SSL/TLS Connection testing with OpenSSL


How to Test HTTPS and IMAPS connections

OpenSSL can be used in many ways, so not only keys and certificates for SSL/TLS encrypted connections can be generated, but also their analysis and testing is possible. This article shows how to perform the usage of OpenSSL for verification and analysis, when accessing web servers via TCP port 443 and STARTTLS over TCP 587 or IMAPS TCP 993 to mail server, which requires OpenSSL on the computer.

The free online service SSL Labs provide deep analysis of the configuration of any SSL web server that can be performed, the connection is performed with many different browsers and displayed, and which encryption has been achieved. The evaluation shows which encryption methods and key exchange methods have been used.

HTTPS Connection Test with OpenSSL

If individual tests are to be performed, the following examples show how to do this. An encrypted connection to is established and then the Web page is retrieved.

In a situation where an alternate port is used instead of the default port 443 for HTTPS, for example, 4443, the command is the same, with :4443 specifying the port number.

If you want to retrieve the public certificate of a web page in the RAW text, the certificate can be issued by the following command line.

This command runs in a Linux terminal, in macOS terminal, in Git Bash or in a WSL session, the output between:

Insert with copy paste in Notepad and save as file in PEM/CER format (.cer).

By double-clicking on the public certificate saved in this way, it opens and appears on Windows as follows.


SMTPS Connection Test with OpenSSL

Use OpenSSL you can determine whether a mail server (MTA) offers encrypted STARTTLS connections, with the following command line.

The query displays the public certificate, then the encryption strength, the algorithm (SHA256), the TLS version (TLSv1.2), and cipher (ECDHE-RSA-AES256-GCM-SHA384) and other status information.

IMAPS Connection Test use OpenSSL

Check IMAPs using OpenSSL in the command line, to perform the command line with IMAPS (SSL/TLS) connection can be checked over TCP port 993.

The output then as here with CONNECT to via the SSL port 993 the raw output will displaying as shown in shortened way.

If you want to continue here, you can try to authenticate on the IMAP server and query for new mails.

Gmail now responds with A NO [ALERT] which requires authentication security settings to have an application password because multi-factor authentication (MFA) is enabled.

The following is a * OK with the output of the available functionalities (CAPABILITY), the IMAP Prompt is now waiting for input.

We can log in to our Dovecot IMAP server.

The login usually consists of the email address (imap-user) and a password.

After successful login, the output appears similar to this one.

Now we’re going to the IMAP inbox (INBOX).

The output of select INBOX is similar to the following.

There are as seen 3 unread mails in the INBOX, from the first mail we open the header (starts with . dot).

The output of . fetch 1 rfc822.header (the first 6 lines).

The first unread mail opens with . fetch 1 rfc822.text

Output of . fetch 1 then similar to here with my mail.

So this is a mail with PDF attachment, which is base64 encoded.

Enter Q will terminate the encrypted IMAP session.

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Leave a Reply

Your email address will not be published. Required fields are marked *