The OpenSSL command with the s_client -connect option can be used to test connection to a host on a port.
If using Linux, the which command can be used to determine if OpenSSL is installed on the system. If not, refer to Install OpenSSL on Linux.
~]# which openssl
/usr/bin/openssl
If using Windows, let's say OpenSSL is installed at this location. Or, refer to Install OpenSSL on Windows.
cd "C:\program files\gnuwin32\bin\"
Start OpenSSL:
openssl.exe
The following examples are based on Linux, but will work the same with OpenSSL on Windows.
If the hostname is invalid, something like this should be returned.
~]# openssl s_client -connect bogus.example.com:80
140368544307008:error:2008F002:BIO routines:BIO_lookup_ex:system lib:crypto/bio/b_addr.c:730:Name or service not known
connect:errno=2
If the hostname is valid but connections to the host on the port are not allowed, something like this should be returned.
~]# openssl s_client -connect www.example.com:12345
140335663650624:error:02002071:system library:connect:No route to host:crypto/bio/b_sock2.c:110:
140335663650624:error:2008A067:BIO routines:BIO_connect:connect error:crypto/bio/b_sock2.c:111:
connect:errno=113
errno=9 often suggests the connection timed out, perhaps because there is a firewall refusing the connection.
~]# openssl s_client -connect www.example.com:98765
socket: Bad file descriptor
connect:errno=9
If the connection is successful, both CONNECTED and return code: 0 (ok) should be included in the output.
~]$ openssl s_client -connect mx1.example.com:25
CONNECTED(00000003)
Verify return code: 0 (ok)
Did you find this article helpful?
If so, consider buying me a coffee over at