[openssl-users] How to use a specific ip interface while testing TLS/SSL connectivity.

openssl at foocrypt.net openssl at foocrypt.net
Sat Feb 9 13:45:33 UTC 2019 

HI Rajinder

Perhaps a tunnel may help ?

Have a look at man -s ssh, check out binding to interfaces and setting up a tunnel from one Nic through to your endpoint.

Have a look at nectar or nc as its called these days for listening on the endpoint of the tunnel as your basic http 1.1 server, and redirect the output to a file to see what it is receiving.

https://unix.stackexchange.com/questions/32182/simple-command-line-http-server <https://unix.stackexchange.com/questions/32182/simple-command-line-http-server> may help

You could write a quick shell script in KORN and open up a TCP socket connection to your web server and just feed it the raw SSL/TLS packets captured from the hand shake from another session captured with tcpdump, snoop, etc.

Regards,

Mark A. Lane


> On 9 Feb 2019, at 07:53, Rajinder Pal Singh <rajin6594 at gmail.com> wrote:
> 
> Thanks Mark for the prompt reply. Absolutely makes sense. Actually, i am on Nonstop HPE servers. There are no internal routing tables or so to say static routes. Environment is different from unix/linux. 
> 
> From Application perspective, we choose what ip interface to use. 
> 
> Wondering if we can force the openssl to use specific interface? 
> 
> Regards. 
> 
> 
> 
> On Fri, Feb 8, 2019, 12:26 PM mark at foocrypt.net <mailto:mark at foocrypt.net> <mark at foocrypt.net <mailto:mark at foocrypt.net> wrote:
> Hi Rajinder
> 
> There shouldn’t be any issues depending on how your host OS is performing the routing to the network the SSL/TLS endpoint is on.
> 
> Try a tracerout to the IP to see where it goes, and a telnet IP 80 or 443 to make sure you can connect to the web server.
> 
>> 
> Regards,
> 
> Mark A. Lane
> 
> 
> 
> 
>> On 9 Feb 2019, at 04:20, Rajinder Pal Singh <rajin6594 at gmail.com <mailto:rajin6594 at gmail.com>> wrote:
>> 
>> Hi, 
>> 
>> I want to use a specific ip interface (out of several available ethernet interfaces available on my server) to test TLS/SSL connectivity to a remote server. 
>> 
>> 
>> Wondering if its possible? 
>> 
>> 
>> Regards,
>> Rajinder. 
>> -- 
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users <https://mta.openssl.org/mailman/listinfo/openssl-users>
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190210/9557d95c/attachment.html>

More information about the openssl-users mailing list