I’ve been playing with SSL client authentication in Apache httpd today at work. It’s something I’ve always wanted to play with but haven’t had a good reason to invest the time until now.In the process of testing my configuration, I came across openssl s_client. It’s one of those things I should have already known about but didn’t. I wish I would have stumbled across it years ago. Basically it works similar to nc (netcat) except you can use it with SSL/TLS. So if you want to do HTTPS by hand to connect to Google you can do:
openssl s_client -connect google.com:443
Google’s server will send back some information about your secure connection at which point you can type:
GET / HTTP/1.1Host: www.google.com
(don’t forget an extra carriage return after the last line) and happily watch Google redirect you to a normal HTTP URL.openssl s_client will also let you do STARTTLS with SMTP. I wish I would have known about that when I was building my SMTP server on MINA. I implemented STARTTLS for it and and was an absolute pain to test and debug. Using openssl would have made my life much easier.
RSS feed for comments on this post · TrackBack URI
Leave a reply