− SSL/TLS client program
s_client [−connect host:port]
[−servername name] [−verify depth]
filename] [−certform DER|PEM]
[−key filename] [−keyform DER|PEM]
[−pass arg] [−CApath directory]
[−bugs] [−cipher cipherlist]
[−serverpref] [−starttls protocol]
[−engine id] [−tlsextdebug]
[−no_ticket] [−sess_out filename]
[−sess_in filename] [−rand
file(s)] [−serverinfo types]
s_client command implements a generic
SSL/TLS client which connects to a remote
host using SSL/TLS. It is a very
useful diagnostic tool for SSL servers.
This specifies the host and
optional port to connect to. If not specified then an
attempt is made to connect to the local host on port
Set the TLS SNI
(Server Name Indication) extension in the ClientHello
The certificate to use, if one
is requested by the server. The default is not to use a
The certificate format to use:
DER or PEM. PEM is the
The private key to use. If not
specified then the certificate file will be used.
The private format to use:
DER or PEM. PEM is the
the private key password
source. For more information about the format of arg
see the PASS PHRASE ARGUMENTS section
The verify depth to use. This
specifies the maximum length of the server certificate chain
and turns on server certificate verification. Currently the
verify operation continues after errors so all the problems
with a certificate chain can be seen. As a side effect the
connection will never fail due to a server certificate
Return verification errors
instead of continuing. This will typically abort the
handshake with a fatal error.
The directory to use for server
certificate verification. This directory must be in
"hash format", see verify for more
information. These are also used when building the client
A file containing trusted
certificates to use during server authentication and to use
when attempting to build the client certificate chain.
−x509_strict, −policy −check_ss_sig
Set various certificate chain
valiadition option. See the verify manual page for
reconnects to the same server 5
times using the same session ID, this can be
used as a test that session caching is working.
pauses 1 second between each
read and write call.
display the whole server
certificate chain: normally only the server certificate
itself is displayed.
print session information when
the program exits. This will always attempt to print out
information even if the connection fails. Normally
information will only be printed out once if the connection
succeeds. This option is useful because the cipher in use
may be renegotiated or the connection may fail because a
client certificate is required or is requested only after an
attempt is made to access a certain URL.
Note: the output produced by this option is not always
accurate because a connection might never have been
prints out the
SSL session states.
print extensive debugging
information including a hex dump of all traffic.
show all protocol messages with
tests non-blocking I/O
turns on non-blocking I/O
this option translated a line
feed from the terminal into CR+LF as required
by some servers.
inhibit shutting down the
connection when end of file is reached in the input.
inhibit printing of session and
certificate information. This implicitly turns on
−ign_eof as well.
shut down the connection when
end of file is reached in the input. Can be used to override
the implicit −ign_eof after
Use the PSK
identity identity when using a PSK
Use the PSK key
key when using a PSK cipher suite. The
key is given as a hexadecimal number without leading 0x, for
example −psk 1a2b3c4d.
These options require or
disable the use of the specified SSL or
TLS protocols. By default the initial
handshake uses a version-flexible method which will
negotiate the highest mutually supported protocol
TLS_FALLBACK_SCSV in the ClientHello.
there are several known bug in
SSL and TLS implementations.
Adding this option enables various workarounds.
this allows the cipher list
sent by the client to be modified. Although the server
determines which cipher suite is used it should take the
first supported cipher in the list sent by the client. See
the ciphers command for more information.
use the server’s cipher
preferences; only used for SSLV2.
send the protocol-specific
message(s) to switch to TLS for
communication. protocol is a keyword for the intended
protocol. Currently, the only supported keywords are
"smtp", "pop3", "imap", and
print out a hex dump of any
TLS extensions received from the server.
disable RFC4507bis session
session to filename
load SSL session
from filename. The client will attempt to resume a
connection from this session.
specifying an engine (by its
unique id string) will cause s_client to
attempt to obtain a functional reference to the specified
engine, thus initialising it if needed. The engine will then
be set as the default for all available algorithms.
a file or files containing
random data used to seed the random number generator, or an
EGD socket (see RAND_egd(3)). Multiple
files can be specified separated by a OS-dependent
character. The separator is ; for MS-Windows,
, for OpenVMS, and : for all others.
a list of comma-separated
TLS Extension Types (numbers between 0 and
65535). Each type will be sent as an empty ClientHello
TLS Extension. The server’s response
(if any) will be encoded and displayed as a
sends a certificate status
request to the server ( OCSP stapling). The
server response (if any) is printed out.
enable Next Protocol
Negotiation TLS extension and provide a list
of comma-separated protocol names that the client should
advertise support for. The list should contain most wanted
protocols first. Protocol names are printable
ASCII strings, for example
"http/1.1" or "spdy/3". Empty list of
protocols is treated specially and will cause the client to
advertise support for the TLS extension but
disconnect just after reciving ServerHello with a list of
server supported protocols.
If a connection
is established with an SSL server then any
data received from the server is displayed and any key
presses will be sent to the server. When used interactively
(which means neither −quiet nor
−ign_eof have been given), the session will be
renegotiated if the line begins with an R, and if the
line begins with a Q or if end of file is reached,
the connection will be closed down.
can be used to debug SSL servers. To connect
to an SSL HTTP server the command:
openssl s_client −connect servername:443
be used (https uses port 443). If the connection succeeds
then an HTTP command can be given such as
" GET /" to retrieve a web
handshake fails then there are several possible causes, if
it is nothing obvious like no client certificate then the
−bugs, −ssl2, −ssl3,
−no_ssl3, −no_tls1 options can be
tried in case it is a buggy server. In particular you should
play with these options before submitting a bug
report to an OpenSSL mailing list.
problem when attempting to get client certificates working
is that a web client complains it has no certificates or
gives an empty list to choose from. This is normally because
the server is not sending the clients certificate authority
in its "acceptable CA list" when it
requests a certificate. By using s_client the
CA list can be viewed and checked. However
some servers only request client authentication after a
specific URL is requested. To obtain the list
in this case it is necessary to use the −prexit
option and send an HTTP request for an
certificate is specified on the command line using the
−cert option it will not be used unless the
server specifically requests a client certificate. Therefor
merely including a client certificate on the command line is
no guarantee that the certificate works.
If there are
problems verifying a server certificate then the
−showcerts option can be used to show the whole
SSLv23 client hello cannot include compression methods or
extensions these will only be supported if its use is
disabled, for example by using the −no_sslv2
s_client utility is a test tool and is designed to
continue the handshake after any certificate verification
errors. As a result it will accept any certificate chain
(trusted or not) sent by the peer. None test applications
should not do this as it makes them vulnerable to a
MITM attack. This behaviour can be changed by
with the −verify_return_error option: any
verify errors are then returned aborting the handshake.
program has a lot of options and also because some of the
techniques used are rather old, the C source of s_client is
rather hard to read and not a model of how things should be
done. A typical SSL client program would be
−prexit option is a bit of a hack. We should
really report information whenever a session is
−no_alt_chains options was first added to OpenSSL