SSL/TLS深度解析--OpenSSL s_client測試子命令
阿新 • • 發佈:2018-10-30
gad images record .com dmv none block http warning
#下載第三方的最新的PEM(privacy-enhanced mail)格式的可信證書庫
[root@localhost ~]# wget --no-check-certificate https://curl.haxx.se/ca/cacert.pem
- 使用s_client 命令進行測試
[root@localhost ~]# openssl s_client -CAfile /root/cacert.pem -connect www.baidu.com:443 -msg CONNECTED(00000005) >>> ??? [length 0005] 16 03 01 01 36 ...... >>> TLS 1.3, Handshake [length 0136], ClientHello 01 00 01 32 03 03 84 a2 23 07 e5 53 46 00 e1 fb ...... <<< ??? [length 0005] 16 03 03 00 35 ...... <<< TLS 1.3, Handshake [length 0035], ServerHello 02 00 00 31 03 03 5b d2 a9 6d f4 a3 ca 9d 46 08 ...... <<< ??? [length 0005] 16 03 03 0d ad ...... <<< TLS 1.2, Handshake [length 0dad], Certificate 0b 00 0d a9 00 0d a6 00 09 33 30 82 09 2f 30 82 ...... depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA verify return:1 depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2 verify return:1 depth=0 C = CN, ST = beijing, L = beijing, OU = service operation department, O = "Beijing Baidu Netcom Science Technology Co., Ltd", CN = baidu.com verify return:1 <<< ??? [length 0005] 16 03 03 01 4d <<< TLS 1.2, Handshake [length 014d], ServerKeyExchange 0c 00 01 49 03 00 17 41 04 5a 0d a7 d6 06 b2 c6 <<< ??? [length 0005] 16 03 03 00 04 <<< TLS 1.2, Handshake [length 0004], ServerHelloDone 0e 00 00 00 >>> ??? [length 0005] 16 03 03 00 46 >>> TLS 1.2, Handshake [length 0046], ClientKeyExchange 10 00 00 42 41 04 1d 79 be af cb 98 18 c0 8f a6 >>> ??? [length 0005] 14 03 03 00 01 >>> TLS 1.2, ChangeCipherSpec [length 0001] 01 >>> ??? [length 0005] 16 03 03 00 28 >>> TLS 1.2, Handshake [length 0010], Finished 14 00 00 0c 01 a2 ae cd 2c 70 c0 fb d5 1e 13 45 <<< ??? [length 0005] 16 03 03 00 aa <<< TLS 1.2, Handshake [length 00aa], NewSessionTicket 04 00 00 a6 00 00 00 00 00 a0 97 c1 44 d2 4b 56 <<< ??? [length 0005] 14 03 03 00 01 <<< ??? [length 0005] 16 03 03 00 28 <<< TLS 1.2, Handshake [length 0010], Finished 14 00 00 0c c2 2e 30 1a b9 05 d1 b9 65 46 39 b5 --- Certificate chain 0 s:C = CN, ST = beijing, L = beijing, OU = service operation department, O = "Beijing Baidu Netcom Science Technology Co., Ltd", CN = baidu.com i:C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2 1 s:C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2 i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA --- Server certificate -----BEGIN CERTIFICATE----- MIIJLzCCCBegAwIBAgIMIe0swvEJLGZrFeUnMA0GCSqGSIb3DQEBCwUAMGYxCzAJ BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g RzIwHhcNMTgwNDAzMDMyNjAzWhcNMTkwNTI2MDUzMTAyWjCBpzELMAkGA1UEBhMC Q04xEDAOBgNVBAgTB2JlaWppbmcxEDAOBgNVBAcTB2JlaWppbmcxJTAjBgNVBAsT HHNlcnZpY2Ugb3BlcmF0aW9uIGRlcGFydG1lbnQxOTA3BgNVBAoTMEJlaWppbmcg QmFpZHUgTmV0Y29tIFNjaWVuY2UgVGVjaG5vbG9neSBDby4sIEx0ZDESMBAGA1UE AxMJYmFpZHUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6TD KhmBjiKc5USSOTCKxoz7yh+6TbA5MwWfKz7ZIMFjMJmSbqEsfyjIHtXnkz3x/GLG szJnXI2Ylk73VGzW64Nks7svAo+p01icllfjHHc69A0Z2EZKU3LI5/DzcdKI/vdz kSi6PXgbHsV2Y8aIIbcXbD5YA0DyhpWA5yBrmneSr2E2Xo+s88KFcg0yieS6opsq xdKMSpS6ixbFEQLr2XgyGmb2tbslOD6UuxGNRhRgXhx0kcGLJzhLh4IDFZemxYZ8 fScewYkrFGZm6WzNdQZAWkw/QjkdS7EWCN+DBqToDaEBLtQkhiCiLLHLwsK69gfF fQvf4f79dJK3fo+lswIDAQABo4IFmTCCBZUwDgYDVR0PAQH/BAQDAgWgMIGgBggr BgEFBQcBAQSBkzCBkDBNBggrBgEFBQcwAoZBaHR0cDovL3NlY3VyZS5nbG9iYWxz aWduLmNvbS9jYWNlcnQvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzJyMS5jcnQwPwYI KwYBBQUHMAGGM2h0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9nc29yZ2FuaXph dGlvbnZhbHNoYTJnMjBWBgNVHSAETzBNMEEGCSsGAQQBoDIBFDA0MDIGCCsGAQUF BwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZn gQwBAgIwCQYDVR0TBAIwADCCAxQGA1UdEQSCAwswggMHggliYWlkdS5jb22CDGJh aWZ1YmFvLmNvbYIMd3d3LmJhaWR1LmNughB3d3cuYmFpZHUuY29tLmNugg9tY3Qu eS5udW9taS5jb22CCmJhaWZhZS5jb22CC2Fwb2xsby5hdXRvggsqLmJhaWR1LmNv bYIOKi5iYWlmdWJhby5jb22CESouYmFpZHVzdGF0aWMuY29tgg4qLmJkc3RhdGlj LmNvbYILKi5iZGltZy5jb22CDCouaGFvMTIzLmNvbYILKi5udW9taS5jb22CDSou Y2h1YW5rZS5jb22CDSoudHJ1c3Rnby5jb22CDyouYmNlLmJhaWR1LmNvbYIQKi5l eXVuLmJhaWR1LmNvbYIPKi5tYXAuYmFpZHUuY29tgg8qLm1iZC5iYWlkdS5jb22C ESouZmFueWkuYmFpZHUuY29tgg4qLmJhaWR1YmNlLmNvbYIMKi5taXBjZG4uY29t ghAqLm5ld3MuYmFpZHUuY29tgg4qLmJhaWR1cGNzLmNvbYIMKi5haXBhZ2UuY29t ggsqLmFpcGFnZS5jboINKi5iY2Vob3N0LmNvbYIQKi5zYWZlLmJhaWR1LmNvbYIO Ki5pbS5iYWlkdS5jb22CESouc3NsMi5kdWFwcHMuY29tggwqLmJhaWZhZS5jb22C EiouYmFpZHVjb250ZW50LmNvbYILKi5kbG5lbC5jb22CCyouZGxuZWwub3JnghIq LmR1ZXJvcy5iYWlkdS5jb22CDiouc3UuYmFpZHUuY29tgggqLjkxLmNvbYISKi5o YW8xMjMuYmFpZHUuY29tgg0qLmFwb2xsby5hdXRvghIqLnh1ZXNodS5iYWlkdS5j b22CESouYmouYmFpZHViY2UuY29tghEqLmd6LmJhaWR1YmNlLmNvbYISY2xpY2su aG0uYmFpZHUuY29tghBsb2cuaG0uYmFpZHUuY29tghBjbS5wb3MuYmFpZHUuY29t ghB3bi5wb3MuYmFpZHUuY29tghR1cGRhdGUucGFuLmJhaWR1LmNvbTAdBgNVHSUE FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFEU2rOodiWjhKzkRrSOc 0Vk2i7DMMB8GA1UdIwQYMBaAFJbeYfG9HBYpUxzAzH07gwBA5hp8MIIBBAYKKwYB BAHWeQIEAgSB9QSB8gDwAHYAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16g gw8AAAFiiYpPCgAABAMARzBFAiAbbac6UM3Au0f5IiujWCEPmZR3sYrRrxzc2EB7 NTyu3AIhANaM+Sqpimpbz4r651CIX+hhCywdzLG3JE6zArgyjx2IAHYAu9nfvB+K cbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFiiYpRRAAABAMARzBFAiEAmE6A rGctn/Mm+nP7c3HD9n/sYFe/FJ5n23FkiL2rT9oCIGLJJl1F2sUmA/su4YT7dic5 R733IMJlZic9HQOJoITIMA0GCSqGSIb3DQEBCwUAA4IBAQC57KcI343ViCL8VmrQ A2EAzC/T+ePnTtelSpWshrfpVZPM97kWe+i4CY2sCmtClkXY2rdM7sAJbtnxQ78A FlepduenlaXVyOHZU5hacG5BD4MDz3LtkgU5Q8o8GqfCbnoFBTONPgAdj8OUiizx dtzNoF+C7MpjoCgZO0qrNp2QEbWyjHZnE36OUf8yoy89MNXIDFi50oFCZpHKd47X rgIxcjuWmQqd5waBhyakBf2zlCnguDKj0w8Cy9auX8WYaNEYUuTF4OmPOqICzBd/ pepMzaPDTd3A+xW7Mo6n0vasV/sZI1y2qMrqs7qvItqC0YMJSlxSZ67SnWZjAwgG lxua -----END CERTIFICATE----- subject=C = CN, ST = beijing, L = beijing, OU = service operation department, O = "Beijing Baidu Netcom Science Technology Co., Ltd", CN = baidu.com issuer=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 4137 bytes and written 441 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: 415050DDCFA0D76788B2A26E8A379B087783558EDA8DB8E79EF70DD0E6DE4888 Session-ID-ctx: Master-Key: DC36584FD340F9CB637ABCB2686CB8EC25A748339DCBCC8064B274A679ABF64BD7AE0FA2A52C1DCFFDB12C9C98C02A89 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket: 0000 - 97 c1 44 d2 4b 56 83 ef-77 5f 08 cd 94 15 be ac ..D.KV..w_...... 0010 - ce 1e b0 2b 43 9d 79 08-90 d6 2c df 47 63 1a 00 ...+C.y...,.Gc.. 0020 - 15 43 24 94 43 5e 82 41-25 2c d0 18 1c d9 f5 3a .C$.C^.A%,.....: 0030 - 85 ef d5 93 43 c2 d1 25-48 2c 97 fb 7d b2 22 c6 ....C..%H,..}.". 0040 - 15 80 71 07 fe 0a e0 45-ff d7 4c 5f d3 b6 8e 4d ..q....E..L_...M 0050 - 94 6a 62 f9 93 f6 93 b9-18 ab 40 9c 1d ee 01 e5 .jb.......@..... 0060 - 3b c5 8e 56 49 df 7e c4-6f 3a 68 0a ed ca 2c b4 ;..VI.~.o:h...,. 0070 - 1f b8 1d c9 39 66 ab f8-f5 9c 96 f8 00 07 47 45 ....9f........GE 0080 - ab c6 29 d7 91 a2 78 d1-2a 67 25 d2 5b 1b dc 92 ..)...x.*g%.[... 0090 - 4c cd 0d 36 47 6f 5b 76-e7 44 7b cc 9a 08 20 22 L..6Go[v.D{... " Start Time: 1540532589 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no --- <<< ??? [length 0005] 15 03 03 00 1a <<< TLS 1.2, Alert [length 0002], warning close_notify 01 00 closed >>> ??? [length 0005] 15 03 03 00 1a >>> TLS 1.2, Alert [length 0002], warning close_notify 01 00 #-msg:打印出握手協議信息 #-msgfile:測試的輸出結果保存到文件裏
- 測試支持的協議
[root@localhost ~]# openssl s_client -CAfile /root/cacert.pem -connect www.baidu.com:443 -tls1_2 SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: 593AE9088214B92F0184214C8CF6FC7D273636100521AE9598CA87AB6400E67C Session-ID-ctx: [root@localhost ~]# openssl s_client -CAfile /root/cacert.pem -connect www.baidu.com:443 -tls1_1 SSL-Session: Protocol : TLSv1.1 Cipher : ECDHE-RSA-AES128-SHA Session-ID: ECFAAE748434BC5C16A8274A733307A8B2E28B4834EC57EE8BF10B961FFB0F47 Session-ID-ctx: [root@localhost ~]# openssl s_client -CAfile /root/cacert.pem -connect www.baidu.com:443 -tls1 SSL-Session: Protocol : TLSv1 Cipher : ECDHE-RSA-AES128-SHA Session-ID: 1D388296763561AC5EBA189D6296046FDAE7E821F048ECCC2173EFD9312D0D3D Session-ID-ctx:
- 測試支持的密碼套件
[root@localhost ~]# openssl ciphers -v TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(256) Mac=AEAD RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD PSK-AES256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(256) Mac=AEAD PSK-CHACHA20-POLY1305 TLSv1.2 Kx=PSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(128) Mac=AEAD AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD PSK-AES128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(128) Mac=AEAD AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA384 ECDHE-PSK-AES256-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA1 SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1 SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(256) Mac=SHA1 RSA-PSK-AES256-CBC-SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384 DHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA384 RSA-PSK-AES256-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA1 DHE-PSK-AES256-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 PSK-AES256-CBC-SHA384 TLSv1 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA384 PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1 ECDHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA256 ECDHE-PSK-AES128-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA1 SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(128) Mac=SHA1 SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(128) Mac=SHA1 RSA-PSK-AES128-CBC-SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA256 DHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA256 RSA-PSK-AES128-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA1 DHE-PSK-AES128-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 PSK-AES128-CBC-SHA256 TLSv1 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA256 PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1 [root@localhost ~]# openssl s_client -CAfile /root/cacert.pem -connect www.baidu.com:443 -cipher ECDHE-ECDSA-AES128-SHA256 CONNECTED(00000005) 140378681091904:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1528:SSL alert number 40 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 263 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) ---
- 測試是否支持會話復用
[root@localhost ~]# openssl s_client -CAfile /root/cacert.pem -connect www.baidu.com:443 -reconnect 2>/dev/null |grep -i ‘new\|reused‘
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Reused, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Reused, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Reused, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Reused, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Reused, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
如果支持復用,第二次鏈接就不是 New, 而是 reused 。不支持的復用的話,每次再連接都是 New。
- 顯示證書鏈
[root@localhost ~]# openssl s_client -CAfile /root/cacert.pem -connect www.baidu.com:443 -showcerts- 測試OCSP stapling
[root@localhost ~]# openssl s_client -CAfile /root/cacert.pem -connect www.baidu.com:443 -statusSSL/TLS深度解析--OpenSSL s_client測試子命令