites are enabled, including the
63 low-security 40 bit ciphers.
64 .IP
65 .B "NONE"
66 nothing is enabled. This disables even protocols and
67 compression methods.
68 .IP
69 .IP
70 Special keywords:
71 .IP
72 "!" or "-" appended with an algorithm will remove this algorithm.
73 .IP
74 "+" appended with an algorithm will add this algorithm.
75 .IP
76 "%COMPAT" will enable compatibility features for a server.
77 .IP
78 To avoid collisions in order to specify a compression algorithm in
79 this string you have to prefix it with "COMP-", protocol versions
80 with "VERS-" and certificate types with "CTYPE-". All other
81 algorithms don't need a prefix.
82 .IP
83 .B Examples:
84 .IP
85 "NORMAL"
86 .IP
87 "NORMAL:%COMPAT"
88 .IP
89 "NORMAL:!AES-128-CBC"
90 .IP
91 "NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"
93 .IP "\-g, \-\-generate"
94 Generate Diffie-Hellman Parameters.
95 .IP "\-\-kx \fIkx1 kx2...\fR"
96 Key exchange methods to enable (use \fBgnutls\-cli \-\-list\fR to show
97 the supported key exchange methods).
98 .IP "\-p, \-\-port \fIinteger\fR"
99 The port to connect to.
101 .SS Certificate options
102 .IP "\-\-pgpcertfile \fIFILE\fR"
103 PGP Public Key (certificate) file to use.
104 .IP "\-\-pgpkeyfile \fIFILE\fR"
105 PGP Key file to use.
106 .IP "\-\-pgpkeyring \fIFILE\fR"
107 PGP Key ring file to use.
108 .IP "\-\-pgptrustdb \fIFILE\fR"
109 PGP trustdb file to use.
110 .IP "\-\-srppasswd \fIFILE\fR"
111 SRP password file to use.
112 .IP "\-\-srppasswdconf \fIFILE\fR"
113 SRP password configuration file to use.
114 .IP "\-\-x509cafile \fIFILE\fR"
115 Certificate file to use.
116 .IP "\-\-x509certfile \fIFILE\fR"
117 X.509 Certificate file to use.
118 .IP "\-\-x509fmtder"
119 Use DER format for certificates
120 .IP "\-\-x509keyfile \fIFILE\fR"
121 X.509 key file to use.
123 .SH "SEE ALSO"
124 .BR gnutls\-cli (1),
125 .BR gnutls\-cli\-debug (1)
126 .SH AUTHOR
127 .PP
128 Nikos Mavroyanopoulos <nmav@gnutls.org> and others; see
129 /usr/share/doc/gnutls\-bin/AUTHORS for a complete list.
130 .PP
131 This manual page was written by Ivo Timmermans <ivo@debian.org>, for
132 the Debian GNU/Linux system (but may be used by others).