To check a connection with an IMAP server, you would use this command: You could also specify port 25 or an alternative port if needed. This would connect to the Office 365 mail server on port 587, the standard submission port. Openssl s_client -tls1_2 -crlf -connect :587 -starttls smtp Here's an example of what the command would look like connecting to an SMTP server: Checking Mail Serversīecause most mail servers use explicit TLS, you will need to use the -starttls option and specify which mail protocol you're testing. If you need to test a connection to an FTP server using implicit TLS on port 990, then simply exclude the -starttls ftp option from the command. The -starttls smtp option is what tells OpenSSL that you want to connect as an FTP client using explicit TLS. Openssl s_client -tls1_2 -crlf -connect :21 -starttls ftp This means that the initial connection to the server is not secure and the TLS handshake only occurs after a command is issued by the client. To check a secure connection to an FTP server, you will need to use some additional options because most FTP servers today use explicit TLS. The -tlsextdebug option will show the TLS extensions which are supported by the server. The -showcerts option will display additional information about the security certificates and the certificate chain. Openssl s_client -tls1_2 -showcerts -tlsextdebug -connect :443
If you encounter errors with the initial TLS handshake, you can add the options -showcerts and -tlsextdebug to the command, and that will display some additional debugging information. By default, the client and server will always negotiate for the most secure algorithms which are common to both systems. The Protocol value will will tell you which version of TLS was used, and the Cipher value will tell you which cipher suite was selected. New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
/speedtest-57ab77da3df78cf459bb6e31.png "connection test")
Here's what some of the output from the command would look like: It's advisable to use the -tls1_2 option because this is how SocketTools normally connects with a server, and by default will not use earlier versions of TLS. This tells the OpenSSL command to function as a client (the s_client option), the hostname and port number to connect to, and that it should only use TLS 1.2 to establish a connection. Here is an example of what that command would look like: One of the most common situations is testing a website to ensure the connection is secure.
#Connection test how to#
You can download an installation package that we provide or visit the OpenSSL website for more information on how to obtain other binaries for Windows.
#Connection test install#
You will need to install OpenSSL on your development system to use the commands in this article. If you're attempting to connect to a server using SocketTools, and it's failing with an "invalid security context" error, OpenSSL can also be used to confirm the connection is working independently of your application.
When you need to verify a connection to a server is secure, the OpenSSL toolkit can provide you with detailed information about the session and allow you to interact with the server.
0 kommentar(er)
