curl gives response 200 but openssl s_client gives timeout after ssl handshake

I'm having an issue with getting response from ELB using openssl package.

Curl works well:

$ curl -iv
* TCP_NODELAY set
* Connected to example.com (*.*.*.*) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none
* ALPN/NPN, server did not agree to a protocol
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
> GET /isActive HTTP/1.1
> Host: example.com
> User-Agent: curl/7.53.1
> Accept: */*
>
< HTTP/1.1 200
HTTP/1.1 200
< Access-Control-Allow-Headers: origin, content-getMessageType, accept, x-requested-with
Access-Control-Allow-Headers: origin, content-getMessageType, accept, x-requested-with
< Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
< Access-Control-Allow-Origin:
Access-Control-Allow-Origin:
< Cache-Control: no-cache,no-store,max-age=0
Cache-Control: no-cache,no-store,max-age=0
< Date: Thu, 25 Oct 2018 12:48:26 GMT
Date: Thu, 25 Oct 2018 12:48:26 GMT
< Content-Length: 6
Content-Length: 6
< Connection: keep-alive
Connection: keep-alive
<
* Connection #0 to host example.com left intact
ACTIVE

But when I'm using openssl package and trying to type in any HTTP Method i'm getting timeout error:

$ openssl s_client -connect example.com:443
CONNECTED(00000003)
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3205 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: 0CED79628CFCF32462EEF5086AD38 Session-ID-ctx: Master-Key: 2ADB0E064422DFBAAAF704B17A1D3 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1540472141 Timeout : 300 (sec) Verify return code: 0 (ok)
GET /isActive
HTTP/1.1 408 REQUEST_TIMEOUT
Content-Length:0
Connection: Close
closed

What could cause this issue? I also tried to pass keep-alive header but still no luck. Thanks!

4

1 Answer

Need to pass -crlf to the command:

openssl s_client -crlf -connect example.com:443

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.

You Might Also Like