$ Linux One Liners
Back to lessons

Web Server Rescue

Risk: safe

Show TLS Protocol and Cipher

You need to see which TLS protocol and cipher the edge negotiates.

Command

openssl s_client -connect edge.test:443 -servername edge.test </dev/null 2>/dev/null | awk '/Protocol|Cipher|Verify return code/ {print}'

Before you run this

Risk: safe. Do not treat one client handshake as a full TLS policy audit.

Expected output

Protocol, cipher, and verification result from the TLS handshake.

System impact

Nothing changes. The command performs a read-only TLS handshake and filters the negotiated details.

Recovery / rollback: no state is changed.

When to use it

Use when old clients fail, scanners flag TLS settings, or you need a quick negotiation snapshot.

When not to use it

Do not treat one client handshake as a full TLS policy audit.

Watch this command run

Example output from a temporary Linux lab

This example uses disposable sample files and sanitized output so you can inspect the shape of the result before touching a real system.

demo@lab:~$

$ openssl s_client -connect example.com:443 -servername example.com </dev/null 2>/dev/null | sed -n '1,8p'

CONNECTED(00000003)
Protocol  : TLSv1.3
Cipher    : TLS_AES_256_GCM_SHA384
Verify return code: 0 (ok)
-----BEGIN CERTIFICATE-----
FIXTURE-edge
-----END CERTIFICATE-----

$ openssl s_client -connect example.com:443 -servername example.com </dev/null 2>/dev/null | awk '/Protocol|Cipher|Verify return code/ {print}'

Protocol  : TLSv1.3
Cipher    : TLS_AES_256_GCM_SHA384
Verify return code: 0 (ok)
View reproducible demo details

This page shows the sanitized shell transcript and the setup steps needed to reproduce the example.

Lab setup steps

  1. openssl s_client -connect edge.test:443 -servername edge.test </dev/null 2>/dev/null | sed -n '1,8p'
  2. openssl s_client -connect edge.test:443 -servername edge.test </dev/null 2>/dev/null | awk '/Protocol|Cipher|Verify return code/ {print}'

next steps

Related commands

Web Server Rescue Risk: safe

Show TLS Certificate Dates

The outage was not the web server. The edge certificate had expired.

openssl s_client -connect edge.test:443 -servername edge.test </dev/null 2>/dev/null | openssl x509 -noout -dates
Web Server Rescue Risk: safe

Show TLS Certificate Names

The cert was valid, but not for this hostname.

openssl s_client -connect edge.test:443 -servername edge.test </dev/null 2>/dev/null | openssl x509 -noout -subject -ext subjectAltName
Web Server Rescue Risk: safe

Check the Certificate Served for SNI

The IP was right. The SNI name selected the wrong certificate.

openssl s_client -connect 203.0.113.10:443 -servername wrong.edge.test </dev/null 2>/dev/null | openssl x509 -noout -subject -ext subjectAltName
Web Server Rescue Risk: safe

Find Large Directories with du

Once you know a filesystem is full, the next question is where.

du -xh --max-depth=1 /var 2>/dev/null | sort -h
Web Server Rescue Risk: safe

Smoke Check an HTTP Status

A deploy is not done until the endpoint answers.

curl -fsS -o /dev/null -w '%{http_code} %{time_total}s\n' https://example.com/health
Study mapping

Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.

  • lpic1:103-gnu-unix-commands
  • lpic1:109-networking
  • lfcs:essential-commands
  • lfcs:networking
  • lfcs:services-logs
  • linuxplus:automation-scripting
  • linuxplus:provisional
  • linuxplus:troubleshooting
  • risk:read-only

Useful for

  • LPIC-1 style command-line practice
  • LFCS style performance tasks
  • Linux+ style troubleshooting review

Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.