GnuTLS 使用手册
😄 @by sizaif
📆 2021-05-17 16:23:57
[TOC]
命令行解析
gnutls-serv
https://gnutls.org/manual/html_node/gnutls_002dserv-Invocation.html
GnuTLS server
gnutls-serv - GnuTLS server
Usage: gnutls-serv [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
-d, --debug=num Enable debugging
- it must be in the range:
0 to 9999
--sni-hostname=str Server's hostname for server name extension
--sni-hostname-fatal Send fatal alert on sni-hostname mismatch
--alpn=str Specify ALPN protocol to be enabled by the server
- may appear multiple times
--alpn-fatal Send fatal alert on non-matching ALPN name
--noticket Don't accept session tickets
--earlydata Accept early data
--maxearlydata=num The maximum early data size to accept
- it must be in the range:
greater than or equal to 1
--nocookie Don't require cookie on DTLS sessions
-g, --generate Generate Diffie-Hellman parameters
-q, --quiet Suppress some messages
--nodb Do not use a resumption database
--http Act as an HTTP server
--echo Act as an Echo server
--crlf Do not replace CRLF by LF in Echo server mode
-u, --udp Use DTLS (datagram TLS) over UDP
--mtu=num Set MTU for datagram TLS
- it must be in the range:
0 to 17000
--srtp-profiles=str Offer SRTP profiles
-a, --disable-client-cert Do not request a client certificate
- prohibits the option 'require-client-cert'
-r, --require-client-cert Require a client certificate
--verify-client-cert If a client certificate is sent then verify it.
-b, --heartbeat Activate heartbeat support
--x509fmtder Use DER format for certificates to read from
--priority=str Priorities string
--dhparams=file DH params file to use
- file must pre-exist
--x509cafile=str Certificate file or PKCS #11 URL to use
--x509crlfile=file CRL file to use
- file must pre-exist
--x509keyfile=str X.509 key file or PKCS #11 URL to use
- may appear multiple times
--x509certfile=str X.509 Certificate file or PKCS #11 URL to use
- may appear multiple times
--rawpkkeyfile=str Private key file (PKCS #8 or PKCS #12) or PKCS #11 URL to use
- may appear multiple times
--rawpkfile=str Raw public-key file to use
- requires the option 'rawpkkeyfile'
- may appear multiple times
--srppasswd=file SRP password file to use
- file must pre-exist
--srppasswdconf=file SRP password configuration file to use
- file must pre-exist
--pskpasswd=file PSK password file to use
- file must pre-exist
--pskhint=str PSK identity hint to use
--ocsp-response=str The OCSP response to send to client
- may appear multiple times
--ignore-ocsp-response-errors Ignore any errors when setting the OCSP response
-p, --port=num The port to connect to
-l, --list Print a list of the supported algorithms and modes
--provider=file Specify the PKCS #11 provider library
- file must pre-exist
--keymatexport=str Label used for exporting keying material
--keymatexportsize=num Size of the exported keying material
--recordsize=num The maximum record size to advertise
- it must be in the range:
0 to 16384
--httpdata=file The data used as HTTP response
- file must pre-exist
-v, --version[=arg] output version information and exit
-h, --help display extended usage information and exit
-!, --more-help extended usage information passed thru pager
Options are specified by doubled hyphens and their name or by a single
hyphen and the flag character.
Server program that listens to incoming TLS connections.使用
服务端
Note that the server listens to port 5556 by default.
例子
gnutls-serv --http --x509keyfile experiments/keystore/rsa2048_key.pem --x509certfile experiments/keystore/rsa2048_cert.pem --x509cafile experiments/keystore/rsa2048_cert.pem --pskpasswd experiments/keystore/keys.psk --priority NORMAL:+PSK:+SRP --mtu 1500 -p 30002"