0

I am trying to connect to using openssl s_client api, command:

openssl s_client -connect <server1>:443

I am getting following output:

---------------------------------Start---------------------------

CONNECTED(00000003)

Certificate chain

Server certificate

No client certificate CA names sent Peer signing digest: SHA512

Server Temp Key: ECDH, P-256, 256 bits

SSL handshake has read 5540 bytes and written 302 bytes

Verification error: self signed certificate in certificate chain

New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1553089057 Timeout: 7200 (sec) Verify return code: 19 (self signed certificate in certificate chain)

Extended master secret: no

GET <path_to_api> HTTP/1.1
HOST: <server1>
Content-Type: application/soap+xml; charset=utf-8
Content-Length:0

HTTP/1.1 408 REQUEST_TIMEOUT Content-Length:0 Connection: Close

closed

--------------------------------End-------------------------------

It results in request time out. If I use curl command it is successful.

What is the cause for the request timeout ?

Improve this question
8
  • There should be an empty line at the end of the HTTP header but you don't show one. This might be the cause of the problem. Apart from that content-length and content-type are irrelevant for GET requests since these have never content in the first place. Commented Mar 21, 2019 at 15:37
  • I gave an empty line like: GET <api> HTTP/1.1 HOST: <server1> But it is still giving me request time out. Commented Mar 22, 2019 at 4:04
  • It is hard to tell what is really going on since there is no way to reproduce for us what you are really doing. Note that the line end in HTTP has to be \r\n instead of just \n. Most servers accept both but it might be that your specific server is more picky and actually expects the client to adhere to standards. Try -crlf option with s_client. Commented Mar 22, 2019 at 5:08
  • what is this -crlf option for ? Commented Mar 22, 2019 at 5:46
  • -crlf option worked for me, but I did not understand how it worked. Also, what is its equivalent option for programming?? Commented Mar 22, 2019 at 6:04

1 Answer 1

Reset to default
1

-crlf option resolved the issue. Thanks @SteffenUllrich

command:

openssl s_client -connect <server1>:443 -crlf
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.