How to debug network issues in Unix — “openssl”
In my day-by-day job, I started to use lots of BASH commands to debug network issues, and I did never not many of them. This is why I decided to write here all those commands and how do I use usually.
This is a series. Here the table of contents:
digpingwhoisopenssl(this story)nslookuptracerouteandmtriptables- network configuration and statistics
tcpdump
Restarting with my personal network debug toolkit, today I will describe openssl.
As described by its web site, OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, but also a general-purpose cryptography library.
With openssl it is possible to verify if a TLS/SSL certificate is still valid or not for a specific website, or retrieve the certificates, or verify ciphers, or verify which TLS version is supported.
Test SSL certificate of particular URL
echo | openssl s_client -connect yoururl.com:443 -showcertsCheck Certificate Expiration Date of SSL URL
echo | openssl s_client -connect yoururl.com:443 -showcerts echo | openssl s_client -connect secureurl.com:443 2>/dev/null | openssl x509 -noout -startdate -enddateCheck if SSL V2 or V3 is accepted on URL
Depending on openssl version you are using, you could test if various SSL or TLS versions are enable for an URL.
To check SSL v2
echo | openssl s_client -connect secureurl.com:443 -ssl2To Check SSL v3
echo | openssl s_client -connect secureurl.com:443 -ssl3To Check TLS 1.0
echo | openssl s_client -connect secureurl.com:443 -tls1To Check TLS 1.1
echo | openssl s_client -connect secureurl.com:443 -tls1_1To Check TLS 1.2
echo | openssl s_client -connect secureurl.com:443 -tls1_2Further details on https://geekflare.com/openssl-commands-certificates or on https://gist.github.com/shpatserman/3cfcb59e40cf4381a5cec79b700ad98c.
Originally published at https://gabriele-decapoa.github.io.
