OpenSSL on Windows

Background

One of the fundamental differences between working on a Windows or a Linux Machine, is how much one relies on a GUI.

On a Windows machine, I am apt to quickly start the application, wait for the GUI to draw out, and start typing and clicking.

Not so much on Linux.

I am much more focused on what I am actually tying to do.

Troubleshooting

I have been having major problems the last few days and one of the troubleshooting steps suggested to me is ensure connectivity; specifically secured connectivity.

OpenSSL

Artifacts

Shining Light Productions

Built package of OpenSSL is available from Shining Light Productions.

The URL is Link.

Image

As of 2019-Sept-25th, here is what is available.

artifact.01.20190925.0956PM

Choice

We chose Win64 OpenSSL v1.1.1d.

Our OS is 64 bit and we opted for the Developer version.

The light version would have been far sufficient for our foundational need.

Installation

Installation is straight forward.

We chose not to “mingle” the binaries with system applications in windows\system32, but to have them placed in our target folder’s bin sub-directory.

Usage

s_client

https

sample

setlocal

    set "_appFolder=E:\Program Files\OpenSSL-Win64\bin"

    set "_appBinary=openssl.exe"

    set "_appFull="%_appFolder%\%_appBinary%""

    rem server fqdn

    set "_host=www.microsoft.com"

    rem port number for https is 443
    set "_portNumber=443"

    %_appFull% s_client -crlf -connect %_host%:%_portNumber%

endlocal

Output
Output – Image

s_client.https.01.20190925.1009PM

Output -Text

>"E:\Program Files\OpenSSL-Win64\bin\openssl.exe" s_client -crlf -connect www.microsoft.com:443
CONNECTED(00000188)
depth=1 C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, OU = Microsoft IT, CN = Microsoft IT TLS CA 4
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = WA, L = Redmond, O = Microsoft Corporation, OU = Microsoft Corporation, CN = www.microsoft.com
verify return:1
---
Certificate chain
0 s:C = US, ST = WA, L = Redmond, O = Microsoft Corporation, OU = Microsoft Corporation, CN = www.microsoft.com
i:C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, OU = Microsoft IT, CN = Microsoft IT TLS CA 4
1 s:C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, OU = Microsoft IT, CN = Microsoft IT TLS CA 4
i:C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root

Explanation
  1. CONNECTED(00000188)
  2. Certificate Chain

http

sample

setlocal

    set "_appFolder=E:\Program Files\OpenSSL-Win64\bin"

    set "_appBinary=openssl.exe"

    set "_appFull="%_appFolder%\%_appBinary%""

    rem server fqdn

    set "_host=www.microsoft.com"

    rem port number for http is 80
    set "_portNumber=80"

    %_appFull% s_client -crlf -connect %_host%:%_portNumber%

endlocal

Output
Output – Image

s_client.http.01.20190925.1016PM

Output – Text

>"E:\Program Files\OpenSSL-Win64\bin\openssl.exe" s_client -connect www.microsoft.com:80
CONNECTED(00000188)
2948:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl\record\ssl3_record.c:332:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 319 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
Explanation
  1. CONNECTED(00000188)
  2. Connected on Port 80
    • Port 80 is HTTP and not HTTPS ( Port 443 )
      • 2948:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl\record\ssl3_record.c:332:

Summary

Working on something else.

But, the troubleshooting pathway was presented in such way, I couldn’t help but look into openssl.

Dedicated

Dedicated to all the bloggers, tech writers, git hub committers out there.

The world will be much more hopeless without you.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s