The wonders of the SSL-enabled telnet connection

So you’ve set up a neat SSL-enabled service like SMTP, POP3 or IMAP, and now you wait to test it out from the command line. Don’t speak fluent SSL? No problem – OpenSSL to the rescue:

openssl s_client -connect server.foo:465

The output looks a little like this, giving you the opportunity to check the certificate as well as the service itself:

CONNECTED(00000003)
depth=0 C = DK, ST = My City, L = My City, O = My Company ApS, OU = My Service, CN = server.foo, emailAddress = support@server.foo
verify error:num=18:self signed certificate
verify return:1
depth=0 C = DK, ST = My City, L = My City, O = My Company ApS, OU = My Service, CN = server.foo, emailAddress = support@server.foo
verify return:1
---
Certificate chain
 0 s:/C=DK/ST=My City/L=My City/O=My Company ApS/OU=My Service/CN=server.foo/emailAddress=support@server.foo
   i:/C=DK/ST=My City/L=My City/O=My Company ApS/OU=My Service/CN=server.foo/emailAddress=support@server.foo
---
Server certificate
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
subject=/C=DK/ST=My City/L=My City/O=My Company ApS/OU=My Service/CN=server.foo/emailAddress=support@server.foo
issuer=/C=DK/ST=My City/L=My City/O=My Company ApS/OU=My Service/CN=server.foo/emailAddress=support@server.foo
---
No client certificate CA names sent
---
SSL handshake has read 1477 bytes and written 311 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: ...
    Session-ID-ctx: 
    Master-Key: ...
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket:
    ...

    Compression: 1 (zlib compression)
    Start Time: ...
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
220 server.foo ESMTP Relay

And then you knock yourself out, showing off all your SMTP skills. Enjoy 🙂

Posted Thursday, December 20th, 2012 under Uncategorized.

Leave a Reply

You must be logged in to post a comment.