abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-20 03:44:15 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
51883c507aa17443fe5118519f220c5b24c4d056
GmSSL/tools/tls12_help.h
Zhi Guan 85252fb28b Update tls12_help.h
2026-06-11 23:55:29 +08:00

101 lines
4.8 KiB
C
Raw Blame History

/*
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
"\n"
" -cipher_suite options\n"
" TLS_ECDHE_SM4_CBC_SM3 TLS 1.2\n"
" TLS_ECDHE_SM4_GCM_SM3 TLS 1.2\n"
" TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS 1.2\n"
" TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS 1.2\n"
"\n"
"Examples\n"
"\n"
"Build with TLS 1.2, AES, and P-256 enabled\n"
"\n"
" cmake -S . -B build -DENABLE_TLS=ON -DENABLE_AES=ON -DENABLE_SECP256R1=ON\n"
" cmake --build build\n"
"\n"
"Generate SM2 certificates for sm2.example.com\n"
"\n"
" gmssl sm2keygen -pass 1234 -out sm2rootcakey.pem\n"
" gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN SM2ROOTCA -days 3650 \\\n"
" -key sm2rootcakey.pem -pass 1234 -out sm2rootcacert.pem \\\n"
" -key_usage keyCertSign -key_usage cRLSign -ca\n"
"\n"
" gmssl sm2keygen -pass 1234 -out sm2cakey.pem\n"
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN \"SM2 Sub CA\" \\\n"
" -key sm2cakey.pem -pass 1234 -out sm2careq.pem\n"
" gmssl reqsign -in sm2careq.pem -days 365 -key_usage keyCertSign \\\n"
" -cacert sm2rootcacert.pem -key sm2rootcakey.pem -pass 1234 \\\n"
" -ca -path_len_constraint 0 -out sm2cacert.pem\n"
"\n"
" gmssl sm2keygen -pass 1234 -out sm2signkey.pem\n"
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN sm2.example.com \\\n"
" -key sm2signkey.pem -pass 1234 -out sm2signreq.pem\n"
" gmssl reqsign -in sm2signreq.pem -days 365 -key_usage digitalSignature \\\n"
" -cacert sm2cacert.pem -key sm2cakey.pem -pass 1234 \\\n"
" -subject_dns_name sm2.example.com -out sm2signcert.pem\n"
"\n"
" cat sm2signcert.pem > sm2certs.pem\n"
" cat sm2cacert.pem >> sm2certs.pem\n"
"\n"
"Generate P-256 certificates for p256.example.com\n"
"\n"
" gmssl p256keygen -pass 1234 -out p256rootcakey.pem -export p256rootcakey.exp\n"
" gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN P256ROOTCA -days 3650 \\\n"
" -key p256rootcakey.pem -pass 1234 -out p256rootcacert.pem \\\n"
" -key_usage keyCertSign -key_usage cRLSign -ca\n"
"\n"
" gmssl p256keygen -pass 1234 -out p256cakey.pem -export p256cakey.exp\n"
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN \"P256 Sub CA\" \\\n"
" -key p256cakey.pem -pass 1234 -out p256careq.pem\n"
" gmssl reqsign -in p256careq.pem -days 365 -key_usage keyCertSign \\\n"
" -cacert p256rootcacert.pem -key p256rootcakey.pem -pass 1234 \\\n"
" -ca -path_len_constraint 0 -out p256cacert.pem\n"
"\n"
" gmssl p256keygen -pass 1234 -out p256signkey.pem -export p256signkey.exp\n"
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN p256.example.com \\\n"
" -key p256signkey.pem -pass 1234 -out p256signreq.pem\n"
" gmssl reqsign -in p256signreq.pem -days 365 -key_usage digitalSignature \\\n"
" -cacert p256cacert.pem -key p256cakey.pem -pass 1234 \\\n"
" -subject_dns_name p256.example.com -out p256signcert.pem\n"
"\n"
" cat p256signcert.pem > p256certs.pem\n"
" cat p256cacert.pem >> p256certs.pem\n"
"\n"
" cat sm2rootcacert.pem > rootcacerts.pem\n"
" cat p256rootcacert.pem >> rootcacerts.pem\n"
"\n"
"TLS 1.2 server with two certificate chains selected by SNI\n"
"\n"
" gmssl tls12_server -port 4430 \\\n"
" -cipher_suite TLS_ECDHE_SM4_CBC_SM3 \\\n"
" -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 \\\n"
" -supported_group sm2p256v1 -supported_group prime256v1 \\\n"
" -sig_alg sm2sig_sm3 -sig_alg ecdsa_secp256r1_sha256 \\\n"
" -cert sm2certs.pem -key sm2signkey.pem -pass 1234 \\\n"
" -cert p256certs.pem -key p256signkey.pem -pass 1234\n"
"\n"
"TLS 1.2 clients with SNI\n"
"\n"
" gmssl tls12_client -host 127.0.0.1 -port 4430 -server_name sm2.example.com \\\n"
" -cipher_suite TLS_ECDHE_SM4_CBC_SM3 \\\n"
" -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 \\\n"
" -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
" -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 \\\n"
" -cacert rootcacerts.pem\n"
"\n"
" gmssl tls12_client -host 127.0.0.1 -port 4430 -server_name p256.example.com \\\n"
" -cipher_suite TLS_ECDHE_SM4_CBC_SM3 \\\n"
" -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 \\\n"
" -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
" -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 \\\n"
" -cacert rootcacerts.pem\n"
"\n"
Reference in New Issue View Git Blame Copy Permalink