All other encryption and Cipher types will be denied and the connection will be closed. In this example, we will only enable RC4-SHA hash algorithm for SSL/TLS connection. The -tlsextdebug option will show the TLS extensions which are supported by the server. We can also specify the hash algorithm of the encryption protocol. openssl sclient -tls12 -showcerts -tlsextdebug -connect :443 The -showcerts option will display additional information about the security certificates and the certificate chain. $ openssl s_client -connect :443 -cipher RC4-SHA Connect HTTPS Only RC4-SHA We can specify the cipher with the -cipher option like below. $ openssl s_client -connect :443 -tls1_2 Specify Cipher or Encryption Type In this example, we will only enable TLS1 or TLS2 with the -tls1_2 . Like the previous example, we can specify the encryption version. $ openssl s_client -connect :443 -no_ssl2 Connect HTTPS Only TLS1 or TLS2 In this example, we will disable SSLv2 connection with the following command. We can enable or disable the usage of some of them. HTTPS or SSL/TLS have different subversions. $ openssl s_client -connect :25 -starttls smtp Connect HTTPS Site Disabling SSL2 Topics covered in this book include key and certificate management.
Openssl test tls 1.2 with certificate upgrade#
We can use s_client to test SMTP protocol and port and then upgrade to TLS connection. The definitive guide to using the OpenSSL command line for configuration and testing. $ openssl s_client -connect :443 -CAfile /etc/ssl/CA.crt Connect Smtp and Upgrade To TLS We will use -CAfile by providing the Certificate Authority File. If the web site certificates are created in house or the web browsers or Global Certificate Authorities do not sign the certificate of the remote site we can provide the signing certificate or Certificate authority. Check TLS/SSL Of Website Check TLS/SSL Of Website with Specifying Certificate Authority