OpenSSL s_client：SSL/TLS 连接调试工具

1

openssl s_client -connect example.com:443

1

openssl s_client -connect example.com:443 -servername example.com

1
2
3
4
5

# 获取证书
echo | openssl s_client -connect www.baidu.com:443 -servername www.baidu.com 2>/dev/null | openssl x509 -noout -text

# 只看有效期
echo | openssl s_client -connect www.baidu.com:443 -servername www.baidu.com 2>/dev/null | openssl x509 -noout -dates

1
2

notBefore=Jul  9 07:01:02 2025 GMT
notAfter=Aug 10 07:01:01 2026 GMT

1

echo | openssl s_client -connect www.baidu.com:443 -servername www.baidu.com 2>/dev/null | grep "Protocol"

1

Protocol  : TLSv1.2

1

echo | openssl s_client -connect www.baidu.com:443 -servername www.baidu.com 2>/dev/null | grep "Cipher"

1

Cipher    : ECDHE-RSA-AES128-GCM-SHA256

1

openssl s_client -connect example.com:443 -tls1_2

1

openssl s_client -connect example.com:443 -tls1_3

1

echo | openssl s_client -connect example.com:443 -showcerts 2>/dev/null

1

openssl s_client -connect smtp.example.com:587 -starttls smtp

1

openssl s_client -connect example.com:443 -status 2>/dev/null | grep -A 20 "OCSP response"

1

echo | openssl s_client -connect example.com:443 -quiet 2>/dev/null

1
2
3
4
5
6
7

openssl s_client -connect example.com:443 -quiet
# 然后输入：
GET / HTTP/1.1
Host: example.com
Connection: close

# 注意：最后需要两个空行

1

openssl s_client -connect example.com:443 -reconnect 2>/dev/null | grep -E "reused|new"