get the ssl certificate of openvpn server on tcp port [closed]

Question

It's easy to get the ssl certificate of HTTPS port (443 by default)

But how about ssl on tcp port?

Live example:

205.185.198.226:1194

This is vpn (openvpn server) running on port 1194

IP 205.185.198.226 using ssl/tls on port 1194 to proccess client authentication methods based on certificates

As Steffen Ullrich Said:

OpenVPN is not plain SS but it packs the SSL stream inside their own protocol, see https://openvpn.net/index.php/open-source/documentation/security-overview.html Thus you have to speak the encapsulation protocol before you get to the TLS stream which then includes the certificate.

So, Does it really possible to get the ssl certificate of the openvpn server on the tcp port? Any example code? (PHP, C or Perl)

Answer 1

$url = "tcp://198.203.28.44:2018";

I don't know what protocol is spoken on this ip:port, but either it is not SSL or the server does not accept common parameters inside the SSL handshake.

$ openssl s_client -connect 198.203.28.44:2018 -debug
CONNECTED(00000003)
write to 0x17e1490 [0x17e1a20] (295 bytes => 295 (0x127))
...
read from 0x17e1490 [0x17e6f80] (7 bytes => 0 (0x0))
...SSL routines:SSL23_WRITE:ssl handshake failure:...

The clients starts the SSL handhake with the ClientHello (295 bytes). The server only closes the connection instead of replying with the handshake (0 bytes).

Since no successful SSL handshake is done you cannot get the certificate for the connection, i.e. nothing is send back by the server which also means no certificate was sent.