Checking ssl/tls services with openssl

Status of various ssl/tls services can be easily checked with openssl command s_client.

POP3s check:

openssl s_client -no_tls1 -connect

SMTP – TLS check:

openssl s_client -starttls smtp -connect


openssl s_client -connect

This can be used for monitoring services with zabbix using external check (script):


if [ -z $1 ]; then echo 0;
exit 1;


echo "quit" | openssl s_client -quiet -no_tls1 -connect $server:995 2> /dev/null | grep "+OK" | wc -l &
sleep 3;
openssl_pid=`ps aux | grep "openssl s_client -quiet -no_tls1 -connect $server" | awk {'print $2'}`
if [ -n "$openssl_pid" ]; then
kill $openssl_pid 2> /dev/null

Leave a Reply

Your email address will not be published. Required fields are marked *