**karasu** @karasu · 2018-02-08T16:34:35Z

karasu @karasu

TIL: The #openssl s_client treats any line starting with a capital R as a special "connected command" for renegotiating the session. Took us a while to understand why the #opensmtpd installation we were testing renegotiated every time I entered the RCPT TO:<...> line... 😑

Feb 08, 2018, 16:34 · Web · 7 · 8

**mulander** @mulander · Feb 08, 2018, 17:49

**mulander** @mulander · Feb 08, 2018, 17:49

@karasu nc(1) (netcat) on #OpenBSD supports TLS - https://man.openbsd.org/nc#T
https://man.openbsd.org/nc#EXAMPLES

**karasu** @karasu · Feb 08, 2018, 19:52

**karasu** @karasu · Feb 08, 2018, 19:52

@mulander In this case the port required the use of STARTTLS, which I think isn't supported by nc(1), but otherwise #OpenBSD's netcat is an awesome tool for this purpose.
Come to think of it, it would probably be nice to have something like the '-s' option in gnutls-cli for this purpose.

**Wolf480pl** @Wolf480pl@niu.moe · Feb 08, 2018, 20:09

**Wolf480pl** @Wolf480pl@niu.moe · Feb 08, 2018, 20:09

@karasu @mulander
btw. isn't socat an even more awesome tool?

**karasu** @karasu · Feb 08, 2018, 21:50

**karasu** @karasu · Feb 08, 2018, 21:50

@Wolf480pl socat is for sure nice and has some extremely useful features, but - at least for me - netcat is sufficient most of the time and doesn't require any manpage lookups. ;-)
Both netcat and libre/openssl are installed as part of the default images of most systems. Finding socat preinstalled is pretty rare in comparison.

**Wolf480pl** @Wolf480pl@niu.moe · Feb 08, 2018, 23:51

**Wolf480pl** @Wolf480pl@niu.moe · Feb 08, 2018, 23:51

@karasu dunno, I only remember netcat's -l option, and often need man to tell if it's `-p port` or just `port` (gnu vs bsd netcat).

Also, on most (GNU+)Linux distros I use, there's no concept of "base system" or "preinstalled software". And even if there is a similar concept, it usually doesn't contain netcat (or even dig).