openssl s_client doesn't accept the -connect parameter, which is extremely strange; refusing to proceed.

Question

openssl s_client doesn't accept the -connect parameter, which is extremely strange; refusing to proceed.

andrea-schneider opened this issue 7 years ago · 6 comments

Hi
I get this error message when I try to test a domain

./cipherscan --curves www.google.com
openssl s_client doesn't accept the -connect parameter, which is extremely strange; refusing to proceed.

Can you please tell me what I'm doing wrong?

Thanks a lot
Andrea

Answer 1 · 2018-02-02T15:58:37.000Z

Hi @andrea-schneider - which platform are you using, and, more importantly, which version of openssl does the script use ? You can find the latter by

openssl version -a

Answer 2 · 2018-02-02T17:26:36.000Z

this is a generic message that will be printed if the OpenSSL in use will not list -connect in the output of openssl s_client -help

which indicates that either you really have a very weird compile of OpenSSL, or more likely, that the openssl failed to execute correctly

Answer 3 · 2018-02-20T08:59:41.000Z

I am seeing this on Cygwin as well. It is most likely caused by attempt to execute the Linux binary from the repository:

++ /cygdrive/c/stuff/cipherscan/openssl s_client -help
+ OPENSSLBINHELP='./cipherscan: line 2029: /cygdrive/c/stuff/cipherscan/openssl: cannot execute binary file: Exec format error'
+ [[ ./cipherscan: line 2029: /cygdrive/c/stuff/cipherscan/openssl: cannot execute binary file: Exec format error =~ :error: ]]
+ [[ ./cipherscan: line 2029: /cygdrive/c/stuff/cipherscan/openssl: cannot execute binary file: Exec format error =~ -connect ]]
+ echo '/cygdrive/c/stuff/cipherscan/openssl s_client doesn'\''t accept the -connect parameter, which is extremely strange; refusing to proceed.'
/cygdrive/c/stuff/cipherscan/openssl s_client doesn't accept the -connect parameter, which is extremely strange; refusing to proceed.
+ exit 1

Why is the openssl binary even shipped with the repository?

I have worked around this issue by removing the binary and symlinking Cygwin's openssl executable.

Answer 4 · 2018-02-20T10:46:23.000Z

Why is the openssl binary even shipped with the repository?

because it's a binary that includes changes that enable ciphers disabled by upstream (export grade, single DES, etc.), see README.md for details

Answer 5 · 2018-05-19T16:57:50.000Z

closing because of lack of activity

please re-open or comment if you still encounter this issue

Answer 6 · 2018-06-14T23:07:31.000Z

Disable shellcode injections (or whitelist the filepath) in your security software.