<Please advise> Ues 'openssl s_server command' to disable TLS1.0
Matt Caswell
matt at openssl.org
Tue Mar 3 10:51:25 UTC 2020
On 03/03/2020 07:48, guoxiaobinni at 163.com wrote:
> Dear All,
>
>
>
> I hit the following error when used ‘openssl s_server -no_tls1’ command
> to disable TLS1.0 on Redhat Linux server.
Your question is slightly ambiguous. It implies you expect the command
to disable TLSv1.0 for all applications on your server. If that is what
you meant then you will be disappointed. "openssl s_server" runs a test
server to enable testing TLS connections from clients. The "-no_tls1"
option disables TLSv1.0 for that test server instance only.
If you really mean to start a test server then you need to additionally
supply a key and certificate file. By default s_server will look for the
key/cert in the file server.pem in the current working directory.
Otherwise you have to explicitly state the location of these files with
the "-key" and "-cert" options.
Matt
> It shows the openssl version
> as well.
>
>
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------
>
> $ openssl version
>
> OpenSSL 1.0.1e-fips 11 Feb 2013
>
> $ openssl s_server –no_tls1
>
> Error opening server certificate private key file server.pem
>
> 140057863432008:error:02001002:system library:fopen:No such file or
> directory:bss_file.c:398:fopen(‘server.pem’,’r’)
>
> 140057863432008:error:20074002:BIO routines:FILE_CTRL:system
> lib:bss_file.c:400:
>
> unable to load server certificate private key file
>
> -----------------------------------------------------------------------------------------------------------------------------------------------------
>
>
>
> I can’t confirm if the command format is fine or not. Would you please
> help to correct me?
>
>
>
> Thanks and Regards,
>
> Chobin Guo
>
More information about the openssl-users
mailing list