On 03/03/2020 07:48, guoxiaobinni@xxxxxxx wrote: > Dear All, > > > > I hit the following error when used ‘openssl s_server -no_tls1’ command > to disable TLS1.0 on Redhat Linux server. Your question is slightly ambiguous. It implies you expect the command to disable TLSv1.0 for all applications on your server. If that is what you meant then you will be disappointed. "openssl s_server" runs a test server to enable testing TLS connections from clients. The "-no_tls1" option disables TLSv1.0 for that test server instance only. If you really mean to start a test server then you need to additionally supply a key and certificate file. By default s_server will look for the key/cert in the file server.pem in the current working directory. Otherwise you have to explicitly state the location of these files with the "-key" and "-cert" options. Matt > It shows the openssl version > as well. > > > > ---------------------------------------------------------------------------------------------------------------------------------------------------- > > $ openssl version > > OpenSSL 1.0.1e-fips 11 Feb 2013 > > $ openssl s_server –no_tls1 > > Error opening server certificate private key file server.pem > > 140057863432008:error:02001002:system library:fopen:No such file or > directory:bss_file.c:398:fopen(‘server.pem’,’r’) > > 140057863432008:error:20074002:BIO routines:FILE_CTRL:system > lib:bss_file.c:400: > > unable to load server certificate private key file > > ----------------------------------------------------------------------------------------------------------------------------------------------------- > > > > I can’t confirm if the command format is fine or not. Would you please > help to correct me? > > > > Thanks and Regards, > > Chobin Guo >
