184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
|
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
|
-
-
-
+
+
+
-
+
+
-
+
+
-
+
+
+
-
+
+
+
|
is set to true, then <strong>-request</strong> must also be set to true
and a either a -cadir, -cafile, or platform default must be provided in
order to validate against. (default is <em>false</em>)</dd>
<dt><strong>-security_level</strong> <em>integer</em></dt>
<dd>Specifies the security level (value from 0 to 5). The security level
affects the cipher suite encryption algorithms, supported ECC curves,
supported signature algorithms, DH parameter sizes, certificate key
sizes and signature algorithms. The default is 1. Level 3 and higher
disable support for session tickets and only accept cipher suites that
provide forward secrecy.</dd>
sizes and signature algorithms. The default is 1 prior to OpenSSL 3.2
and 2 thereafter. Level 3 and higher disable support for session
tickets and only accept cipher suites that provide forward secrecy.</dd>
<dt><strong>-server</strong> <em>bool</em></dt>
<dd>Specifies whether to act as a server and respond with a server
handshake when a client connects and provides a client handshake.
(default is <em>false</em>)</dd>
<dt><strong>-servername</strong> <em>host</em></dt>
<dd>Specify server's hostname. This is used to set the TLS Server Name
Indication (SNI) extension. Set this to the expected servername in the
server's certificate or one of the subjectAltName alternates.</dd>
<dt><strong>-session_id</strong> <em>string</em></dt>
<dd>Specifies the session id to resume session.</dd>
<dt><strong>-ssl2</strong> <em>bool</em></dt>
<dd>Enable use of SSL v2. (default is <em>false</em>)</dd>
<dd>Enable use of SSL v2. (default is <em>false</em>).
Note: Recent versions of OpenSSL don't support SSLv2.</dd>
<dt><strong>-ssl3 </strong><em>bool</em></dt>
<dd>Enable use of SSL v3. (default is <em>false</em>)</dd>
<dd>Enable use of SSL v3. (default is <em>false</em>).
Note: SSL v3 must also be enabled with a compile time option.</dd>
<dt>-<strong>tls1</strong> <em>bool</em></dt>
<dd>Enable use of TLS v1. (default is <em>true</em>)</dd>
<dd>Enable use of TLS v1. (default is <em>true</em>).
Note: TLS 1.0 needs SHA1 to operate, which is only available in
security level 0 for Open SSL 3.0+.</dd>
<dt>-<strong>tls1.1</strong> <em>bool</em></dt>
<dd>Enable use of TLS v1.1 (default is <em>true</em>)</dd>
<dd>Enable use of TLS v1.1 (default is <em>true</em>).
Note: TLS 1.1 needs SHA1 to operate, which is only available in
security level 0 for Open SSL 3.0+.</dd>
<dt>-<strong>tls1.2</strong> <em>bool</em></dt>
<dd>Enable use of TLS v1.2 (default is <em>true</em>)</dd>
<dt>-<strong>tls1.3</strong> <em>bool</em></dt>
<dd>Enable use of TLS v1.3 (default is <em>true</em>)</dd>
<dt><strong>-validatecommand</strong> <em>callback</em></dt>
<dd>Specifies the callback command to invoke to validate protocol
config parameters during the protocol negotiation phase. This can be
|