mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-06-27 15:43:42 +08:00
Update TLS help message
This commit is contained in:
Zhi Guan
@@ -8,98 +8,63 @@
|
||||
*/
|
||||
|
||||
"\n"
|
||||
" -cipher_suite options\n"
|
||||
" TLS_ECDHE_SM4_CBC_SM3 TLS 1.2\n"
|
||||
" TLS_ECDHE_SM4_GCM_SM3 TLS 1.2\n"
|
||||
" TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS 1.2\n"
|
||||
" TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS 1.2\n"
|
||||
"Supported cipher suites:\n"
|
||||
" TLS_ECDHE_SM4_CBC_SM3\n"
|
||||
" TLS_ECDHE_SM4_GCM_SM3\n"
|
||||
#if defined(ENABLE_AES) && defined(ENABLE_SHA2) && defined(ENABLE_SECP256R1)
|
||||
" TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256\n"
|
||||
" TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n"
|
||||
#ifdef ENABLE_AES_CCM
|
||||
" TLS_ECDHE_ECDSA_WITH_AES_128_CCM\n"
|
||||
#endif
|
||||
#endif
|
||||
"\n"
|
||||
"\n"
|
||||
"Examples\n"
|
||||
"\n"
|
||||
"Build with TLS 1.2, AES, and P-256 enabled\n"
|
||||
" gmssl sm2keygen -pass P@ssw0rd -out sm2_root_ca_key.pem\n"
|
||||
" gmssl certgen -C CN -ST Beijing -L Haidian -O GmSSL -OU Test -CN \"GmSSL SM2 Test Root CA\" \\\n"
|
||||
" -days 3650 -key sm2_root_ca_key.pem -pass P@ssw0rd -out sm2_root_ca_cert.pem \\\n"
|
||||
" -key_usage keyCertSign -key_usage cRLSign -ca\n"
|
||||
"\n"
|
||||
" cmake -S . -B build -DENABLE_TLS=ON -DENABLE_AES=ON -DENABLE_SECP256R1=ON\n"
|
||||
" cmake --build build\n"
|
||||
" gmssl sm2keygen -pass P@ssw0rd -out sm2_tls_ca_key.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O GmSSL -OU Test -CN \"GmSSL SM2 TLS CA\" \\\n"
|
||||
" -key sm2_tls_ca_key.pem -pass P@ssw0rd -out sm2_tls_ca_req.pem\n"
|
||||
" gmssl reqsign -in sm2_tls_ca_req.pem -days 1825 -key_usage keyCertSign \\\n"
|
||||
" -key_usage cRLSign -path_len_constraint 0 -cacert sm2_root_ca_cert.pem \\\n"
|
||||
" -key sm2_root_ca_key.pem -pass P@ssw0rd -out sm2_tls_ca_cert.pem -ca\n"
|
||||
"\n"
|
||||
"Generate SM2 certificates for sm2.example.com\n"
|
||||
" gmssl sm2keygen -pass P@ssw0rd -out sm2_tls_server_key.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O GmSSL -OU Test -CN \"GmSSL SM2 TLS Server\" \\\n"
|
||||
" -key sm2_tls_server_key.pem -pass P@ssw0rd -out sm2_tls_server_req.pem\n"
|
||||
" gmssl reqsign -in sm2_tls_server_req.pem -days 365 -key_usage digitalSignature \\\n"
|
||||
" -ext_key_usage serverAuth -subject_dns_name localhost -cacert sm2_tls_ca_cert.pem \\\n"
|
||||
" -key sm2_tls_ca_key.pem -pass P@ssw0rd -out sm2_tls_server_cert.pem\n"
|
||||
" cat sm2_tls_server_cert.pem > sm2_tls_server_certs.pem\n"
|
||||
" cat sm2_tls_ca_cert.pem >> sm2_tls_server_certs.pem\n"
|
||||
"\n"
|
||||
" gmssl sm2keygen -pass 1234 -out sm2rootcakey.pem\n"
|
||||
" gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN SM2ROOTCA -days 3650 \\\n"
|
||||
" -key sm2rootcakey.pem -pass 1234 -out sm2rootcacert.pem \\\n"
|
||||
" -key_usage keyCertSign -key_usage cRLSign -ca\n"
|
||||
" gmssl sm2keygen -pass P@ssw0rd -out sm2_tls_client_key.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O GmSSL -OU Test -CN \"GmSSL SM2 TLS Client\" \\\n"
|
||||
" -key sm2_tls_client_key.pem -pass P@ssw0rd -out sm2_tls_client_req.pem\n"
|
||||
" gmssl reqsign -in sm2_tls_client_req.pem -days 365 -key_usage digitalSignature \\\n"
|
||||
" -ext_key_usage clientAuth -cacert sm2_tls_ca_cert.pem -key sm2_tls_ca_key.pem \\\n"
|
||||
" -pass P@ssw0rd -out sm2_tls_client_cert.pem\n"
|
||||
" cat sm2_tls_client_cert.pem > sm2_tls_client_certs.pem\n"
|
||||
" cat sm2_tls_ca_cert.pem >> sm2_tls_client_certs.pem\n"
|
||||
"\n"
|
||||
" gmssl sm2keygen -pass 1234 -out sm2cakey.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN \"SM2 Sub CA\" \\\n"
|
||||
" -key sm2cakey.pem -pass 1234 -out sm2careq.pem\n"
|
||||
" gmssl reqsign -in sm2careq.pem -days 365 -key_usage keyCertSign \\\n"
|
||||
" -cacert sm2rootcacert.pem -key sm2rootcakey.pem -pass 1234 \\\n"
|
||||
" -ca -path_len_constraint 0 -out sm2cacert.pem\n"
|
||||
" printf 'hello tls12\\n' > message.txt\n"
|
||||
"\n"
|
||||
" gmssl sm2keygen -pass 1234 -out sm2signkey.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN sm2.example.com \\\n"
|
||||
" -key sm2signkey.pem -pass 1234 -out sm2signreq.pem\n"
|
||||
" gmssl reqsign -in sm2signreq.pem -days 365 -key_usage digitalSignature \\\n"
|
||||
" -cacert sm2cacert.pem -key sm2cakey.pem -pass 1234 \\\n"
|
||||
" -subject_dns_name sm2.example.com -out sm2signcert.pem\n"
|
||||
" gmssl tls12_server -port 4432 -cert sm2_tls_server_certs.pem -key sm2_tls_server_key.pem -pass P@ssw0rd \\\n"
|
||||
" -cipher_suite TLS_ECDHE_SM4_CBC_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3\n"
|
||||
" gmssl tls12_client -host 127.0.0.1 -port 4432 -server_name localhost -cacert sm2_root_ca_cert.pem \\\n"
|
||||
" -cipher_suite TLS_ECDHE_SM4_CBC_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
|
||||
" -in message.txt\n"
|
||||
"\n"
|
||||
" cat sm2signcert.pem > sm2certs.pem\n"
|
||||
" cat sm2cacert.pem >> sm2certs.pem\n"
|
||||
"\n"
|
||||
"Generate P-256 certificates for p256.example.com\n"
|
||||
"\n"
|
||||
" gmssl p256keygen -pass 1234 -out p256rootcakey.pem -export p256rootcakey.exp\n"
|
||||
" gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN P256ROOTCA -days 3650 \\\n"
|
||||
" -key p256rootcakey.pem -pass 1234 -out p256rootcacert.pem \\\n"
|
||||
" -key_usage keyCertSign -key_usage cRLSign -ca\n"
|
||||
"\n"
|
||||
" gmssl p256keygen -pass 1234 -out p256cakey.pem -export p256cakey.exp\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN \"P256 Sub CA\" \\\n"
|
||||
" -key p256cakey.pem -pass 1234 -out p256careq.pem\n"
|
||||
" gmssl reqsign -in p256careq.pem -days 365 -key_usage keyCertSign \\\n"
|
||||
" -cacert p256rootcacert.pem -key p256rootcakey.pem -pass 1234 \\\n"
|
||||
" -ca -path_len_constraint 0 -out p256cacert.pem\n"
|
||||
"\n"
|
||||
" gmssl p256keygen -pass 1234 -out p256signkey.pem -export p256signkey.exp\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN p256.example.com \\\n"
|
||||
" -key p256signkey.pem -pass 1234 -out p256signreq.pem\n"
|
||||
" gmssl reqsign -in p256signreq.pem -days 365 -key_usage digitalSignature \\\n"
|
||||
" -cacert p256cacert.pem -key p256cakey.pem -pass 1234 \\\n"
|
||||
" -subject_dns_name p256.example.com -out p256signcert.pem\n"
|
||||
"\n"
|
||||
" cat p256signcert.pem > p256certs.pem\n"
|
||||
" cat p256cacert.pem >> p256certs.pem\n"
|
||||
"\n"
|
||||
" cat sm2rootcacert.pem > rootcacerts.pem\n"
|
||||
" cat p256rootcacert.pem >> rootcacerts.pem\n"
|
||||
"\n"
|
||||
"TLS 1.2 server with two certificate chains selected by SNI\n"
|
||||
"\n"
|
||||
" gmssl tls12_server -port 4430 \\\n"
|
||||
" -cipher_suite TLS_ECDHE_SM4_CBC_SM3 \\\n"
|
||||
" -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 \\\n"
|
||||
" -supported_group sm2p256v1 -supported_group prime256v1 \\\n"
|
||||
" -sig_alg sm2sig_sm3 -sig_alg ecdsa_secp256r1_sha256 \\\n"
|
||||
" -cert sm2certs.pem -key sm2signkey.pem -pass 1234 \\\n"
|
||||
" -cert p256certs.pem -key p256signkey.pem -pass 1234\n"
|
||||
"\n"
|
||||
"TLS 1.2 clients with SNI\n"
|
||||
"\n"
|
||||
" gmssl tls12_client -host 127.0.0.1 -port 4430 -server_name sm2.example.com \\\n"
|
||||
" -cipher_suite TLS_ECDHE_SM4_CBC_SM3 \\\n"
|
||||
" -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 \\\n"
|
||||
" -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
|
||||
" -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 \\\n"
|
||||
" -cacert rootcacerts.pem\n"
|
||||
"\n"
|
||||
" gmssl tls12_client -host 127.0.0.1 -port 4430 -server_name p256.example.com \\\n"
|
||||
" -cipher_suite TLS_ECDHE_SM4_CBC_SM3 \\\n"
|
||||
" -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 \\\n"
|
||||
" -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
|
||||
" -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 \\\n"
|
||||
" -cacert rootcacerts.pem\n"
|
||||
"\n"
|
||||
" gmssl tls12_server -port 4430 -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 -cert p256certs.pem -key p256signkey.pem -pass 1234 \\\n"
|
||||
" -cacert p256cacert.pem -verbose -cert_request\n"
|
||||
" gmssl tls12_client -host 127.0.0.1 -port 4430 -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 \\\n"
|
||||
" -cert p256signcert.pem -key p256signkey.pem -pass 1234 -cacert p256rootcacert.pem -verbose\n"
|
||||
" gmssl tls12_server -port 4438 -cert sm2_tls_server_certs.pem -key sm2_tls_server_key.pem -pass P@ssw0rd \\\n"
|
||||
" -cipher_suite TLS_ECDHE_SM4_GCM_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
|
||||
" -cacert sm2_root_ca_cert.pem -cert_request\n"
|
||||
" gmssl tls12_client -host 127.0.0.1 -port 4438 -server_name localhost -cacert sm2_root_ca_cert.pem \\\n"
|
||||
" -cipher_suite TLS_ECDHE_SM4_GCM_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
|
||||
" -cert sm2_tls_client_certs.pem -key sm2_tls_client_key.pem -pass P@ssw0rd \\\n"
|
||||
" -in message.txt\n"
|
||||
"\n"
|
||||
|
||||
Reference in New Issue
Block a user