In the following document: http://www.ietf.org/rfc/rfc2487.txt
It stated that after running starttls client must do .
What should I write there in place of that?
My aim is to emulate a connection to Zoho's mail server: https://www.zoho.com/mail/help/zoho-smtp.html through command line.
Can anyone help, please?
If you are to use telnet for connecting to a mail server using tls then you will have to perform handshake operations manually. But these handshake operations can be automated by using an open source library which implements TLS. One such library is 'OpenSSL'. Below is the openssl command using which you can try connecting to the mail server using tls
openssl s_client -starttls smtp -connect smtp.zoho.com:587 -crlf -ign_eof
Related
I am using openssl commandline as a client to communicate with a server that uses TLS like so:
openssl s_client -connect localhost:xxxx
I want the client to send TLS shutdown to the server with the command line. How can I do this?
A TLS shutdown is send on TLS connection close. There is no way supported in s_client to explicitly trigger a SSL_shutdown but keep the underlying TCP connection open.
A close can for example be triggered by entering "Q" on the input, see CONNECTED COMMANDS in the documentation. See also the comment from dave_thompson_085 for other ways how a close can be triggered.
I have this problem using centos 7 the problem is when i try to connect with ssl and I'am using local internet provider the handshaking will block after client hello,
openssl version: OpenSSL 1.1.0g 2 Nov 2017
openssl s_client -connect 151.3.144.205:9093 -state -nbio 2>&1
CONNECTED(00000003)
Turned on non blocking io
SSL_connect:before SSL initialization
SSL_connect:SSLv3/TLS write client hello
SSL_connect:error in SSLv3/TLS write client hello
write R BLOCK
If I use a mobile connection the handshaking goes ahead.
the certificates are generating for kafka server and I use the common guide to generate it.
I guess is a problem with openssl
I guess is a problem with openssl
If it would be a problem with openssl then it would not work with the mobile connection either, assuming that you are using the same openssl with mobile and without.
It is more likely that there is some firewall which blocks access on your normal connection and that by using the mobile connection you bypass the firewall. Thus, search for the cause of the problem in your network and not in openssl.
We found the problem in Centos 7 or Openssl version, we have installed a debian server machine with the same Kafka and zookeper configuration and we have solve the problem.
I guess that there is a bug in Openssl Centos version, becouse it's impossible
that the communication tcp by ssl secutity were interrupted by the firs client presentation and no server hello response.
i'm opening a kTLS connection using openssl client and server, how can i verify that it's actually opened a tls connection.
Note: i know that when i supply a certificate and cipher when establishing the connection but i want a way to know the type of the connection even if i don't know who and how someone open it.
i try netstat
Example : netstat -an | grep Port-No
and get tcp6 title but nothing regarding the security of the connection
the command is used:
Client:
env LD_LIBRARY_PATH=#LD_LIBRARY_PATH:`pwd`/.. ./openssl s_client -tls1_2 -debug -connect 1.1.1.2:4433
Server:
sudo env LD_LIBRARY_PATH=#LD_LIBRARY_PATH:`pwd`/.. ./openssl s_server -tls1_2 -cipher ECDHE-RSA-AES128-GCM-SHA256
I'm searching for a tool/command that can show the security protocol that established connection use.
I am working with an external company. Lets call them evilcorp.com. I want to use openssl to debug a two way SSL handshake.
https://evilcorp.com is setup to not require client authentication.
https://evilcorp.com/webservices is setup to require client authentication.
How can I specify this path in openssl. So basically this works:
openssl s_client -connect evilcorp.com:443
But this does not work and gives me gethostbyname failure
openssl s_client -connect evilcorp.com/webservices:443
How can I get this to work (if possible)
You have a very simple error in the address. Here's the fix:
"openssl s_client -connect evilcorp.com:443/webservice"
You had the 443 at the end - it needs to go directly after to the domain name.
I'm not sure if this can be done at all but if it can be done then you first have to use openssl to connect to the clients host and already specify the client certificates. Then inside the successful connection you need to speak HTTP to access the relevant page.
I.e. you first connect:
$ openssl s_client -connect host:port -cert cert.pem -key key.pem
... CONNECTED
... Verify return code...
---
And then access the URL using the HTTP protocol
GET /protected_page/ HTTP/1.0
Host: example.org
<empty line>
Note that the last line must be an empty line according to the HTTP protocol. It might also that you need to use the -crlf option in openssl to get the line ends correct in case you have a strict web server. If all goes right the server should now issue a renegotiation request to the client, i.e another TLS handshake is done.
I'm trying to connect to RabbitMQ server using SSL but i'm getting this error "SSL peer cert verification failed".
I check the certificate using openssl like so:
openssl s_client -connect host:port -CAfile cacert.pem
And got "Verify return code: 0 (ok)" so i believe that the certificate is OK.
I'm trying to use the amqps_bind.c example in here.
I only need server verification so I removed the amqp_ssl_socket_set_key().
The code is failing in amqp_socket_open().
Also i have a C# code that can connect to the same server using SSL without any errors.
I have found my issue.
The cacert.pem file that I provided was all the chain of certificates.
After extracting only the root certificate I can connect to the sever.
Apart from that check the following config also in your rabbitmq.config
{verify,verify_peer},
{fail_if_no_peer_cert,true}]},
change those to following if you do not want to verify peer
{verify,verify_none},
{fail_if_no_peer_cert,false}]},