On Thu, Sep 25, 2025 at 10:42:16PM +0000, 'Michael Wojcik' via openssl-users wrote:
> Even the newline from echo is unnecessary, so you can save a few characters:
>
> $ openssl s_client -connect ... </dev/null
>
> (The </dev/null can go anywhere after the command name, actually, so "openssl </dev/null s_client ..." works too.)
And, for matter, also before the command name,
</dev/null openssl s_client ...
but this isn't a POSIX shell beginner forum, so the reason I'm replying
is in fact to add a bit more substance on two potentially relevant
points.
1. With some combinations of options s_client will ignore
end-of-file on standard input, and remain connected to
the remote end. An explicit "-no_ign_eof" as a final
option can be helpful. From the docs:
-ign_eof
Inhibit shutting down the connection when end of file is
reached in the input.
-quiet
Inhibit printing of session and certificate information.
This implicitly turns on -ign_eof as well.
-no_ign_eof
Shut down the connection when end of file is reached in
the input. Can be used to override the implicit -ign_eof
after -quiet.
2. With TLS 1.3, resumption PSKs (session tickets) are sent *after*
the handshake completes, sometimes when it is the server's
first turn to send application data (to avoid potential deadlock
if both sides are writing large messages without concurrently
reading). So if processing of resumption PSKs is part of the
diagnostic goals, the client may need to solicit an application
layer response from the server. Therefore, e.g. for an SMTP
connection, one might:
(printf 'QUIT\r\n'; sleep 2) |
openssl s_client -starttls smtp \
-connect foo.example:25 ... \
-no_ign_eof
--
Viktor. 🇺🇦 Слава Україні!