How To Use OpenSSL s_client To Check and Verify SSL/TLS Of HTTPS Webserver?

RSS
EMAIL
FACEBOOK
FACEBOOK
GOOGLE
GOOGLE
https://www.poftut.com/use-openssl-s_client-check-verify-ssltls-https-webserver/
PINTEREST
PINTEREST
INSTAGRAM

OpenSSL provides different features and tools for SSL/TLS related operations. s_lient is a tool used to connect, check, list HTTPS, TLS/SSL related information. Simply we can check remote TLS/SSL connection with s_client . In this tutorials we will look different use cases of s_client .

Check TLS/SSL Of Website

The basic and most popular use case for s_client is just connecting remote TLS/SSL website. We will provide the web site with the HTTPS port number. In this example we will connect to the poftut.com .

Check TLS/SSL Of Website

Check TLS/SSL Of Website

Check TLS/SSL Of Website with Specifying Certificate Authority

If the web site is certificates are created in house or the web browsers or Global Certificate Authorities do not signed the certificate of remote site we can provide the signing certificate or Certificate authority. We will use -CAfile by providing the Certificate Authority File.

Connect Smtp and Upgrade To TLS

We can use s_client to test smtp protocol and port and then upgrade to TLS connection. We will use -starttls smtp command. We will use following command.

Connect HTTPS Site Disabling SSL2

HTTPS or SSL/TLS have different sub versions. We can enable or disable the usage some of them. In this example we will disable SSLv2 connection with the following command.

LEARN MORE  How To Install and Use OpenSSL Library In Python Applications?

Connect HTTPS Only TLS1 or TLS2

Like previous example we can specify the encryption version. In this example we will only enable TLS1 or TLS2 with the -tls1_2 .

Specify Cipher

We can specify the cipher with the -cipher option like below.

Connect HTTPS Only RC4-SHA

We can also specify the hash algorithm of the encryption protocol. In this example we will only enable RC4-SHA hash algorithm for SSL/TLS connection. We will use -cipher RC4-SHA .

Debug SSL/TLS To The HTTPS

While a SSL/TLS connection is made there is a lot of operation under the hood. If we have some problems or we need detailed information about the SSL/TLS initialization we can use -tlsextdebug option like below.

Debug SSL/TLS To The HTTPS

Debug SSL/TLS To The HTTPS

RSS
EMAIL
FACEBOOK
FACEBOOK
GOOGLE
GOOGLE
https://www.poftut.com/use-openssl-s_client-check-verify-ssltls-https-webserver/
PINTEREST
PINTEREST
INSTAGRAM

You may also like...

Leave a Reply

Your email address will not be published.

Enjoy this blog? Please spread the word :)