OpenSSL: socket: Connection refused connect:errno=111

Question

I am trying to connect to one Linux server from a client,

openssl s_client -connect <IP of Server>:443

I am getting the following error:

socket: Connection refused
connect:errno=111

executing "openssl s_client -connect 10.188.102.92:443" from 10.188.100.159. — user3345390, Dec 05 '14 at 09:05
@Khanna111GauravKhanna then please accept my apologies, I just saw this question in triage review, and didn't check the revisions — Vogel612, Dec 05 '14 at 09:09
See my comment: if Linux and iptables is the only firewall then you can define rules to allow the connection. — Khanna111, Dec 05 '14 at 09:11

kayle · Accepted Answer · 2015-05-05T05:02:54.183

29

Check the ports of the server by any tool. For Example,

 nmap <IP>

Starting Nmap 5.21 ( http://nmap.org ) at 2015-05-05 09:33 IST
Nmap scan report for <IP>
Host is up (0.00036s latency).
Not shown: 996 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  *****
139/tcp open  *****
443/tcp open  openssl
MAC Address: 18:03:73:DF:DC:62 (Unknown)

Check the port number is in openstate.

edited May 05 '15 at 05:02

answered Dec 16 '14 at 05:51

kayle

1,126
13
20

@kayle I'm getting the exact same problem.but I can see openssl in my list. – Bibek Sharma Oct 26 '15 at 12:12
2

This is great for detecting the problem. A little info to fix it maybe? – toraman Aug 17 '17 at 20:32

Khanna111 · Answer 2 · 2021-11-18T02:06:12.013

14

As I mentioned in the comment that the host name is missing. You would mention is right before the port number.

 $ openssl s_client -connect myHost.com:443

Edit: now that you mention that there is a hostname in the command so we are fine there. Now check to see if host/port is blocked. To check you can use nmap or telnet or any other port scanner.

If you can ping / connect to the host but not to the server process available on a particular port then there is a firewall blocking access.

The firewall could be on the host and if iptables is the firewall(assuming Linux) then you need to add a rule to allow the connection. For a quick test, you could disable the firwall (NOT RECOMMENDED). Or you could run the server process on a port that is open.

edited Nov 18 '21 at 02:06

answered Dec 05 '14 at 09:05

Khanna111

3,627
1
23
25

Can you ping the remote box – Khanna111 Dec 05 '14 at 09:14
If you can ssh or in anyway access the remote box then this implies that that port is blocked and it might be you cannot access the host altogether. In both cases there is a firewall. You need to configure it to allow the connections. – Khanna111 Dec 05 '14 at 17:47

Steffen Ullrich · Answer 3 · 2014-12-05T09:11:15.117

3

This has nothing to do with SSL. Connection refused means that either there is no server or the connection is blocked by firewall. In your case (before your edit) the server is also plain wrong, i.e. ":443" is no valid server name (hostname missing).

edited Dec 05 '14 at 09:11

answered Dec 05 '14 at 08:58

Steffen Ullrich

114,247
10
131
172

I have checked the port is blocked using tcpdump -i eth0 port 443. Its not blocked by firewall – user3345390 Dec 05 '14 at 09:04
In this case the connection was refused by the peer. You cannot check with tcpdump on your system the status of a remote firewall. But you should see, that the TCP connect fails. – Steffen Ullrich Dec 05 '14 at 09:09

OpenSSL: socket: Connection refused connect:errno=111

3 Answers3