How can I check if a connection is TLS or STARTTLS?

imp0cat · on Feb 23, 2023

Connect to the smtp server and issue `EHLO something` command, then check if STARTTLS is mentioned in the server response.

smorrebrod · on Feb 23, 2023

Thanks!

justsomehnguy · on Feb 23, 2023

Minor nitpicks:

a) you need a plain-text aka telnet client for this

b) if you receive a valid, human-readable text then it means what you are not on TLS for sure

c) if B succeeds that doesn't means what that SMTP server support STARTTLS, you should check options and try to initite it , eg:

        220 smtp.fastmail.com ESMTP ready
    ->  EHLO just.testing.things
        250-smtp.fastmail.com
        250-PIPELINING
        250-SIZE 71000000
        250-ENHANCEDSTATUSCODES
        250-8BITMIME
    !!  250 STARTTLS
    ->  STARTTLS
        220 2.0.0 Start TLS

imp0cat · on Feb 24, 2023

Right, I guess you could also use openssl's s_client like this:

  openssl s_client -starttls smtp -connect smtp.gmail.com:587
  openssl s_client -connect smtp.gmail.com:465