Can the telnet or netcat clients communicate over SSL?

I would like to test client connections with IMAP over SSL, HTTPS, and other secure text-based Internet protocols over SSL/TLS, the same way I would using telnet or netcat if they were not tunneled over a secure protocol. Is there a way to get telnet or netcat to go through SSL/TLS such as with a pipe or alternate program?


There is no Telnet/Netcat client – they are two separate programs, and there exist at least 10 different Telnet clients and at least 6 different Netcat versions (original netcat, GNU netcat, OpenBSD netcat, nmap's ncat; forgot the rest).

The preferred tools come from TLS libraries themselves. They might be a bit verbose, though.

  • GnuTLS has a TLS client tool on Linux:

    gnutls-cli imap.gmail.com -p 993
    

    Use -s for STARTTLS; you will need to manually enter the necessary protocol commands and press CtrlD when ready.

    Supports IPv6, validates server certificates by default.

  • OpenSSL has a TLS client tool:

    openssl s_client -connect imap.gmail.com:993
    

    This is available for all operating systems. STARTTLS is supported via -starttls imap or -starttls smtp options, and the program will automatically negotiate it. (Although it throws away the initial server reply after doing so, but it's usually fine.)

    Only version ≥ 1.1 supports IPv6.

    Only version ≥ 1.0.2 (IIRC) validates server certificate by default; older versions require manual -CApath specification.

(I'd like to also have tools for testing NSS and SChannel, but couldn't find any.)

The programs also use the same libraries, but might have fewer configuration knobs. Some even skip on peer certificate checks by default...

  • socat:

    socat openssl:imap.gmail.com:993 stdio
    

    readline mode can be used for convenience:

    socat ssl:imap.gmail.com:993 readline
    

    STARTTLS is not supported.

  • ncat from nmap supports TLS (but not STARTTLS):

    ncat --ssl imap.gmail.com 993
    
  • Some Telnet clients, such as the telnet-ssl package on Debian, also support TLS:

    telnet-ssl -z ssl imap.gmail.com 993
    

    STARTTLS can be activated using starttls from the Ctrl] escape menu.


You may want to look at openssl s_client:

openssl s_client -connect dummy.com:8443