systemadmin.es » Utilidades » Realizar pruebas mediante telnet en servicios con SSL

Realizar pruebas mediante telnet en servicios con SSL

Normalmente la primera pruebas que se hace para comprobar si un servicio funciona correctamente es conectarse mediante telnet al puerto y realizar alguna operación simple. Cuando el servicio funciona con SSL no nos sirve. Vamos a ver como hacerlo mediante openssl.

OpenSSL incluye un cliente genérico que nos permite establecer transparentemente conexiones SSL/TLS a cualquier servicio para realizar pruebas como si fuera un “telnet SSL“. Su uso es realmente simple:

# openssl s_client -connect your.host.org:993
CONNECTED(00000003)
depth=0 /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=host170.host.org/emailAddress=ssl@host170.host.org
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=host170.host.org/emailAddress=ssl@host170.host.org
verify return:1
---
Certificate chain
 0 s:/C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=host170.host.org/emailAddress=ssl@host170.host.org
   i:/C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=host170.host.org/emailAddress=ssl@host170.host.org
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDmDCCAwGgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBlTELMAkGA1UEBhMCVVMx
EDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEDAOBgNVBAoTB1Vu
a25vd24xEDAOBgNVBAsTB1Vua25vd24xGTAXBgNVBAMTEGhvc3QxNzAuaG9zdC5v
cmcxIzAhBgkqhkiG9w0BCQEWFHNzbEBob3N0MTcwLmhvc3Qub3JnMB4XDTA4MDUy
OTA0MjQ0NVoXDTA5MDUyOTA0MjQ0NVowgZUxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
EwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAw
DgYDVQQLEwdVbmtub3duMRkwFwYDVQQDExBob3N0MTcwLmhvc3Qub3JnMSMwIQYJ
KoZIhvcNAQkBFhRzc2xAaG9zdDE3MC5ob3N0Lm9yZzCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEArUKLkqqYuyumM8tjGf6liNne2ott7qeFViH3b41H0lYOb26o
/i1og913Z83tVjf5B/MI9gRjhZnW2Q3nBFjMvz1KRf38GHmWNZMiwIxcq7SKFqWW
z7JiSccpGUP6BpG1uWxYf2GwBx6hB7sflg5wrQuV5r6sLcRlIaCKOb0BfwsCAwEA
AaOB9TCB8jAdBgNVHQ4EFgQULF1CVQKON9E0hNIEnRtZEOeRkxgwgcIGA1UdIwSB
ujCBt4AULF1CVQKON9E0hNIEnRtZEOeRkxihgZukgZgwgZUxCzAJBgNVBAYTAlVT
MRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdV
bmtub3duMRAwDgYDVQQLEwdVbmtub3duMRkwFwYDVQQDExBob3N0MTcwLmhvc3Qu
b3JnMSMwIQYJKoZIhvcNAQkBFhRzc2xAaG9zdDE3MC5ob3N0Lm9yZ4IBADAMBgNV
HRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBAD84RD62q4azxmyHJk3+5xZDZI8u
vEQ6lgK1Gx156GgrJITst9MeYBBerbFruNufFhVK2WIBKsjw8qTuqFgChO+hjYLJ
iQkRSqqu2XnlFNrYw7s0qBAMYtpXImqLT2a57K4cpPBCs9XmOwwsoT+n5KlpsL1V
4ZQibgyOI13ZP2NZ
-----END CERTIFICATE-----
subject=/C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=host170.host.org/emailAddress=ssl@host170.host.org
issuer=/C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=host170.host.org/emailAddress=ssl@host170.host.org
---
No client certificate CA names sent
---
SSL handshake has read 1480 bytes and written 308 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID: 3FC3262AB1078CB4D827D22D4D218C72475FE89D20B434C4AC1B15BE7502EDD5
    Session-ID-ctx:
    Master-Key: EC4172E2A6BEFFC0BA378DDA4704C1DB767F18902CBADD926F83BDCC4EE957BF60A15B8D23C9ED7D06B1F1AA9F124C63
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1242022744
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
* OK Dovecot ready.
. logout
* BYE Logging out
. OK Logout completed.
closed

Relacionados

0
Dentro de Utilidades May 11, 2009 Tags: Seguridad

Imprimir Imprimir

Deja un comentario:

XHTML - Tags permitidos:<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>