Troubleshooting

Generic SSL/TLS client/server

openssl command-line tool can be used as a generic TLS/SSL client/server which connects to a remote host or accepts incoming connections using TLS/SSL. It's Windows version can be downloaded at https://www.slproweb.com/products/Win32OpenSSL.html. For example for the client:

openssl s_client -host HOSTNAME -port PORT -cert hostcert.pem -key hostkey.pem

or

openssl.exe s_client -host HOSTNAME -port PORT -cert hostcert.pem -key hostkey.pem -CAfile trustedCertificates.pem

For example for the server:

openssl s_server -port LISTEN_PORT -cert hostcert.pem -key hostkey.pem

or

openssl.exe s_server -port LISTEN_PORT -cert hostcert.pem -key hostkey.pem -CAfile trustedCertificates.pem

More details could be received using the -msg and -debug options. The detailed description of these modes can be found at:

• https://www.openssl.org/docs/manmaster/man1/openssl-s_client.html
• https://www.openssl.org/docs/manmaster/man1/openssl-s_server.html

SSL/TLS in detail

This article provides a detailed explanation of the TLS/SSL protocol, specifically the handshake protocol, its associated messages and alerts, and the record protocol.

Third-party SSL/TLS tools

There are third-party SSL/TLS tools which can be used as an SSL/TLS proxy. For example, stunnel can be used for this purpose.