OpenSSL: socket: Connection refused connect:errno=111
Solution 1
Check the ports of the server by any tool. For Example,
nmap <IP>
Starting Nmap 5.21 ( http://nmap.org ) at 2015-05-05 09:33 IST
Nmap scan report for <IP>
Host is up (0.00036s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open *****
139/tcp open *****
443/tcp open openssl
MAC Address: 18:03:73:DF:DC:62 (Unknown)
Check the port number is in openstate.
Solution 2
As I mentioned in the comment that the host name is missing. You would mention is right before the port number.
$ openssl s_client -connect myHost.com:443
Edit: now that you mention that there is a hostname in the command so we are fine there. Now check to see if host/port
is blocked. To check you can use nmap
or telnet
or any other port scanner.
If you can ping / connect to the host but not to the server process available on a particular port then there is a firewall blocking access.
The firewall could be on the host and if iptables
is the firewall(assuming Linux) then you need to add a rule to allow the connection. For a quick test, you could disable the firwall (NOT RECOMMENDED). Or you could run the server process on a port that is open.
Solution 3
This has nothing to do with SSL. Connection refused means that either there is no server or the connection is blocked by firewall. In your case (before your edit) the server is also plain wrong, i.e. ":443" is no valid server name (hostname missing).
Related videos on Youtube
user3345390
Updated on July 09, 2022Comments
-
user3345390 almost 2 years
I am trying to connect to one Linux server from a client,
openssl s_client -connect <IP of Server>:443
I am getting the following error:
socket: Connection refused
connect:errno=111-
user3345390 over 9 yearswhere should i mention the host name?
-
user3345390 over 9 yearsexecuting "openssl s_client -connect 10.188.102.92:443" from 10.188.100.159.
-
Vogel612 over 9 years@Khanna111GauravKhanna then please accept my apologies, I just saw this question in triage review, and didn't check the revisions
-
Khanna111 over 9 yearsSee my comment: if Linux and iptables is the only firewall then you can define rules to allow the connection.
-
-
user3345390 over 9 yearsI have checked the port is blocked using tcpdump -i eth0 port 443. Its not blocked by firewall
-
Steffen Ullrich over 9 yearsIn this case the connection was refused by the peer. You cannot check with tcpdump on your system the status of a remote firewall. But you should see, that the TCP connect fails.
-
Khanna111 over 9 yearsCan you ping the remote box
-
Khanna111 over 9 yearsIf you can ssh or in anyway access the remote box then this implies that that port is blocked and it might be you cannot access the host altogether. In both cases there is a firewall. You need to configure it to allow the connections.
-
Bibek Sharma over 8 years@kayle I'm getting the exact same problem.but I can see openssl in my list.
-
toraman over 6 yearsThis is great for detecting the problem. A little info to fix it maybe?