Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
RE: How to specify timeout for openssl s_client ?
545 views
Skip to first unread message
Dave Thompson
Jul 16, 2013, 6:20:26 PM7/16/13
to
> From: owner-ope...@openssl.org On Behalf Of Nayna Jain
> Sent: Monday, 15 July, 2013 11:49
> It takes some time for my server to respond to openssl
> s_client connection request.
> However, openssl s_client timesout before the response.
>
Are you using DTLS with -timeout? Otherwise, and always for
"normal" TLS and SSL, there is no timeout on the handshake
in s_client, or by default in libssl -- although you can
use nonblocking logic and impose your own time limit(s).
Or do you mean the *TCP* connect timeout (i.e. SYN to
SYN-ACK)? For that s_client just uses the OS setting,
which classically is about a minute but many OSes today
allow tuning and some people or applications tune it
rather short. (When I google, I find mostly people who
want a *shorter* connect timeout for their client.)
It appears that some TCP stacks may be able to change this
for one socket (in one process) with a setsockopt, but
apparently the only general solution is to connect() on a
nonblocking socket and manage it yourself e.g. with select.
s_client doesn't do either of those.
> Is there some way to give a timeout argument to s_client command for
> waiting for response ?
>
For SSL/TLS no, for DTLS you can enable timeout but it
uses a fixed (and small) value, for TCP no.
Remember s_client like most of the commandline utilities is
intended primarily as a test tool, not for production use.
Are you doing something that belongs in an app that is
more tailored to your needs?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
> Sent: Monday, 15 July, 2013 11:49
> It takes some time for my server to respond to openssl
> s_client connection request.
> However, openssl s_client timesout before the response.
>
Are you using DTLS with -timeout? Otherwise, and always for
"normal" TLS and SSL, there is no timeout on the handshake
in s_client, or by default in libssl -- although you can
use nonblocking logic and impose your own time limit(s).
Or do you mean the *TCP* connect timeout (i.e. SYN to
SYN-ACK)? For that s_client just uses the OS setting,
which classically is about a minute but many OSes today
allow tuning and some people or applications tune it
rather short. (When I google, I find mostly people who
want a *shorter* connect timeout for their client.)
It appears that some TCP stacks may be able to change this
for one socket (in one process) with a setsockopt, but
apparently the only general solution is to connect() on a
nonblocking socket and manage it yourself e.g. with select.
s_client doesn't do either of those.
> Is there some way to give a timeout argument to s_client command for
> waiting for response ?
>
For SSL/TLS no, for DTLS you can enable timeout but it
uses a fixed (and small) value, for TCP no.
Remember s_client like most of the commandline utilities is
intended primarily as a test tool, not for production use.
Are you doing something that belongs in an app that is
more tailored to your needs?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
0 new messages