We help IT Professionals succeed at work.

where to download Openssl client / utility for Windows

sunhux
sunhux asked
on
btan in EE provided following command:
  openssl s_client -connect mailhost:25 -starttls smtp -ssl3

while https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip
  openssl s_client -connect target:443 -ssl3

I'm assuming the above openssl is run from Linux.  

Where can I download the equivalent openssl  for Windows 7  or Win XP ?
Comment
Watch Question

Author

Commented:
Will need ready-to-run openssl binary.


The copy I got from https://www.openssl.org/related/binaries.html
appears to be an openssl server/service, not a client command or utility
btanExec Consultant
Distinguished Expert 2018
Commented:
yes, strictly speaking, s_client is for non-windows, likewise for F5 reference. you should be seeing (if working), something close to if using "openssl s_client -connect example.com:443 -ssl3"
...:error:...:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1258:SSL alert number 40
...:error:....:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
Coming back, some possibilities below.

Use Cygwin to still run openssl commands including this in Windows.
- See this short brief for installing Cygwin with OpenSSL on Windows, may want to try out
https://www.conetrix.com/Blog/post/How-to-Install-OpenSSL-on-Windows-7.aspx

Or another "indirect" mean as shared in below with webserver built, but actually just using  VC++ IDE CLI
https://www.devside.net/guides/windows/openssl

in case you are interested in s_client options, you can check this out  - https://www.openssl.org/docs/apps/s_client.html

Actually, nmap has nse to enum cipher as well, if interested. During test to expect if working
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https
| ssl-enum-ciphers:
|   **SSLv3: No supported ciphers found**
|   TLSv1.0:
http://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html
Peter HutchisonSenior Network Systems Specialist
Commented:
Windows does not use OpenSSL, it has its own Cryptographic Services for providing secure communications. You can use tools such as CertReq.exe, CertUtil.exe,
You can download OpenSSL to create certificate requests, create certificate files, and do conversions between different types of ssl certs eg PEM, PFX etc.

Download for windows:
http://gnuwin32.sourceforge.net/packages/openssl.htm
btanExec Consultant
Distinguished Expert 2018
Commented:
Cygwin has OpenSSL package for running in windows
- http://www.slideshare.net/ganaaturuu/cygwinandopen-sslinstallguide
you can build with OpenSSL source (need Perl and VS)
- https://wiki.openssl.org/index.php/Compilation_and_Installation#Windows
Dave HoweSoftware and Hardware Engineer
Commented:
official page at http://www.openssl.org/about/binaries.html lists some sources for precompiled copies - cygwin is great too, but is overkill if you just want the tool.

In practice,  I have a copy of apache on my machine for dev reasons,  so use the binaries from there :)

Author

Commented:
I've found a copy of Openssl that comes bundled with Trendmicr Securecloud & was able to execute
the openssl command indicated above on the Securecloud server running Win2008 R2 x64.

Quite a big folder of about 300MB in there: before I copy the entire 300MB folder down to
my laptop's Win7 (also x64), what are the chances it will work?  We have a limited bandwidth
when copying such huge files down so it's going to take a while
Exec Consultant
Distinguished Expert 2018
Commented:
Not sure why have you gone into the bundled download if you are only interested in the openssl though. if you look at the windows binaries none have that huge size.
http://slproweb.com/products/Win32OpenSSL.html
https://cygwin.com/cgi-bin2/package-cat.cgi?file=x86%2Fcygwin64-openssl%2Fcygwin64-openssl-1.0.1e-2&grep=

Furthermore, TM version is not sure if it is for Windows too as its docs did not explicitly state which platform the openssl is running, it looks like separate Linux machine to convert. There is also no details on TM download stated openssl x64
http://docs.trendmicro.com/all/ent/sc/v3.7/en-US/sc_3.7_olh/prep_azure_pem.html