Test de services ssl et tls : imaps, https etc...
Un petit tips qui peut s'avérer utile !
Pour tester, vérifier, ou visualiser le fonctionnement d'un socket en SSL ou TLS :
Par exemple sur un service imaps dovecot :
openssl s_client -connect 127.0.0.1:993
Cette commande vous affichera de précieuses informations :
Les protocoles, leurs versions, le certificat utilisé, etc...
CONNECTED(00000003) depth=0 /C=FR/ST=France/L=Lyon/O=System Linux/CN=system-linux/emailAddress=adminATsystem-linux.eu verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=FR/ST=France/L=Lyon/O=System Linux/CN=system-linux/emailAddress=adminATsystem-linux.eu verify error:num=27:certificate not trusted verify return:1 depth=0 /C=FR/ST=France/L=Lyon/O=System Linux/CN=system-linux/emailAddress=adminATsystem-linux.eu verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/C=FR/ST=France/L=Lyon/O=System Linux/CN=system-linux/emailAddress=adminATsystem-linux.eu i:/C=FR/ST=France/L=Lyon/O=System Linux/CN=system-linux.eu/emailAddress=adminATsystem-linux.eu --- Server certificate -----BEGIN CERTIFICATE----- MIIDlzCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQQADCBhDELMAkGA1UEBhMCRlIx zANBgNVBAgTBkZyYW5jZTENMAsGA1UEBxMETHlbjEVMBMGA1UEChMMU3lzdGVt ExpbnV4MRgwFgYDVQQDEw9zeXN0ZW0tbGludXguXUxJDAiBgkqhkiG9w0BCQEW WFkbWluQHN5c3RlbS1saW51eC5ldTAeFw0wODEyMDYyMTMzMjRaFw0xODEyMDQy TMzMjRaMIGBMQswCQYDVQQGEwJGUjEPMA0GA1UEBMGRnJhbmNlMQ0wCwYDVQQH wRMeW9uMRUwEwYDVQQKEwxTeXN0ZW0gTGludXgxFTATBgNVBAMTDHN5c3RlbS1s aW51eDEkMCIGCSqGSIb3DQEJARYVYWRtaW5Ac3lzdGVtWxpbnV4LmV1MIGfMA0G CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAgJtwwYsK0hrnbHBzSlDNDK97qs+lmdn4 jVj2flsKSHnWrll3/JQud5JXbwexpd75894s419tyLyTSPEHrLCoMOVGonQ3tIO0 nAP/JDwQmD/fdkEQoNYqEJt7eUhd/MTEaxp5zt/Q0dwBbwt46HLijl9oxmc085u Xxg4zhARZwIDAQABo4IBGDCCARQwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFDjI5YJAzbI+ EaPGRT1CMUMySVfcMIG5BgNVHSMEgbEwga6AFH7rk0gSb8aF2aUTlWswEtXx6inT oYGKpIGHMIGEMQswCQYDVQQGEwJGUjEPMA0GA1UECBMRnJhbmNlMQ0wCwYDVQQH EwRMeW9uMRUwEwYDVQQKEwxTeXN0ZW0gTGludXgxGDAWBgNVBAMTD3N5c3RlbS1s aW51eC5ldTEkMCIGCSqGSIb3DQEJARYVYWRtaW5Ac3lzdGVLWxpbnV4LmV1ggkA oauWikJuNgowDQYJKoZIhvcNAQEEBQADgYEAdl5zVk4eC4mAr1J0fDj5QWubwOlF Fn8hsoj0oVeAPA1LyZY/XpHpD7CTiXfBmtdKOVqwRs1FsHtGpodz2Mhzhbt0Z4 ry0uoluXBPb3nWe9LVBgJ/cFXbH52V5xcaRPXIqnWTUk7Hn91Si0blNgLs1q9Mf 7uqktKEDEaUKyPk= -----END CERTIFICATE----- subject=/C=FR/ST=France/L=Lyon/O=System Linux/CN=system-linux/emailAddress=adminATsystem-linux.eu issuer=/C=FR/ST=France/L=Lyon/O=System Linux/CN=system-linux.eu/emailAddress=adminATsystem-linux.eu --- Acceptable client certificate CA names /C=FR/ST=France/L=Lyon/O=System Linux/CN=system-linux/emailAddress=adminATsystem-linux.eu --- SSL handshake has read 1439 bytes and written 321 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 174E9FBDA61AC405EBF42137F701CFA3FEAEFE34EE2AC241F3273D33976 Session-ID-ctx: Master-Key: CDC4BE76E137A454DDA4FFEAD5945D373215E682A6650E4D73AF5A09D88F24003DA17A0B63F2A921F6D9A2DBA9D Key-Arg : None Krb5 Principal: None Start Time: 1287132043 Timeout : 200 (sec) Verify return code: 21 (unable to verify the first certificate) --- * OK [CAPABILITY IMAP4rev2 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=TLS AUTH=LOGIN] Dovecot ready.
Si vous avez des petites astuces comme celle-ci n'hésitez pas à les partager dans les commentaires, merci.