copy/paste dehydrated domains file(s) to domains.txt on your workstation or any other remote place you want to test the 6-layered service from
vi domains.txt
for domain in `cat domains.txt`; do
echo $domain
curl -sI https://$domain/ | head -1
echo
done; unset domain
check ssl tunnel against any port and service, e.g. for https
for domain in `cat domains.txt`; do
echo $domain
echo Q | openssl s_client -connect $domain:443 2>/dev/null | openssl x509 -noout -text
echo
done; unset domain
same goes for submissions (with an s) and imaps — that’s optimal
grep submissions /etc/services
grep imaps /etc/services
a casual MX talks STARTTLS tho – check the certificate provided through SMTP STARTTLS
for domain in `cat domains.txt`; do
echo $domain
echo Q | openssl s_client -starttls smtp -name ehlo.domain.tld -connect $domain:25 | openssl x509 -noout -text
echo
done; unset domain
# -crlf
same goes for submission (without an s) and imap — that’s not optimal
grep submission /etc/services
grep imap /etc/services
proxytunnel -p $squid:8080 -d nethence.com:443 -a 7000
echo Q | openssl s_client -connect localhost:7000 -servername nethence.com | openssl x509 -noout -text | less
on the squid machine
ls -lhF /var/spool/squid/ssl_db/certs/
https://stevenrombauts.be/2018/12/test-smtp-with-telnet-or-openssl/
2 Testing TLS with OpenSSL https://www.feistyduck.com/library/openssl-cookbook/online/ch-testing-with-openssl.html
How to Verify A Connection is Secure Using OpenSSL https://www.liquidweb.com/kb/how-to-verify-a-connection-is-secure-using-openssl/ ==> crlf
https://github.com/proxytunnel/proxytunnel
https://wiki.archlinux.org/title/HTTP_tunneling
https://bugs.squid-cache.org/show_bug.cgi?id=4327 ==> recommends proxytunnel
https://maulwuff.de/research/ssl-debugging.html
https://www.feistyduck.com/library/openssl-cookbook/online/
https://serverfault.com/questions/389197/ssl-routinesssl23-writessl-handshake-failure
https://serverfault.com/questions/1170054/why-does-an-ssl-handshake-fail-due-to-small-mtu