OPENSSL s_cient request fails (with 408 request timeout)

0
votes

I am trying to connect to using openssl s_client api, command:

openssl s_client -connect <server1>:443

I am getting following output:

---------------------------------Start---------------------------

CONNECTED(00000003)

Certificate chain

Server certificate

No client certificate CA names sent Peer signing digest: SHA512

Server Temp Key: ECDH, P-256, 256 bits

SSL handshake has read 5540 bytes and written 302 bytes

Verification error: self signed certificate in certificate chain

New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1553089057 Timeout: 7200 (sec) Verify return code: 19 (self signed certificate in certificate chain)

Extended master secret: no

GET <path_to_api> HTTP/1.1
HOST: <server1>
Content-Type: application/soap+xml; charset=utf-8
Content-Length:0

HTTP/1.1 408 REQUEST_TIMEOUT Content-Length:0 Connection: Close

closed

--------------------------------End-------------------------------

It results in request time out. If I use curl command it is successful.

What is the cause for the request timeout ?

1
sslcurlopenssl
There should be an empty line at the end of the HTTP header but you don't show one. This might be the cause of the problem. Apart from that content-length and content-type are irrelevant for GET requests since these have never content in the first place.Steffen Ullrich
I gave an empty line like: GET <api> HTTP/1.1 HOST: <server1> But it is still giving me request time out.Sumit
It is hard to tell what is really going on since there is no way to reproduce for us what you are really doing. Note that the line end in HTTP has to be \r\n instead of just \n. Most servers accept both but it might be that your specific server is more picky and actually expects the client to adhere to standards. Try -crlf option with s_client.Steffen Ullrich
what is this -crlf option for ?Sumit
-crlf option worked for me, but I did not understand how it worked. Also, what is its equivalent option for programming??Sumit

1 Answers

0
votes

-crlf option resolved the issue. Thanks @SteffenUllrich

command:

openssl s_client -connect <server1>:443 -crlf