Set Sni Connection

Initiates an SNI-enabled connection to a specified server and port.

Terminal

openssl s_client -connect <host>:<port> -servername <hostname>

openssl s_client -connect <host>:<port> -servername <hostname>

#!/bin/bash

# Set Sni Connection
openssl s_client -connect {{host}}:{{port}} -servername {{hostname}}

import subprocess

# Set Sni Connection
# Make sure to replace <placeholders> with actual values
def run_command():
    cmd = [
        "openssl",
        "s_client",
        "-connect",
        "<host>:<port>",
        "-servername",
        "<hostname>"
    ]
    
    try:
        print(f"Executing: {' '.join(cmd)}")
        subprocess.run(cmd, check=True)
    except subprocess.CalledProcessError as e:
        print(f"Error: {e}")
    except FileNotFoundError:
        print("Error: openssl not found. Please install it first.")

if __name__ == "__main__":
    run_command()

When To Use

When querying servers hosting multiple domains on a single IP address

Pro Tip

Specify the correct hostname using '-servername' to avoid incorrect certificate retrieval.

Command Builder

Tune the command before you copy it

Back to syntax

Generated Command

openssl s_client -connect <host>:<port> -servername <hostname>

Anatomy of Output

Understanding the result

CONNECTED(00000003) Connection Status

Indicates successful connection to the specified server.

Certificate chain
 0 s: /C=US/ST=California/L=San Francisco/O=Example Co/CN=example.com

Certificate Details

Displays details of the returned certificate.

Troubleshooting

Common pitfalls

unable to connect

Solution: Verify host and port are correct and accessible.

SSL routines:ssl23_get_server_hello:wrong version number

Solution: Ensure the correct protocol version is being used.

SNI not supported

Solution: Verify the OpenSSL version supports SNI.

Command Breakdown

What each part is doing

openssl: Base Command; The executable that performs this operation. Here it runs Openssl before the shell applies any redirect operators.
<host>: host; The host or server name supplied to this command.
<port>: port; The port value supplied to this command.
<hostname>: hostname; The host or server name supplied to this command.
-connect: Command Option; Tool-specific option used by this command invocation.
-servername: Command Option; Tool-specific option used by this command invocation.

Alternative Approaches

Comparable commands in other tools

Alternative security tools for the same job.

Nettacker / Run Ping Test And Multiple Scans On Target nettacker --ping-before-scan -m <port_scan,subdomain_scan,waf_scan,...> -g <80,443> -i <owasp.org> Gpg / Display Help In Gpg Tui <?> Freshclam / Update Virus Definitions Clamav freshclam Secret Tool / Retrieve Password secret-tool lookup key <key> John / Show Passwords Cracked john --show <path/to/hashes.txt>