[openssl-users] s_server and explicit dhparam
Benjamin Kaduk
bkaduk at akamai.com
Thu Sep 21 12:12:53 UTC 2017
On 09/21/2017 03:30 AM, Le Van Gong, Hubert wrote:
> Hi there,
>
> I'm trying to run opensslin server modeand leverage non-default DH
> params with the following command:
> sudo openssl s_server -cert server_cert.pem -dhparam dhparam_2.pem
> -tls1_3 -accept 443
>
> Where the dhparam_2.pem file contains the 2 DH params I want to use.
> However, I keep getting the following error message: Error with
> command: "-dhparam dhparam_2.pem"
>
> I'm using OpenSSL 1.1.1-dev and see the same behaviour on macOS or linux.
>
> Any idea as to what it is I am missing?
It seems that what is missing is actual support in the code,
diff --git a/apps/s_server.c b/apps/s_server.c
index c45256a..d54909a 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -795,6 +795,7 @@ const OPTIONS s_server_options[] = {
{"pass", OPT_PASS, 's', "Private key file pass phrase source"},
{"dcert", OPT_DCERT, '<',
"Second certificate file to use (usually for DSA)"},
+ {"dhparam", OPT_DHPARAM, '<', "DH parameters file to use"},
{"dcertform", OPT_DCERTFORM, 'F',
"Second certificate format (PEM or DER) PEM default"},
{"dkey", OPT_DKEY, '<',
-Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170921/4b484f34/attachment.html>
More information about the openssl-users
mailing list