<Please advise> Ues 'openssl s_server command' to disable TLS1.0

guoxiaobinni at 163.com guoxiaobinni at 163.com
Wed Mar 4 08:31:20 UTC 2020 

Thanks Matt, 

As your advice, I tried to execute the following both commands to disable TLS 1.0 for Client and Server separately. Since I have no right to access private keyfile, of course they failed. Could you please correct me if the command format is fine? I then will assign them to senior colleague to execute.

$ openssl s_server -no_tls1 -key keyfile -cert certname
$ openssl s_client -no_tls1 -key keyfile [-cert certname]

Thanks.
Chobin

-----邮件原件-----
发件人: openssl-users-bounces at openssl.org [mailto:openssl-users-bounces at openssl.org] 代表 Matt Caswell
发送时间: 2020年3月3日 18:51
收件人: openssl-users at openssl.org
主题: Re: <Please advise> Ues 'openssl s_server command' to disable TLS1.0



On 03/03/2020 07:48, guoxiaobinni at 163.com wrote:
> Dear All,
> 
>  
> 
> I hit the following error when used ‘openssl s_server -no_tls1’ command
> to disable TLS1.0 on Redhat Linux server.

Your question is slightly ambiguous. It implies you expect the command
to disable TLSv1.0 for all applications on your server. If that is what
you meant then you will be disappointed. "openssl s_server" runs a test
server to enable testing TLS connections from clients. The "-no_tls1"
option disables TLSv1.0 for that test server instance only.

If you really mean to start a test server then you need to additionally
supply a key and certificate file. By default s_server will look for the
key/cert in the file server.pem in the current working directory.
Otherwise you have to explicitly state the location of these files with
the "-key" and "-cert" options.

Matt



> It shows the openssl version
> as well.
> 
>  
> 
> ----------------------------------------------------------------------------------------------------------------------------------------------------
> 
> $ openssl version
> 
> OpenSSL 1.0.1e-fips 11 Feb 2013
> 
> $ openssl s_server –no_tls1
> 
> Error opening server certificate private key file server.pem
> 
> 140057863432008:error:02001002:system library:fopen:No such file or
> directory:bss_file.c:398:fopen(‘server.pem’,’r’)
> 
> 140057863432008:error:20074002:BIO routines:FILE_CTRL:system
> lib:bss_file.c:400:
> 
> unable to load server certificate private key file
> 
> -----------------------------------------------------------------------------------------------------------------------------------------------------
> 
>  
> 
> I can’t confirm if the command format is fine or not. Would you please
> help to correct me?
> 
>  
> 
> Thanks and Regards,
> 
> Chobin Guo
>

More information about the openssl-users mailing list