Debian 12 has boost v 1.74 but we need a newer version
Download latest boost lib from https://www.boost.org/users/download/
install to /opt so you don't obliterate existing boost
$ ./bootstrap.sh
$ sudo ./b2 install --prefix=/opt/boost
clone master from git
https://github.com/randombit/botan/
$ ./configure.py --with-boost --with-external-includedir="/opt/boost/include" --with-external-libdir="/opt/boost/lib"
$ make && sudo make install
Create a CA, Root cert
$ mkdir certdir
$ botan keygen --algo=ECDSA > ca_key.pem
$ botan gen_self_signed --hash=SHA-256 --ca ca_key.pem my_root_authority > certdir/ca_cert.pem
$ botan keygen --algo=ECDSA > server_key.pem
$ botan gen_pkcs10 server_key.pem localhost --hash=SHA-256 > server_csr.pem
$ botan sign_cert certdir/ca_cert.pem ca_key.pem server_csr.pem --hash=SHA-256 > server_cert.pem
Run Server
$ botan tls_http_server server_cert.pem server_key.pem --port=8080
Connect with curl (use CA in certdir)
$ curl https://localhost:8080 --cacert ./certdir/ca_cert.pem
TLS negotiation with Botan 3.8.0 (unreleased, revision unknown, distribution unspecified) test server
Version: TLS v1.3
Ciphersuite: CHACHA20_POLY1305_SHA256
SessionID: 9C01650137E03C7E5D045DBEAACD81A0B8340FCADB2A99644B89A8F352C0C1CD
SNI: localhost
Client random: E87EC8444676C825DFE36D61A0F7DD6CC99B7890FE0BA893D7BD3057BFC72227
Client offered following ciphersuites:
- 0x1302 AES_256_GCM_SHA384
- 0x1303 CHACHA20_POLY1305_SHA256
- 0x1301 AES_128_GCM_SHA256
- 0xc02c ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- 0xc030 ECDHE_RSA_WITH_AES_256_GCM_SHA384
- 0x009f DHE_RSA_WITH_AES_256_GCM_SHA384
- 0xcca9 ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- 0xcca8 ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- 0xccaa DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- 0xc02b ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- 0xc02f ECDHE_RSA_WITH_AES_128_GCM_SHA256
- 0x009e DHE_RSA_WITH_AES_128_GCM_SHA256
- 0xc024 ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- 0xc028 ECDHE_RSA_WITH_AES_256_CBC_SHA384
- 0x006b DHE_RSA_WITH_AES_256_CBC_SHA256
- 0xc023 ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- 0xc027 ECDHE_RSA_WITH_AES_128_CBC_SHA256
- 0x0067 DHE_RSA_WITH_AES_128_CBC_SHA256
- 0xc00a ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- 0xc014 ECDHE_RSA_WITH_AES_256_CBC_SHA
- 0x0039 DHE_RSA_WITH_AES_256_CBC_SHA
- 0xc009 ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- 0xc013 ECDHE_RSA_WITH_AES_128_CBC_SHA
- 0x0033 DHE_RSA_WITH_AES_128_CBC_SHA
- 0x009d RSA_WITH_AES_256_GCM_SHA384
- 0x009c RSA_WITH_AES_128_GCM_SHA256
- 0x003d RSA_WITH_AES_256_CBC_SHA256
- 0x003c RSA_WITH_AES_128_CBC_SHA256
- 0x0035 RSA_WITH_AES_256_CBC_SHA
- 0x002f RSA_WITH_AES_128_CBC_SHA
- 0x00ff Renegotiation SCSV
Client 127.0.0.1 requested GET /
Client HTTP headers:
Host: localhost:8080
User-Agent: curl/7.88.1
Accept: */*
