SSL Connection error is the most common error between client and server. SSL Connection error tells us that we are unable to make a secure connection with the server.
It tells us what the issue is, but what makes it more difficult is that users don’t have an idea what exactly is causing this. In this article, we will cover how the SSL connection is established and how to check SSL Connection error in 3 ways.
Table of Contents
How is SSL connection established?
- The client sends a request to the server for a secure session. The server responds by sending its X.509 digital certificate to the client.
- The client receives the server’s X.509 digital certificate.
- The client authenticates the server, using a list of known certificate authorities.
- The client generates a random symmetric key and encrypts it using the server’s public key.
- The client and server now both know the symmetric key and can use the SSL encryption process to encrypt and decrypt the information contained in the client request and the server response.
What is SSL certificate
Server certificates are the most popular type of X.509 certificate. SSL/TLS certificates are issued to hostnames (machine names like ‘ABC-SERVER-02’ or domain names like google.com).
A server certificate is a file installed on a website’s origin server. It’s simply a data file containing the public key and the identity of the website owner, along with other information. Without a server certificate, a website’s traffic can’t be encrypted with TLS.
Technically, any website owner can create their own server certificate, and such certificates are called self-signed certificates. However, browsers do not consider self-signed certificates to be as trustworthy as SSL certificates issued by a certificate authority.
Check SSL Connection from network side
We need to check the network connectivity between client and server first to make sure we can connect to remote server.
Now we collect 6 different ways for this task. We don’t need to install any package if we use the following two python commands.
- Use nc command nc -zvw10 192.168.0.1 22
- Use nmap command nmap 192.168.0.1 -p 22
- Use telnet command telnet 192.168.0.1 22
- Use python telnet module
- Use python socket module
- Use curl command
check more info about this from here
Check SSL Certificate info on remote server
We can check SSL certificate from the following items.
- The SSL certificate is not Installed properly
- The SSL certificate has Expired
- The SSL certificate chain order
Check SSL handshake process between client and server
We have some commands to check the SSL handshake process.
From the command output, we can narrow down the cause of SSL/TLS connection issue and locate root cause.
curl is an open source tool available on Windows 10, Linux and Unix OS. It is a tool designed to transfer data and supports many protocols. HTTPS is one of them. It can also used to test TLS connection.
- Test connection with a given TLS version: curl -v https://google.com –tlsv1.1
- Test with a given CipherSuite and TLS version: curl -v https://google.com –ciphers ECDHE-ECDSA-CHACHA20-POLY1305 –tlsv1.1
openSSL is an open source tool and its s_client acts as SSL client to test SSL connection with a remote server. This is helpful to isolate the cause of client.
- Test a particular TLS version: openssl s_client -host google.com -port 443 -tls1_1
- Test with a given ciphersuite: openssl s_client -host google.com -port 443 -cipher ECDHE-RSA-AES256-GCM-SHA384
we can check more info about openssl s_client command here.