where to download Openssl client / utility for Windows

btan in EE provided following command:
  openssl s_client -connect mailhost:25 -starttls smtp -ssl3

while https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip
  openssl s_client -connect target:443 -ssl3

I'm assuming the above openssl is run from Linux.  

Where can I download the equivalent openssl  for Windows 7  or Win XP ?
sunhuxAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sunhuxAuthor Commented:
Will need ready-to-run openssl binary.


The copy I got from https://www.openssl.org/related/binaries.html
appears to be an openssl server/service, not a client command or utility
0
btanExec ConsultantCommented:
yes, strictly speaking, s_client is for non-windows, likewise for F5 reference. you should be seeing (if working), something close to if using "openssl s_client -connect example.com:443 -ssl3"
...:error:...:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1258:SSL alert number 40
...:error:....:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
Coming back, some possibilities below.

Use Cygwin to still run openssl commands including this in Windows.
- See this short brief for installing Cygwin with OpenSSL on Windows, may want to try out
https://www.conetrix.com/Blog/post/How-to-Install-OpenSSL-on-Windows-7.aspx

Or another "indirect" mean as shared in below with webserver built, but actually just using  VC++ IDE CLI
https://www.devside.net/guides/windows/openssl

in case you are interested in s_client options, you can check this out  - https://www.openssl.org/docs/apps/s_client.html

Actually, nmap has nse to enum cipher as well, if interested. During test to expect if working
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https
| ssl-enum-ciphers:
|   **SSLv3: No supported ciphers found**
|   TLSv1.0:
http://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html
0
Peter HutchisonSenior Network Systems SpecialistCommented:
Windows does not use OpenSSL, it has its own Cryptographic Services for providing secure communications. You can use tools such as CertReq.exe, CertUtil.exe,
You can download OpenSSL to create certificate requests, create certificate files, and do conversions between different types of ssl certs eg PEM, PFX etc.

Download for windows:
http://gnuwin32.sourceforge.net/packages/openssl.htm
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

btanExec ConsultantCommented:
Cygwin has OpenSSL package for running in windows
- http://www.slideshare.net/ganaaturuu/cygwinandopen-sslinstallguide
you can build with OpenSSL source (need Perl and VS)
- https://wiki.openssl.org/index.php/Compilation_and_Installation#Windows
0
Dave HoweSoftware and Hardware EngineerCommented:
official page at http://www.openssl.org/about/binaries.html lists some sources for precompiled copies - cygwin is great too, but is overkill if you just want the tool.

In practice,  I have a copy of apache on my machine for dev reasons,  so use the binaries from there :)
0
sunhuxAuthor Commented:
I've found a copy of Openssl that comes bundled with Trendmicr Securecloud & was able to execute
the openssl command indicated above on the Securecloud server running Win2008 R2 x64.

Quite a big folder of about 300MB in there: before I copy the entire 300MB folder down to
my laptop's Win7 (also x64), what are the chances it will work?  We have a limited bandwidth
when copying such huge files down so it's going to take a while
0
btanExec ConsultantCommented:
Not sure why have you gone into the bundled download if you are only interested in the openssl though. if you look at the windows binaries none have that huge size.
http://slproweb.com/products/Win32OpenSSL.html
https://cygwin.com/cgi-bin2/package-cat.cgi?file=x86%2Fcygwin64-openssl%2Fcygwin64-openssl-1.0.1e-2&grep=

Furthermore, TM version is not sure if it is for Windows too as its docs did not explicitly state which platform the openssl is running, it looks like separate Linux machine to convert. There is also no details on TM download stated openssl x64
http://docs.trendmicro.com/all/ent/sc/v3.7/en-US/sc_3.7_olh/prep_azure_pem.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.