[openssl-users] s_server (and maybe s_client) misbehaves with binary data

Richard Moore richmoore44 at gmail.com
Mon Nov 2 15:13:15 UTC 2015

There have always been special commands making s_client unsuitable for this
usage - for example R followed by a newline will renegotiate, and Q will
quit. According to the docs these can be disabled by -quiet and -ign_eof
though I've never tested that myself.



On 2 November 2015 at 13:37, Jakob Bohm <jb-openssl at wisemo.com> wrote:

> As with most other "apps" in the openssl binary, the s_server
> and s_client commands are useful for multiple purposes:
> 1. As debug tools
> 2. As a way to do one-off operations without writing any
>   code.
> 3. As back ends for small programs written in scripting
>   languages that cannot really call the OpenSSL library
>   directly.
> This is about the latter two uses of s_server and s_client to
> set up a one-off or scripted secure pipe between two machines.
> Unfortunately, the current (1.0.2) version of s_server will
> do special and problematic things when encountering some
> 3-byte sequences (such as "\nq\n") in the data stream.
> It would thus be useful for s_server (and if applicable
> s_client) to accept the "-binary" option (already provided
> by the cms/smime commands), to turn off this behavior and
> provide a clean data pass through to/from the other end.
> In "-binary" mode, no byte value or sequence of byte value
> is special, except that explicit use of the "-crlf" option
> still works.
> Enjoy
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151102/9f953899/attachment.html>

More information about the openssl-users mailing list