Using openssl-s_client – TLS Handshake Protocol Revisited
13.6.2 Using openssl-s_client
Now that we have a working OpenSSL installation, let’s look at selected openssl-s˙client options for performing basic TLS operations with this tool.
Connecting to a TLS server is done by executing the following command:
# openssl s_client -connect servername:443
As an example, to connect to the Packt web server using TLS, you need to execute the command:
# openssl s_client -connect packtpub.com:443
The -connect option takes two arguments: the host name and, optionally, the port to connect to. Packt’s website hostname is packtpub.com and the default port a TLS service listens to is 443. This way, we pass packtpub.com:443 as parameters to the -connect option. If no argument is supplied, s˙client attempts to connect to the local host on port 4433.
If s˙client succeeds in establishing a connection to the TLS server, it displays any data received from the server and transmits all key presses to the server. As an example, we can give an HTTP command such as GET / to retrieve a web page.
When s˙client is used in interactive mode – that is, neither the -quiet nor -ign˙eof option is given – the tool recognizes the following special commands that must appear at the start of a line:
- The Q command ends the current TLS connection and exits s˙client
- The R command renegotiates the TLS session (but this is only relevant for TLS versions 1.2 and below)
- The k command sends a key update message to the TLS server (only available in TLS version 1.3)
- The K command sends a key update message to the TLS server and requests one back (only available in TLS version 1.3)
In addition to the preceding commands, openssl-s˙client supports a large set of options that control various aspects of the TLS connection. Detailed information about all options can be found in openssl-s˙client’s man page at https://www.openssl.org/docs/man3.1/man1/openssl-s_client.html. The following list describes selected options that we believe to be the most useful when trying to understand and experiment with TLS:
- The -msg option prints all TLS protocol messages, including their hexadecimal representation, in addition to standard information displayed by openssl-s˙client.
- The -trace option prints detailed information on the contents of all TLS protocol messages.
- The -msgfile filename option specifies the file where the output of the -msg or -trace options is written to. By default, this information is printed to standard output, that is, to the console.
- The -state option prints the states of the TLS client state machine used by OpenSSL and, hence, by openssl-s˙client. The states are printed on separate lines beginning with the string SSL˙connect:.
- The -security˙debug˙verbose option prints security-related debug messages such as checks as to whether specific TLS versions and specific cipher suites are supported. The messages are printed on lines beginning with the string Security callback:.
- The -debug option displays debug information and the hexadecimal representation of the entire TLS network traffic.
- The -tlsextdebug option prints the hex dump, that is, the hexadecimal representation, of all TLS extensions that openssl-s˙client received from the TLS server.
- The -status option sends a certificate status request for the TLS server certificate to an OCSP service and prints out the OCSP response.
- The -showcerts option prints the list of certificates transmitted by the TLS server. Note that openssl-s˙client does not verify the certificate chain.
- The -sigalgs option instructs openssl-s˙client which signature algorithms it must send to the TLS server. Recall that the TLS server selects one of the algorithms in this list based on its preferences or replies with a HelloRetryRequest message if the list contains no algorithm that the server supports. Example strings are given at https://www.openssl.org/docs/man3.1/man3/SSL_CTX_set1_sigalgs.html.
- The -curves curvelist option defines supported curves that openssl-s˙client sends to the TLS server. The list of available curves can be obtained with the following command:
$ openssl ecparam − list curves
The -ciphersuites val option defines TLS 1.3 cipher suites that openssl-s˙client sends to the TLS server. The list is written using cipher suite names separated by a colon (”:”). The names of cipher suites can be obtained using the following command:
$ openssl ciphers
Some of the results when calling openssl-s˙client using these options should already be familiar to you, for example, the list of signature algorithms or the list of available curves. Others, such as the names of symmetric cipher algorithms appearing in the list of cipher suites, will be explained in the next part of the book, Off the Record.