[openssl-users] s_server and explicit dhparam
Le Van Gong, Hubert
hubert at levangong.org
Fri Sep 22 03:57:20 UTC 2017
Hi Ben,
Ah, good catch. Maybe the doc should be updated to mention that fact.
Does anyone know if this is on the roadmap?
Thanks,
Hubert
On 9/21/17 20:12, Benjamin Kaduk wrote:
> On 09/21/2017 03:30 AM, Le Van Gong, Hubert wrote:
>> Hi there,
>>
>> I'm trying to run opensslin server modeand leverage non-default DH
>> params with the following command:
>> sudo openssl s_server -cert server_cert.pem -dhparam dhparam_2.pem
>> -tls1_3 -accept 443
>>
>> Where the dhparam_2.pem file contains the 2 DH params I want to use.
>> However, I keep getting the following error message: Error with
>> command: "-dhparam dhparam_2.pem"
>>
>> I'm using OpenSSL 1.1.1-dev and see the same behaviour on macOS or
>> linux.
>>
>> Any idea as to what it is I am missing?
>
> It seems that what is missing is actual support in the code,
>
> diff --git a/apps/s_server.c b/apps/s_server.c
> index c45256a..d54909a 100644
> --- a/apps/s_server.c
> +++ b/apps/s_server.c
> @@ -795,6 +795,7 @@ const OPTIONS s_server_options[] = {
> {"pass", OPT_PASS, 's', "Private key file pass phrase source"},
> {"dcert", OPT_DCERT, '<',
> "Second certificate file to use (usually for DSA)"},
> + {"dhparam", OPT_DHPARAM, '<', "DH parameters file to use"},
> {"dcertform", OPT_DCERTFORM, 'F',
> "Second certificate format (PEM or DER) PEM default"},
> {"dkey", OPT_DKEY, '<',
>
>
> -Ben
More information about the openssl-users
mailing list