SSL/TLS深度解析--OpenSSL s_client測試子命令
#下載第三方的最新的PEM(privacy-enhanced mail)格式的可信證書庫 [root@localhost ~]# wget --no-check-certificate https://curl.haxx.se/ca/cacert.pem
- 使用s_client 命令進行測試
[root@localhost ~]# openssl s_client -CAfile /root/cacert.pem -connect www.baidu.com:443 -msg
CONNECTED(00000005)
>>> ??? [length 0005]
16 03 01 01 36
......
>>> TLS 1.3, Handshake [length 0136], ClientHello
01 00 01 32 03 03 84 a2 23 07 e5 53 46 00 e1 fb
......
<<< ??? [length 0005]
16 03 03 00 35
......
<<< TLS 1.3, Handshake [length 0035], ServerHello
02 00 00 31 03 03 5b d2 a9 6d f4 a3 ca 9d 46 08
......
<<< ??? [length 0005]
16 03 03 0d ad
......
<<< TLS 1.2, Handshake [length 0dad], Certificate
0b 00 0d a9 00 0d a6 00 09 33 30 82 09 2f 30 82
......
depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2
verify return:1
depth=0 C = CN, ST = beijing, L = beijing, OU = service operation department, O = "Beijing Baidu Netcom Science Technology Co., Ltd", CN = baidu.com
verify return:1
<<< ??? [length 0005]
16 03 03 01 4d
<<< TLS 1.2, Handshake [length 014d], ServerKeyExchange
0c 00 01 49 03 00 17 41 04 5a 0d a7 d6 06 b2 c6
<<< ??? [length 0005]
16 03 03 00 04
<<< TLS 1.2, Handshake [length 0004], ServerHelloDone
0e 00 00 00
>>> ??? [length 0005]
16 03 03 00 46
>>> TLS 1.2, Handshake [length 0046], ClientKeyExchange
10 00 00 42 41 04 1d 79 be af cb 98 18 c0 8f a6
>>> ??? [length 0005]
14 03 03 00 01
>>> TLS 1.2, ChangeCipherSpec [length 0001]
01
>>> ??? [length 0005]
16 03 03 00 28
>>> TLS 1.2, Handshake [length 0010], Finished
14 00 00 0c 01 a2 ae cd 2c 70 c0 fb d5 1e 13 45
<<< ??? [length 0005]
16 03 03 00 aa
<<< TLS 1.2, Handshake [length 00aa], NewSessionTicket
04 00 00 a6 00 00 00 00 00 a0 97 c1 44 d2 4b 56
<<< ??? [length 0005]
14 03 03 00 01
<<< ??? [length 0005]
16 03 03 00 28
<<< TLS 1.2, Handshake [length 0010], Finished
14 00 00 0c c2 2e 30 1a b9 05 d1 b9 65 46 39 b5
---
Certificate chain
0 s:C = CN, ST = beijing, L = beijing, OU = service operation department, O = "Beijing Baidu Netcom Science Technology Co., Ltd", CN = baidu.com
i:C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2
1 s:C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2
i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIJLzCCCBegAwIBAgIMIe0swvEJLGZrFeUnMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTgwNDAzMDMyNjAzWhcNMTkwNTI2MDUzMTAyWjCBpzELMAkGA1UEBhMC
Q04xEDAOBgNVBAgTB2JlaWppbmcxEDAOBgNVBAcTB2JlaWppbmcxJTAjBgNVBAsT
HHNlcnZpY2Ugb3BlcmF0aW9uIGRlcGFydG1lbnQxOTA3BgNVBAoTMEJlaWppbmcg
QmFpZHUgTmV0Y29tIFNjaWVuY2UgVGVjaG5vbG9neSBDby4sIEx0ZDESMBAGA1UE
AxMJYmFpZHUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6TD
KhmBjiKc5USSOTCKxoz7yh+6TbA5MwWfKz7ZIMFjMJmSbqEsfyjIHtXnkz3x/GLG
szJnXI2Ylk73VGzW64Nks7svAo+p01icllfjHHc69A0Z2EZKU3LI5/DzcdKI/vdz
kSi6PXgbHsV2Y8aIIbcXbD5YA0DyhpWA5yBrmneSr2E2Xo+s88KFcg0yieS6opsq
xdKMSpS6ixbFEQLr2XgyGmb2tbslOD6UuxGNRhRgXhx0kcGLJzhLh4IDFZemxYZ8
fScewYkrFGZm6WzNdQZAWkw/QjkdS7EWCN+DBqToDaEBLtQkhiCiLLHLwsK69gfF
fQvf4f79dJK3fo+lswIDAQABo4IFmTCCBZUwDgYDVR0PAQH/BAQDAgWgMIGgBggr
BgEFBQcBAQSBkzCBkDBNBggrBgEFBQcwAoZBaHR0cDovL3NlY3VyZS5nbG9iYWxz
aWduLmNvbS9jYWNlcnQvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzJyMS5jcnQwPwYI
KwYBBQUHMAGGM2h0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9nc29yZ2FuaXph
dGlvbnZhbHNoYTJnMjBWBgNVHSAETzBNMEEGCSsGAQQBoDIBFDA0MDIGCCsGAQUF
BwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZn
gQwBAgIwCQYDVR0TBAIwADCCAxQGA1UdEQSCAwswggMHggliYWlkdS5jb22CDGJh
aWZ1YmFvLmNvbYIMd3d3LmJhaWR1LmNughB3d3cuYmFpZHUuY29tLmNugg9tY3Qu
eS5udW9taS5jb22CCmJhaWZhZS5jb22CC2Fwb2xsby5hdXRvggsqLmJhaWR1LmNv
bYIOKi5iYWlmdWJhby5jb22CESouYmFpZHVzdGF0aWMuY29tgg4qLmJkc3RhdGlj
LmNvbYILKi5iZGltZy5jb22CDCouaGFvMTIzLmNvbYILKi5udW9taS5jb22CDSou
Y2h1YW5rZS5jb22CDSoudHJ1c3Rnby5jb22CDyouYmNlLmJhaWR1LmNvbYIQKi5l
eXVuLmJhaWR1LmNvbYIPKi5tYXAuYmFpZHUuY29tgg8qLm1iZC5iYWlkdS5jb22C
ESouZmFueWkuYmFpZHUuY29tgg4qLmJhaWR1YmNlLmNvbYIMKi5taXBjZG4uY29t
ghAqLm5ld3MuYmFpZHUuY29tgg4qLmJhaWR1cGNzLmNvbYIMKi5haXBhZ2UuY29t
ggsqLmFpcGFnZS5jboINKi5iY2Vob3N0LmNvbYIQKi5zYWZlLmJhaWR1LmNvbYIO
Ki5pbS5iYWlkdS5jb22CESouc3NsMi5kdWFwcHMuY29tggwqLmJhaWZhZS5jb22C
EiouYmFpZHVjb250ZW50LmNvbYILKi5kbG5lbC5jb22CCyouZGxuZWwub3JnghIq
LmR1ZXJvcy5iYWlkdS5jb22CDiouc3UuYmFpZHUuY29tgggqLjkxLmNvbYISKi5o
YW8xMjMuYmFpZHUuY29tgg0qLmFwb2xsby5hdXRvghIqLnh1ZXNodS5iYWlkdS5j
b22CESouYmouYmFpZHViY2UuY29tghEqLmd6LmJhaWR1YmNlLmNvbYISY2xpY2su
aG0uYmFpZHUuY29tghBsb2cuaG0uYmFpZHUuY29tghBjbS5wb3MuYmFpZHUuY29t
ghB3bi5wb3MuYmFpZHUuY29tghR1cGRhdGUucGFuLmJhaWR1LmNvbTAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFEU2rOodiWjhKzkRrSOc
0Vk2i7DMMB8GA1UdIwQYMBaAFJbeYfG9HBYpUxzAzH07gwBA5hp8MIIBBAYKKwYB
BAHWeQIEAgSB9QSB8gDwAHYAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16g
gw8AAAFiiYpPCgAABAMARzBFAiAbbac6UM3Au0f5IiujWCEPmZR3sYrRrxzc2EB7
NTyu3AIhANaM+Sqpimpbz4r651CIX+hhCywdzLG3JE6zArgyjx2IAHYAu9nfvB+K
cbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFiiYpRRAAABAMARzBFAiEAmE6A
rGctn/Mm+nP7c3HD9n/sYFe/FJ5n23FkiL2rT9oCIGLJJl1F2sUmA/su4YT7dic5
R733IMJlZic9HQOJoITIMA0GCSqGSIb3DQEBCwUAA4IBAQC57KcI343ViCL8VmrQ
A2EAzC/T+ePnTtelSpWshrfpVZPM97kWe+i4CY2sCmtClkXY2rdM7sAJbtnxQ78A
FlepduenlaXVyOHZU5hacG5BD4MDz3LtkgU5Q8o8GqfCbnoFBTONPgAdj8OUiizx
dtzNoF+C7MpjoCgZO0qrNp2QEbWyjHZnE36OUf8yoy89MNXIDFi50oFCZpHKd47X
rgIxcjuWmQqd5waBhyakBf2zlCnguDKj0w8Cy9auX8WYaNEYUuTF4OmPOqICzBd/
pepMzaPDTd3A+xW7Mo6n0vasV/sZI1y2qMrqs7qvItqC0YMJSlxSZ67SnWZjAwgG
lxua
-----END CERTIFICATE-----
subject=C = CN, ST = beijing, L = beijing, OU = service operation department, O = "Beijing Baidu Netcom Science Technology Co., Ltd", CN = baidu.com
issuer=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4137 bytes and written 441 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 415050DDCFA0D76788B2A26E8A379B087783558EDA8DB8E79EF70DD0E6DE4888
Session-ID-ctx:
Master-Key: DC36584FD340F9CB637ABCB2686CB8EC25A748339DCBCC8064B274A679ABF64BD7AE0FA2A52C1DCFFDB12C9C98C02A89
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket:
0000 - 97 c1 44 d2 4b 56 83 ef-77 5f 08 cd 94 15 be ac ..D.KV..w_......
0010 - ce 1e b0 2b 43 9d 79 08-90 d6 2c df 47 63 1a 00 ...+C.y...,.Gc..
0020 - 15 43 24 94 43 5e 82 41-25 2c d0 18 1c d9 f5 3a .C$.C^.A%,.....:
0030 - 85 ef d5 93 43 c2 d1 25-48 2c 97 fb 7d b2 22 c6 ....C..%H,..}.".
0040 - 15 80 71 07 fe 0a e0 45-ff d7 4c 5f d3 b6 8e 4d ..q....E..L_...M
0050 - 94 6a 62 f9 93 f6 93 b9-18 ab 40 9c 1d ee 01 e5 .jb.......@.....
0060 - 3b c5 8e 56 49 df 7e c4-6f 3a 68 0a ed ca 2c b4 ;..VI.~.o:h...,.
0070 - 1f b8 1d c9 39 66 ab f8-f5 9c 96 f8 00 07 47 45 ....9f........GE
0080 - ab c6 29 d7 91 a2 78 d1-2a 67 25 d2 5b 1b dc 92 ..)...x.*g%.[...
0090 - 4c cd 0d 36 47 6f 5b 76-e7 44 7b cc 9a 08 20 22 L..6Go[v.D{... "
Start Time: 1540532589
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
<<< ??? [length 0005]
15 03 03 00 1a
<<< TLS 1.2, Alert [length 0002], warning close_notify
01 00
closed
>>> ??? [length 0005]
15 03 03 00 1a
>>> TLS 1.2, Alert [length 0002], warning close_notify
01 00
#-msg:打印出握手協議信息
#-msgfile:測試的輸出結果保存到文件裏
- 測試支持的協議
[root@localhost ~]# openssl s_client -CAfile /root/cacert.pem -connect www.baidu.com:443 -tls1_2
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 593AE9088214B92F0184214C8CF6FC7D273636100521AE9598CA87AB6400E67C
Session-ID-ctx:
[root@localhost ~]# openssl s_client -CAfile /root/cacert.pem -connect www.baidu.com:443 -tls1_1
SSL-Session:
Protocol : TLSv1.1
Cipher : ECDHE-RSA-AES128-SHA
Session-ID: ECFAAE748434BC5C16A8274A733307A8B2E28B4834EC57EE8BF10B961FFB0F47
Session-ID-ctx:
[root@localhost ~]# openssl s_client -CAfile /root/cacert.pem -connect www.baidu.com:443 -tls1
SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES128-SHA
Session-ID: 1D388296763561AC5EBA189D6296046FDAE7E821F048ECCC2173EFD9312D0D3D
Session-ID-ctx:
- 測試支持的密碼套件
[root@localhost ~]# openssl ciphers -v TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(256) Mac=AEAD RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD PSK-AES256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(256) Mac=AEAD PSK-CHACHA20-POLY1305 TLSv1.2 Kx=PSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(128) Mac=AEAD AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD PSK-AES128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(128) Mac=AEAD AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA384 ECDHE-PSK-AES256-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA1 SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1 SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(256) Mac=SHA1 RSA-PSK-AES256-CBC-SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384 DHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA384 RSA-PSK-AES256-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA1 DHE-PSK-AES256-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 PSK-AES256-CBC-SHA384 TLSv1 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA384 PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1 ECDHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA256 ECDHE-PSK-AES128-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA1 SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(128) Mac=SHA1 SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(128) Mac=SHA1 RSA-PSK-AES128-CBC-SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA256 DHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA256 RSA-PSK-AES128-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA1 DHE-PSK-AES128-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 PSK-AES128-CBC-SHA256 TLSv1 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA256 PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1 [root@localhost ~]# openssl s_client -CAfile /root/cacert.pem -connect www.baidu.com:443 -cipher ECDHE-ECDSA-AES128-SHA256 CONNECTED(00000005) 140378681091904:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1528:SSL alert number 40 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 263 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) ---
- 測試是否支持會話複用
[root@localhost ~]# openssl s_client -CAfile /root/cacert.pem -connect www.baidu.com:443 -reconnect 2>/dev/null |grep -i 'new\|reused' New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Reused, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Reused, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Reused, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Reused, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Reused, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
若是支持複用,第二次連接就不是 New, 而是 reused 。不支持的複用的話,每次再鏈接都是 New。bash
- 顯示證書鏈
[root@localhost ~]# openssl s_client -CAfile /root/cacert.pem -connect www.baidu.com:443 -showcerts
- 測試OCSP stapling
[root@localhost ~]# openssl s_client -CAfile /root/cacert.pem -connect www.baidu.com:443 -status
相關文章
- 1. OpenSSL命令---s_client
- 2. OpenSSL中重要的命令 —— s_server 和s_client
- 3. OpenSSL s_server / s_client 應用實例
- 4. openssl命令詳解
- 5. OpenSSL之命令詳解
- 6. OpenSSL命令---pkcs12
- 7. Openssl asn1parse命令
- 8. Openssl req命令
- 9. Openssl ec命令
- 10. OpenSSL命令---pkcs7
- 更多相關文章...
- • Maven 構建 & 項目測試 - Maven教程
- • XML DOM 解析器 - XML DOM 教程
- • Docker 清理命令
- • 算法總結-深度優先算法
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
