Denny
Reputation: 89
STARTTLS connection with Ruby and OpenSSL
Using openssl s_client on the command line I am able to establish a comection to a POP3 server which requires STARTTLS.
openssl s_client -connect pop3.example.com:110 -starttls pop3
How can I accomplish the same (especially the -starttls pop part) utilizing Ruby's OpenSSL library:
tcp_socket = TCPSocket.new host, port
ssl_context = OpenSSL::SSL::SSLContext.new
ssl_client = OpenSSL::SSL::SSLSocket.new tcp_socket, ssl_context
ssl_client.connect
Upvotes: 0
Views: 490
Answers (1)
Casper
Reputation: 34328
The POP3 specification states that you need to send STLS in order to initiate the TLS handshake. Therefore you should send STLS on the unencrypted socket first, and after that you should be able to call connect on the OpenSSL layer, which will then perform the actual handshake.
If you call connect before sending STLS, the server won't know what is going on, and will interpret it as garbage input.
Working example:
tcp = TCPSocket.new(host, port)
puts tcp.gets
tcp.puts 'STLS'
puts tcp.gets
ssl_context = OpenSSL::SSL::SSLContext.new
ssl_client = OpenSSL::SSL::SSLSocket.new(tcp, ssl_context)
ssl_client.connect
puts ssl_client.state
ssl_client.puts "NOOP"
puts ssl_client.gets
Output:
+OK POP3 ready <2067986403.1526483285@....>
+OK
SSLOK
+OK
Upvotes: 2
Related Questions
- OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A
- Ruby TCP server with OpenSSL and Letsencrypt certificate
- Trying to create a simple Ruby server over SSL
- OpenSSL error when making http request in Ruby
- Ruby: SSL_connect SYSCALL returned=5 errno=0 state=unknown state (OpenSSL::SSL::SSLError)
- Send Email with STARTTLS
- SSL Client in ruby
- OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A
- openssl to negotiate SSL encryption for STARTTLS
- Add SSL to a connection