openssl command-line tool can be used as a generic TLS/SSL client/server which connects to a remote host or accepts incoming connections using TLS/SSL. It's Windows version can be downloaded at https://www.slproweb.com/products/Win32OpenSSL.html. For example for the client:
openssl s_client -host HOSTNAME -port PORT -cert hostcert.pem -key hostkey.pem
openssl.exe s_client -host HOSTNAME -port PORT -cert hostcert.pem -key hostkey.pem -CAfile trustedCertificates.pem
For example for the server:
openssl s_server -port LISTEN_PORT -cert hostcert.pem -key hostkey.pem
openssl.exe s_server -port LISTEN_PORT -cert hostcert.pem -key hostkey.pem -CAfile trustedCertificates.pem
More details could be received using the
-debug options. The detailed description of these modes can be found at:
This article provides a detailed explanation of the TLS/SSL protocol, specifically the handshake protocol, its associated messages and alerts, and the record protocol.
For regular TCP connections, the
MSG_NOSIGNAL flag is used to avoid sending the
SIGPIPE signal to the application in case of sending data to a socket closed ungratefully by another side. The OpenSSL library does not support a way to pass the
MSG_NOSIGNAL flag. As a result, the application can receive the
SIGPIPE signal, and the application can be terminated if there is no signal handler. Therefore, the application that is used the SSL/TLS encryption should ignore or process the
SIGPIPE signal, e.g.:
You can find the proper handling example of Linux signals in BuySide and SellSide samples from the FIX Engine distributions package.
There are third-party SSL/TLS tools which can be used as an SSL/TLS proxy. For example, stunnel can be used for this purpose.