Testing connectivity with openssl cli using s_client. We are making a TCP connection.
You need to have openssl installed on your machine.
Testing TLS connection of google.com:
openssl s_client -connect google.com:443
CONNECTED(00000003) depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1 verify return:1 depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3 verify return:1 depth=0 CN = *.google.com verify return:1 --- Certificate chain 0 s:CN = *.google.com i:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3 1 s:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3 i:C = US, O = Google Trust Services LLC, CN = GTS Root R1 2 s:C = US, O = Google Trust Services LLC, CN = GTS Root R1 i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA --- Server certificate -----BEGIN CERTIFICATE----- <truncated certificate content> -----END CERTIFICATE----- subject=CN = *.google.com issuer=C = US, O = Google Trust Services LLC, CN = GTS CA 1C3 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 6661 bytes and written 384 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 256 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) ---
1. Putting a https:// in the front will give you this error
openssl s_client -connect https://google.com 140505260148544:error:2008F002:BIO routines:BIO_lookup_ex:system lib:crypto/bio/b_addr.c:730:Servname not supported for ai_socktype connect:errno=0
The reason for that is because you want to make a TLS handshake and not initiating a https:// call.
2. Forgetting the port number:
When making a TCP connection, you must provide a valid hostname or ip adress including the port number. You can't initiate a connection without a port number.
If you would do `openssl s_client -connect google.com`, it will hang forever.
The mistake that is been made is that you might get confused with HTTP protocol which hides common port numbers.
So http://google.com is actually http://google.com:80.
https://google.nl is translated to https://google.com:443