book cover

OpenSSL Cookbook  3rd Edition

The definitive guide to using the OpenSSL command line for configuration and testing. Topics covered in this book include key and certificate management, server configuration, a step by step guide to creating a private CA, and testing of online services. Written by Ivan Ristić.

2.4 Testing Protocols That Upgrade to TLS

When used with HTTP, TLS wraps the entire plaintext communication channel to form HTTPS. Some other protocols start off as plaintext, but then they upgrade to encryption. If you want to test such a protocol, you’ll have to tell OpenSSL which protocol it is so that it can upgrade on your behalf. Provide the protocol information using the -starttls switch. For example:

$ openssl s_client -connect gmail-smtp-in.l.google.com:25 -starttls smtp

At the time of writing, the supported protocols in recent OpenSSL releases are smtp, pop3, imap, ftp, xmpp, xmpp-server, irc, postgres, mysql, lmtp, nntp, sieve, and ldap. There is less choice with OpenSSL 1.0.2g: smtp, pop3, imap, ftp, and xmpp.

Some protocols require the client to provide their names. For example, for SMTP, OpenSSL will use mail.example.com by default, but you can specify the correct value with the -name switch. If you’re testing XMPP, you may need to specify the correct server name; you can do this with the -xmpphost switch.

< Prev
^ Table of Contents
Next >