How to send a string to server using s_client
echo "YOUR TEXT HERE" | openssl s_client -connect host:port
Does anyone know how to use s_client of openssl to send a short string to the server?
You can echo
it in. Below, I used a GET
withHTTP/1.0
and tweeter rudely refused my request:
HTTP/1.0 400 Bad Request
Content-Length: 0
The -ign_eof
keeps the connection open to read the response.
Tweeter uses Verisign as the CA. You can fetch VeriSign Class 3 Primary CA - G5 from here, and then use it as an argument with -CAfile
to ensure the chain verifies.
Here are the OpenSSL docs on s_client(1)
.
$ echo -e "GET / HTTP/1.0\r\n" | openssl s_client -connect twitter.com:443 -CAfile PCA-3G5.pem -ign_eof
CONNECTED(00000003)
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
verify return:1
depth=1 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = Terms of use at https://www.verisign.com/rpa (c)06, CN = VeriSign Class 3 Extended Validation SSL CA
verify return:1
depth=0 1.3.6.1.4.1.311.60.2.1.3 = US, 1.3.6.1.4.1.311.60.2.1.2 = Delaware, businessCategory = Private Organization, serialNumber = 4337446, C = US, postalCode = 94103-1307, ST = California, L = San Francisco, street = 1355 Market St, O = "Twitter, Inc.", OU = Twitter Security, CN = twitter.com
verify return:1
---
Certificate chain
0 s:/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/businessCategory=Private Organization/serialNumber=4337446/C=US/postalCode=94103-1307/ST=California/L=San Francisco/street=1355 Market St/O=Twitter, Inc./OU=Twitter Security/CN=twitter.com
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL CA
1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL CA
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGCjCCBPKgAwIBAgIQNC7E3U4iWJiTy5wznxxGDDANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr
VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x
NDA0MDgwMDAwMDBaFw0xNjA1MDkyMzU5NTlaMIIBEjETMBEGCysGAQQBgjc8AgED
EwJVUzEZMBcGCysGAQQBgjc8AgECEwhEZWxhd2FyZTEdMBsGA1UEDxMUUHJpdmF0
ZSBPcmdhbml6YXRpb24xEDAOBgNVBAUTBzQzMzc0NDYxCzAJBgNVBAYTAlVTMRMw
EQYDVQQRFAo5NDEwMy0xMzA3MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
FA1TYW4gRnJhbmNpc2NvMRcwFQYDVQQJFA4xMzU1IE1hcmtldCBTdDEWMBQGA1UE
ChQNVHdpdHRlciwgSW5jLjEZMBcGA1UECxQQVHdpdHRlciBTZWN1cml0eTEUMBIG
A1UEAxQLdHdpdHRlci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDGh6KKnZPGMiX5lC8Me9pev8CWscg5cIifrEV5WVW2v8sCoFlBDdnnIw26tqku
c/uL2aJoB8LAxllik0eNWRq9Q4YDRNuW05YIRQMEgRmAZvIKBpcLCcsB7YVLY7Jp
FBWGOEiUmL2c6GTc2NQWa723Jqwc6VgXZjDiL+wpHKUYc5RZz4IO3SdJ/Xlq38te
t5ZffCp/LBhhYNNUMStjEGdQwZCcnWF1DuaZ5TgxzdSGBSdFhssh5aCQO65TjQVn
cx4g8LNhXHNO7UxNIbEtuPmc0J8amPRHA0euHrgp2wBRZ0tL8Xphm0be3uAoA3DE
dO/d4wTMBNn5pN13Z9kYhzW/AgMBAAGjggGvMIIBqzAnBgNVHREEIDAeggt0d2l0
dGVyLmNvbYIPd3d3LnR3aXR0ZXIuY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkG
C2CGSAGG+EUBBxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWdu
LmNvbS9jcHMwHQYDVR0OBBYEFBdQCycEZZ1SEbOZAgDknEo1GgKeMB8GA1UdIwQY
MBaAFPyKULqeuSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6
Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYI
KwYBBQUHAQEEcDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52
ZXJpc2lnbi5jb20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVy
aXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQELBQADggEBAIfv
GC219t5efjKTRhtwn2lEtWaQpsYlSyeN8KxLnVJlHRb5z1j8oJER6JmjeqelTvZ1
RlxZ3A8cQdrntpeh9kFkU3wMK6TjaMKYDrIaFzV1M4FXsqBbJ6vAb2GX1lDu7oxS
/FrNXH9ebFclDDlXJ3FWGbABxf+xpeowr9y+Md5xgQ0Lpm82NZFei9zuJayJYh4B
ZbIJ4D9XBa73ZqIBvGXixeahHIvBA9Q0T92gQDJoMXuQ3RkVt63lL4EoJaEQNr1f
JDn2Wb0MFtKokWF1zb86glCCb7nvc/vbotiWzZt+a49XSByZ1F17I49F/N5cU9ZU
DQzsM2ToLAU2fwA6h/U=
-----END CERTIFICATE-----
subject=/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/businessCategory=Private Organization/serialNumber=4337446/C=US/postalCode=94103-1307/ST=California/L=San Francisco/street=1355 Market St/O=Twitter, Inc./OU=Twitter Security/CN=twitter.com
issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL CA
---
No client certificate CA names sent
---
SSL handshake has read 3724 bytes and written 446 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 53BE6F30E6C52AAFFC01EAD8D5938C78...
Session-ID-ctx:
Master-Key: 87810BE6303E8EB831EC63E243D4C6E7...
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 129600 (seconds)
TLS session ticket:
0000 - 95 93 d8 f3 27 2f 4c 11-ab 14 ee 04 46 e3 a8 e5 ....'/L.....F...
0010 - 7f 35 16 07 6d 5e 80 7c-fa 1d cd 78 39 7e 82 0b .5..m^.|...x9~..
0020 - 1d ee d6 99 2d d2 03 db-ab b8 37 5d f5 a5 28 62 ....-.....7]..(b
0030 - 3b f6 c7 c3 dc 7c 77 de-0f 60 d8 4c 8c f6 8e 8b ;....|w..`.L....
0040 - c8 8e 65 68 96 ec 27 f1-26 5d 4c 25 49 fd c0 ca ..eh..'.&]L%I...
0050 - c5 86 00 19 f1 26 5a 3e-fd df ca 12 a9 f8 17 bb .....&Z>........
0060 - 77 b8 5b 1c 58 1a 6b 16-d1 16 e0 d9 e8 b2 bf 92 w.[.X.k.........
0070 - 44 07 60 17 a0 11 23 52-3a 14 d0 79 85 a3 ae 8d D.`...#R:..y....
0080 - 17 d1 b8 44 d7 c3 3e ab-67 4c 7a c0 d6 cd 7e fe ...D..>.gLz...~.
0090 - b7 95 56 69 8f 5f 3e ee-2a c1 f9 0e 46 75 a6 79 ..Vi._>.*...Fu.y
Start Time: 1398724229
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
HTTP/1.0 400 Bad Request
Content-Length: 0
closed