How to check if a host is able to establish a ssl connection to another host?

mhrsalehi

10/13/23, 12:09 PM

I have an OpenVPN server on port 443. I can not connect to this OpenVPN server:

Thu Oct 13 10:11:39 2022 TLS Error: TLS handshake failed
Thu Oct 13 10:11:39 2022 Fatal TLS error (check_tls_errors_co), restarting
Thu Oct 13 10:11:39 2022 SIGUSR1[soft,tls-error] received, process restarting

OpenVPN is up and running and port 443 is open:

[mehrdad@rock ~]$ sudo nmap -sS -O -p80,443 <the-server-ip>
Starting Nmap 7.70 ( https://nmap.org ) at 2022-10-13 15:04 +0330
Nmap scan report for <the-server-ip>
Host is up (0.13s latency).

PORT    STATE  SERVICE
80/tcp  closed http
443/tcp open   https

I suspect that the ISP has blocked SSL connections. how can I test this?

what does the following means?

[mehrdad@rock ~]$ openssl s_client -connect <server-ip>:443
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 293 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

225

0 + 7

ssl

openvpn

Steffen Ullrich

10/13/23, 12:40 PM

**OpenVPN is not SSL**. You cannot use `openssl s_client` to connect to an openvpn server - see also https://serverfault.com/q/708577/208324. Thus your question (*"... establish ssl connection..."*) does not fit what you have as endpoint for the connection (openvpn, not SSL).

mhrsalehi

10/13/23, 1:08 PM

I know! I just wanted to test that can a SSL connection be established between these hosts. the first log in answer is the output of `openvpn ./config-file.ovpn`

Steffen Ullrich

10/13/23, 1:23 PM

Again, if you have an openvpn server on port 443 then you cannot check if there is a SSL connection - because you have a openvpn server there and no SSL server.

mhrsalehi

10/14/23, 6:13 AM

I suggest that you read about SSL VPNs!

Steffen Ullrich

10/14/23, 10:02 AM

I know what a SSL VPN is. But openvpn is not a SSL VPN, yet you are trying to use it as one.

mhrsalehi

10/14/23, 11:39 AM

"... OpenVPN is an SSL VPN ..." https://openvpn.net/faq/why-ssl-vpn/

Steffen Ullrich

10/14/23, 12:24 PM

Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/139862/discussion-between-steffen-ullrich-and-mhrsalehi).

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to check if a host is able to establish a ssl connection to another host?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.