[openssl-users] s_server and explicit dhparam

Benjamin Kaduk bkaduk at akamai.com
Thu Sep 21 12:12:53 UTC 2017

On 09/21/2017 03:30 AM, Le Van Gong, Hubert wrote:
> Hi there,
> I'm trying to run opensslin server modeand leverage non-default DH
> params with the following command:
> sudo openssl s_server -cert server_cert.pem -dhparam dhparam_2.pem
> -tls1_3 -accept 443
> Where the dhparam_2.pem file contains the 2 DH params I want to use.
> However, I keep getting the following error message: Error with
> command: "-dhparam dhparam_2.pem"
> I'm using OpenSSL 1.1.1-dev and see the same behaviour on macOS or linux.
> Any idea as to what it is I am missing?

It seems that what is missing is actual support in the code,

diff --git a/apps/s_server.c b/apps/s_server.c
index c45256a..d54909a 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -795,6 +795,7 @@ const OPTIONS s_server_options[] = {
     {"pass", OPT_PASS, 's', "Private key file pass phrase source"},
     {"dcert", OPT_DCERT, '<',
      "Second certificate file to use (usually for DSA)"},
+    {"dhparam", OPT_DHPARAM, '<', "DH parameters file to use"},
     {"dcertform", OPT_DCERTFORM, 'F',
      "Second certificate format (PEM or DER) PEM default"},
     {"dkey", OPT_DKEY, '<',

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170921/4b484f34/attachment.html>

More information about the openssl-users mailing list