Search code examples
sslcurlpython-requestsssl-certificatewget

How to avoid SSL handshake using curl, wget or Python requests?

I need to make a connection to a server but I'm having trouble with the ssl connection. The server simply doesn't give any certificate back:

$ openssl s_client -connect the-host-I-test.com:443                                                                           
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 345 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

Some networking people are now going to debug that, but in the meantime I want to check whether the calls to the api actually return the correct information. So I want to do a call on port 443 but avoid the ssl handshake alltogether. I know about the -k flag on curl and the --no-check-certificate flag in wget, but these simply ignore the certificate that is received. In this case, no certificate is being received at all, so the connection just times out.

Is there a way to do this request using curl, wget, the Python requests lib, or anything else and completely avoid the ssl-handshake?

Disclaimer; I know this is insecure, that people can listen in on the connection and that a MITM attack can be done, plus probably a lot of other nasty stuff. But the connection is already over a VPN and there's no sensitive info on this line. It's just meant to be a short check.

Solution

  • So I want to do a call on port 443 but avoid the ssl handshake alltogether.

    HTTPS without the SSL handshake is plain HTTP. Only you want to try it on a non-standard port for plain HTTP and that's why you explicitly need to specify the port:

    curl http://example.com:443

    This might work if the server was not properly configured for SSL. But usually in this case the server sends back some plain HTTP response in the case of an unexpected HTTPS request - which your server does not. So it is unlikely that this will help.

    The server simply doesn't give any certificate back:
    SSL handshake has read 0 bytes and written 345 bytes

    The server gives nothing back and "no certificate" is just part of this nothing. The server simply closes the connection. Or something in between, i.e. such behavior is also observed with middleboxes like corporate firewalls who block the traffic to the target after figuring out the target from the ClientHello which is send by the client as start of TLS handshake.