Can the telnet or netcat clients communicate over SSL?

ssl telnet tls connection netcat

I would like to test client connections with IMAP over SSL, HTTPS, and other secure text-based Internet protocols over SSL/TLS, the same way I would using telnet or netcat if they were not tunneled over a secure protocol. Is there a way to get telnet or netcat to go through SSL/TLS such as with a pipe or alternate program?


There is no Telnet/Netcat client – they are two separate programs, and there exist at least 10 different Telnet clients and at least 6 different Netcat versions (original netcat, GNU netcat, OpenBSD netcat, nmap's ncat; forgot the rest).

The preferred tools come from TLS libraries themselves. They might be a bit verbose, though.

  • GnuTLS has a TLS client tool on Linux:

    gnutls-cli imap.gmail.com -p 993

    Use -s for STARTTLS; you will need to manually enter the necessary protocol commands and press CtrlD when ready.

    Supports IPv6, validates server certificates by default.

  • OpenSSL has a TLS client tool:

    openssl s_client -connect imap.gmail.com:993

    This is available for all operating systems. STARTTLS is supported via -starttls imap or -starttls smtp options, and the program will automatically negotiate it. (Although it throws away the initial server reply after doing so, but it's usually fine.)

    Only version ≥ 1.1 supports IPv6.

    Only version ≥ 1.0.2 (IIRC) validates server certificate by default; older versions require manual -CApath specification.

(I'd like to also have tools for testing NSS and SChannel, but couldn't find any.)

The programs also use the same libraries, but might have fewer configuration knobs. Some even skip on peer certificate checks by default...

  • socat:

    socat openssl:imap.gmail.com:993 stdio

    readline mode can be used for convenience:

    socat ssl:imap.gmail.com:993 readline

    STARTTLS is not supported.

  • ncat from nmap supports TLS (but not STARTTLS):

    ncat --ssl imap.gmail.com 993

  • Some Telnet clients, such as the telnet-ssl package on Debian, also support TLS:

    telnet-ssl -z ssl imap.gmail.com 993

    STARTTLS can be activated using starttls from the Ctrl] escape menu.


You may want to look at openssl s_client:

openssl s_client -connect dummy.com:8443

Related

Why do switches say 10/100/1000?
How can I display the  (U+F8FF, Apple logo) character on Windows?
Monitor TCP Traffic on specific port
Continuously re-execute a command when it finishes in Bash
What are the benefits of using a proxy? [closed]
How do I perform commands in another folder, without repeating the folder path?
How can I find out the command line options for git-bash.exe?
How do I enable VT-X?
How can I change the default website connection timeout in Chrome?
Clear terminal using keyboard shortcut
How to transfer my SSH keys to another machine?
Where can I find a list of all formulas available for homebrew?