14

It's easy to get the ssl certificate of HTTPS port (443 by default)

But how about ssl on tcp port?

Live example:

205.185.198.226:1194

This is vpn (openvpn server) running on port 1194

IP 205.185.198.226 using ssl/tls on port 1194 to proccess client authentication methods based on certificates

As Steffen Ullrich Said:

OpenVPN is not plain SS but it packs the SSL stream inside their own protocol, see https://openvpn.net/index.php/open-source/documentation/security-overview.html Thus you have to speak the encapsulation protocol before you get to the TLS stream which then includes the certificate.

So, Does it really possible to get the ssl certificate of the openvpn server on the tcp port? Any example code? (PHP, C or Perl)

Fish Monitor
  • 4,155
  • 3
  • 32
  • 53
user2203703
  • 1,955
  • 4
  • 22
  • 36

1 Answers1

3
$url = "tcp://198.203.28.44:2018";

I don't know what protocol is spoken on this ip:port, but either it is not SSL or the server does not accept common parameters inside the SSL handshake.

$ openssl s_client -connect 198.203.28.44:2018 -debug
CONNECTED(00000003)
write to 0x17e1490 [0x17e1a20] (295 bytes => 295 (0x127))
...
read from 0x17e1490 [0x17e6f80] (7 bytes => 0 (0x0))
...SSL routines:SSL23_WRITE:ssl handshake failure:...

The clients starts the SSL handhake with the ClientHello (295 bytes). The server only closes the connection instead of replying with the handshake (0 bytes).

Since no successful SSL handshake is done you cannot get the certificate for the connection, i.e. nothing is send back by the server which also means no certificate was sent.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • To be more closer, this is vpn (openvpn server) running on port 2018 – user2203703 Oct 11 '15 at 17:52
  • 2
    @user2203703: OpenVPN is not plain SS but it packs the SSL stream inside their own protocol, see https://openvpn.net/index.php/open-source/documentation/security-overview.html. Thus you have to speak the encapsulation protocol before you get to the TLS stream which then includes the certificate. – Steffen Ullrich Oct 11 '15 at 17:58
  • So, you think it's hard or almost not possible to do that, right? i spent a lot of hours on searching and trying to find a good answer. – user2203703 Oct 11 '15 at 18:10
  • @user2203703: how hard and how possible it is depends on your knowledge, experience with the OpenVPN protocol and time you have. It is definitely doable, otherwise OpenVPN would have problems to do it. I don't know if it is doable with PHP since I don't know if you get access to the low level functions of the OpenSSL library. But I'm sure it is not doable the simply high-level way you've tried. – Steffen Ullrich Oct 11 '15 at 18:42
  • I wish if you are PHP programmer! do you think it's possible to get the certificates on udp ports too by following the same steps? – user2203703 Oct 12 '15 at 05:49
  • @user2203703: there is no plain TLS on UDP (only DTLS). And with OpenVPN you will face the same issues, i.e. they have the TLS part embedded inside their own protocol. There is no general solutions to get the certificates if TLS is embedded into some other protocol. – Steffen Ullrich Oct 12 '15 at 06:15
  • Thank you very much for helping me. – user2203703 Oct 13 '15 at 16:50
  • No one was able to help me expect you, congrats, you got the bounty :) – user2203703 Oct 20 '15 at 21:03
  • I have successfully used the approach with `openssl s_client` to connect to a Fortinet VPN Server and dump the server certificate. The issue here is specific to OpenVPN's server encapsulating communication in their own wrapper protocol. – Irfy May 12 '22 at 16:36