openssl s_client is a SSL/TLS client program can be used to test TLS server connectivity, check server certificate.
Blog
CAS
python-casFlaskExample
django-cas-ngExample
AComparisonofDjangoCASclients
IntegratewithDjangoadminsite
CASSingleLogout(SLO)
CASHistory
CAS101
django-cas-ngReleases
python-casRelease1.5.0
django-cas-ngRelease4.0.0
django-cas-ngRelease3.6.0
django-cas-ngRelease3.5.0
Security
ECDSAsignatureverifyinkotlinandGo
TestTLSConnectivitywithOpenSSLCommandLine
RunningaDoHClienttoencryptallhomeDNStraffic
Python
Pythonunicodestringlowercaseandcaselessmatch
Azure
AzureChangeAppServiceHTTPPingURLandInterval
AzurefunctionDidnotfindanyinitializedlanguageworkers
AddgitcommittodockerimagetaginAzurepipeline
PassvarinAzurepipeline
AzureWALinuxAgentBackdoor
OAuth2
OAuth2101
Posts
Sphinx-doc101
NGINXReverseProxy
Splunk
Splunk!=vs.NOT
InstallSplunkandForwarderonLinux
Docker
Dockercontainertoconnectlocalhostofhost
Git
SetupaGitServeroverSSH
Gitquickreference
Go
OrganizeGoProject
Linux
TroubleshootingProtonVPNLinuxcliEnableIPv6LeakProtectionError:UnabletoaddIPv6leakprotectionconnection/interface
LinuxSO_BINDTODEVICEandmacIP_BOUND_IFtobindsockettoanetworkinterface
core_name_formatNosuchfileordirectory
tcp_tw_recycleNosuchfileordirectory
HugeimproveTCPperformancebyBBR
SecureSquidProxyServer
ConfigureDebianstartupservices
npm
npmpublish
PostgreSQL
PostgreSQLminicookbook:Performancetuning,debuggingandtesting
PostgreSQLminicookbook:Dealingwiththesystemtables
PostgreSQLminicookbook:Constrainingyourdata
PostgreSQLminicookbook:ControllingAccesstoyourdata
PostgreSQLminicookbook:advancedquerytricks
PostgreSQLminicookbook:Automatingprocesses
PostgreSQLminicookbook:aggregatequerytricks
PostgreSQLminicookbook:basicquerytricks
psql101
Rails
Find3rdpartygemsglobalvariablesinruby
CustomRailsloggertouseAzureapplicationinsights
RaspberryPi
RundockeronRaspberryPi
Upgradejessietobuster
Android
AndroidOkHttpchangeUser-Agentheader
WeirdAndroidjunittestfailurejava.lang.NoClassDefFoundError:android/content/Context
Hugo
CustomhugoRSStemplate
Hugotroubleshooting:executeoftemplatefailed:can'tgiveargumenttonon-function
hugo-page-lastmod
RSS
TestTLSConnectivitywithOpenSSLCommandLine
UseOpenSSLcommandlinetotestTLSserverconnectivity,checkservercertificate.
December13,2020
Introduction
SampleUsage
Use-connect:toconnecttoaTLSserver
Use-showcertstoshowallcertificatesinthechain:
Use-tls1_2TLS1.2only:
Extractservercertificate
Sampleerrorwhenconnecttonon-TLSserver
References
Introduction
openssls_clientisaSSL/TLSclientprogramcanbeusedtotestTLSserverconnectivity,checkservercertificate.
usage:s_clientargs
-4-ForceIPv4
-6-ForceIPv6
-hosthost-use-connectinstead
-portport-use-connectinstead
-connecthost:port-whotoconnectto(defaultislocalhost:4433)
-proxyhost:port-connecttohttpproxy
-verifyarg-turnonpeercertificateverification
-certarg-certificatefiletouse,PEMformatassumed
-certformarg-certificateformat(PEMorDER)PEMdefault
-keyarg-Privatekeyfiletouse,incertfileif
notspecifiedbutcertfileis.
-keyformarg-keyformat(PEMorDER)PEMdefault
-passarg-privatekeyfilepassphrasesource
-CApatharg-PEMformatdirectoryofCA's
-CAfilearg-PEMformatfileofCA's
-reconnect-Dropandre-maketheconnectionwiththesameSession-ID
-pause-sleep(1)aftereachread(2)andwrite(2)systemcall
-showcerts-showallcertificatesinthechain
-debug-extraoutput
-msg-Showprotocolmessages
-nbio_test-moresslprotocoltesting
-state-printthe'ssl'states
-nbio-Runwithnon-blockingIO
-crlf-convertLFfromterminalintoCRLF
-quiet-nos_clientoutput
-ign_eof-ignoreinputeof(defaultwhen-quiet)
-no_ign_eof-don'tignoreinputeof
-tls1_2-justuseTLSv1.2
-tls1_1-justuseTLSv1.1
-tls1-justuseTLSv1
-dtls1-justuseDTLSv1
-mtu-setthelinklayerMTU
-no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2-turnoffthatprotocol
-bugs-SwitchonallSSLimplementationbugworkarounds
-cipher-preferredciphertouse,usethe'opensslciphers'
commandtoseewhatisavailable
-starttlsprot-usetheSTARTTLScommandbeforestartingTLS
forthoseprotocolsthatsupportit,where
'prot'defineswhichonetoassume.Currently,
only"smtp","lmtp","pop3","imap","ftp"and"xmpp"
aresupported.
-xmpphosthost-connecttothisvirtualhostonthexmppserver
-sess_outarg-filetowriteSSLsessionto
-sess_inarg-filetoreadSSLsessionfrom
-servernamehost-SetTLSextensionservernameinClientHello
-tlsextdebug-hexdumpofallTLSextensionsreceived
-status-requestcertificatestatusfromserver
-no_ticket-disableuseofRFC4507bissessiontickets
-alpnarg-enableALPNextension,consideringnamedprotocolssupported(comma-separatedlist)
-groupsarg-specifyECcurvegroups(colon-separatedlist)
-use_srtpprofiles-OfferSRTPkeymanagementwithacolon-separatedprofilelist
-keymatexportlabel-Exportkeyingmaterialusinglabel
-keymatexportlenlen-Exportlenbytesofkeyingmaterial(default20)
SampleUsage
Use-connect:toconnecttoaTLSserver
$openssls_client-connectwww.google.com:443
CONNECTED(00000005)
depth=2OU=GlobalSignRootCA-R2,O=GlobalSign,CN=GlobalSign
verifyreturn:1
depth=1C=US,O=GoogleTrustServices,CN=GTSCA1O1
verifyreturn:1
depth=0C=US,ST=California,L=MountainView,O=GoogleLLC,CN=www.google.com
verifyreturn:1
---
Certificatechain
0s:/C=US/ST=California/L=MountainView/O=GoogleLLC/CN=www.google.com
i:/C=US/O=GoogleTrustServices/CN=GTSCA1O1
1s:/C=US/O=GoogleTrustServices/CN=GTSCA1O1
i:/OU=GlobalSignRootCA-R2/O=GlobalSign/CN=GlobalSign
---
Servercertificate
-----BEGINCERTIFICATE-----
MIIFkzCCBHugAwIBAgIQUvtF6bzAHyEDAAAAAMMjOTANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMw
EQYDVQQDEwpHVFMgQ0EgMU8xMB4XDTIwMTIxNTE0MzYxNVoXDTIxMDMwOTE0MzYx
NFowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcT
DU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxFzAVBgNVBAMTDnd3
dy5nb29nbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPmk
rg4JZBqxukAqXcsIyoQ7EfkoYZooKy9OGOk0FsbA662QAhRvLyScRnAaKLeT/s1p
lOzLIguQKCl8GkrNJRWjhhG9G95IWGOCuOxjdvRWF5RADpIPbapGAH0awFsO9hlg
VzxsuZC+hHOrAVvUAI5x7tYhz6SYMjsbj0BUz2WzEnSXonY85Zy825rFBjpfJf69
CGJpCx1+T4w7USP7GqsdpI8kNSHfFSbt7Z8U5mdn4LG7tvaMS/oVlcE2P5O09lDT
Yz1+MlxIeQnzSFt0R9S2Xrbv6oNuEdzoqKFXEHcQ+SDcf4Kb5ghpPezjiufwtotR
/gwqXHrMLTZ3lzsMzQIDAQABo4ICXTCCAlkwDgYDVR0PAQH/BAQDAgWgMBMGA1Ud
JQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGfXwgDfHBsH
oA7W51LPuYfBeHI0MB8GA1UdIwQYMBaAFJjR+G4Q68+b7GCfGJAboOt9Cf0rMGgG
CCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAYYfaHR0cDovL29jc3AucGtpLmdvb2cv
Z3RzMW8xY29yZTArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nL2dzcjIvR1RT
MU8xLmNydDAZBgNVHREEEjAQgg53d3cuZ29vZ2xlLmNvbTAhBgNVHSAEGjAYMAgG
BmeBDAECAjAMBgorBgEEAdZ5AgUDMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9j
cmwucGtpLmdvb2cvR1RTMU8xY29yZS5jcmwwggEFBgorBgEEAdZ5AgQCBIH2BIHz
APEAdgD2XJQv0XcwIhRUGAgwlFaO400TGTO/3wwvIAvMTvFk4wAAAXZnC4CJAAAE
AwBHMEUCIERZyIP0GBfWUDPpmMCMVYBgpSKpIQuqnsFo2MoRHDWsAiEA/+nQTy9E
sKLKfzDABLRUz/P+TZGGjM7UVQjtWe/+s+sAdwBc3EOS/uarRUSxXprUVuYQN/vV
+kfcoXOUsl7m9scOygAAAXZnC4C7AAAEAwBIMEYCIQCPyfB8H0em1gHv8QQeF4zN
Hkfv47lQjNsszABWeYXfwwIhAKngHPHb1UKDE3LMF6FYEdsGOK63kdIfUuyWLX0A
UYszMA0GCSqGSIb3DQEBCwUAA4IBAQAbkVw9feVP0maVCLVO/TKFBQWgcQTHtJGI
k2YTSZCSwLYe7Xboae5t6inwKu0yB+bYqUC2itFpv7BCsZv4rPOH6zBHHH2CSlZB
1XI40WrnPwGMr3P1aR2dsUw1gDEXFwgXdFbL/u/9WUjeUogQULSFxqJXrYB693az
96FCwtoSg3+WC5IcEJElDEE0kgS8o5ZyJ4GLmLBYsWcMkbx80/pDf71ylBts63e0
u5k2sQuBcNhIGaRIFmP9SHYXyTtSlaB84RwThgkhr40S3QZWDNiqht2WnM65UHUR
CVEiml3bIKMz+fLaOgroFKQy8uBw7tei+gzbbqqyJbicdgcSDgd3
-----ENDCERTIFICATE-----
subject=/C=US/ST=California/L=MountainView/O=GoogleLLC/CN=www.google.com
issuer=/C=US/O=GoogleTrustServices/CN=GTSCA1O1
---
NoclientcertificateCAnamessent
ServerTempKey:ECDH,X25519,253bits
---
SSLhandshakehasread3208bytesandwritten281bytes
---
New,TLSv1/SSLv3,CipherisECDHE-RSA-CHACHA20-POLY1305
Serverpublickeyis2048bit
SecureRenegotiationISsupported
Compression:NONE
Expansion:NONE
NoALPNnegotiated
SSL-Session:
Protocol:TLSv1.2
Cipher:ECDHE-RSA-CHACHA20-POLY1305
Session-ID:EDF30CC8709D2A7E5930E21DF4FC95B10C0438A6BBB64D550C975936B1B2E7B7
Session-ID-ctx:
Master-Key:6C731ACB4248F67690838BE615E945E8D7CDD418794C54F5E33BF7487939EDC0C13DBED09DEC2A95F093F63713250762
TLSsessionticketlifetimehint:100800(seconds)
TLSsessionticket:
0000-0156db77af6f7983-c8d1362b85d6e415.V.w.oy...6+....
0010-254e5625b71b2b3a-18a85b4a9d7b825b%NV%..+:..[J.{.[
0020-2873447ea574127d-635639027e749c11(sD~.t.}cV9.~t..
0030-cfc9d3a2b0c74226-1b05ba700bf01678......B&...p...x
0040-d0838cbd493cb3f5-e749e821ab3c469d....I<...i.>.Eeq.
0070-76c186fa85d01740-489f330364ad7683[email protected]
0080-d50acf742f713d6b-4dbe55089fa8879b...t/q=kM.U.....
0090-03180e9e99bcd5d6-b81c95d45527b300............U'..
00a0-a82d83c21dee493e-06a9986714687eac.-....I>...g.h~.
00b0-dd9585554e56b888-e271988dc493e965...UNV...q.....e
00c0-310eb79a87bd909d-dc8ee5d26a3416531...........j4.S
00d0-dd71d37062d7b643-81963fb97b.q.pb..C..?.{
StartTime:1610932834
Timeout:7200(sec)
Verifyreturncode:0(ok)
---
GET/HTTP/1.1
HTTP/1.1200OK
Date:Mon,18Jan202101:20:39GMT
Use-showcertstoshowallcertificatesinthechain:
$openssls_client-connectdns.google:853-showcerts
CONNECTED(00000006)
depth=2OU=GlobalSignRootCA-R2,O=GlobalSign,CN=GlobalSign
verifyreturn:1
depth=1C=US,O=GoogleTrustServices,CN=GTSCA1O1
verifyreturn:1
depth=0C=US,ST=California,L=MountainView,O=GoogleLLC,CN=dns.google
verifyreturn:1
---
Certificatechain
0s:/C=US/ST=California/L=MountainView/O=GoogleLLC/CN=dns.google
i:/C=US/O=GoogleTrustServices/CN=GTSCA1O1
-----BEGINCERTIFICATE-----
MIIGIjCCBQqgAwIBAgIRAJTRUTehSoT8AwAAAADDI0EwDQYJKoZIhvcNAQELBQAw
QjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET
MBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMDEyMTUxNDM2MjZaFw0yMTAzMDkxNDM2
MjVaMGQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRMwEQYDVQQDEwpk
bnMuZ29vZ2xlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/ulxhYN
FowGZ+8VIk8eIWsj/tHekcfTtmtIP9KgdhyXlmXXlntHx330XiX9UfCSfbnu3UP5
Za/BM8rRm+3yVCsi0QVU+mey35hLLdBaKvdmrTQkYIdVhHDWGQN8C1f6UGq8nNPN
X7HLyxxXa03vEpLvtaSzULVprYfppGlqDLvUqqVbF9loTtZp6sdtPYAM0j8O71SK
DnUCdMu3WGPEhK2ImyUdk6Oq+CFueRNLbBL6Lfkd1NWLyebpbKQcMNmSbQfphZga
4WXmfhXWF5Vblyn4FBxarw96O1FDX/jUdOFbKRfR0GxvhS5Qt+dPEhom52JdTth6
dfLtmbvdnqPcAwIDAQABo4IC7zCCAuswDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQM
MAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJrgW406vF0JgE8F
CJd5Cgc1/RDOMB8GA1UdIwQYMBaAFJjR+G4Q68+b7GCfGJAboOt9Cf0rMGgGCCsG
AQUFBwEBBFwwWjArBggrBgEFBQcwAYYfaHR0cDovL29jc3AucGtpLmdvb2cvZ3Rz
MW8xY29yZTArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nL2dzcjIvR1RTMU8x
LmNydDCBrAYDVR0RBIGkMIGhggpkbnMuZ29vZ2xlghAqLmRucy5nb29nbGUuY29t
ggs4ODg4Lmdvb2dsZYIOZG5zLmdvb2dsZS5jb22CEGRuczY0LmRucy5nb29nbGWH
ECABSGBIYAAAAAAAAAAAAGSHECABSGBIYAAAAAAAAAAAZGSHECABSGBIYAAAAAAA
AAAAiESHECABSGBIYAAAAAAAAAAAiIiHBAgIBASHBAgICAgwIQYDVR0gBBowGDAI
BgZngQwBAgIwDAYKKwYBBAHWeQIFAzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8v
Y3JsLnBraS5nb29nL0dUUzFPMWNvcmUuY3JsMIIBAwYKKwYBBAHWeQIEAgSB9ASB
8QDvAHUA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF2ZwuscwAA
BAMARjBEAiAWqt7W7bSnzvbUwayFoEbGWagFR2K+itqZCW5NF4WG2AIgJ38Z6+ZF
eCnzIrOcZejKC/uj095tb1fIhhALpfNJEMIAdgCUILwejtWNbIhzH4KLIiwN0dpN
XmxPlD1h204vWE2iwgAAAXZnC6x9AAAEAwBHMEUCIQC/+FJmLcs2ijzNDaw8spRE
y5+9x53+ZzSUS55Dvun5GQIgV7cuRxpIdZ80U4d4B8zXliMiCMX2ppZ11R2Yof27
/5cwDQYJKoZIhvcNAQELBQADggEBADuBZ8NVva0NDcVcBDsy571lS/05TbHvq9u4
xzbqIwEjrX8LhJpEs9n/ZNcClzS63laDGSB8NtOLy1X4BIUoQXOBZ59Nhm43bJCO
ObwlZVOJvU8tQ3RajQeJ6vvBQEFtbTxPAphjrPWcrmt5Rn4nIToHRApd8SPgBAXo
e+T9S2MKFJh7M18VcSUpi8qUphwKoc3w1AMcZnrbM2WE6xdY/7H48pVijdNgyMau
VwAMTKh7a2fEs6/jAZHWbAnjtQQc3ltOWZO/h7MbG38TKbvTud8+JZQdcwCM5cS5
MnwzXvYoyKQEc4sHj9scMKnXyM9Cgbqh0wGH0eaIscCNIu7ULeU=
-----ENDCERTIFICATE-----
1s:/C=US/O=GoogleTrustServices/CN=GTSCA1O1
i:/OU=GlobalSignRootCA-R2/O=GlobalSign/CN=GlobalSign
-----BEGINCERTIFICATE-----
MIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAw
HgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs
U2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy
MTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg
U2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnv
UA0Qk28FgICfKqC9EksC4T2fWBYk/jCfC3R3VZMdS/dN4ZKCEPZRrAzDsiKUDzRr
mBBJ5wudgzndIMYcLe/RGGFl5yODIKgjEv/SJH/UL+dEaltN11BmsK+eQmMF++Ac
xGNhr59qM/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmK
FsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7X
rJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNV
HQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1Ud
EwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8G
A1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYuMDUGCCsGAQUFBwEBBCkwJzAl
BggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzAp
MCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0g
BDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9y
ZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7H
TgiZ/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoN
FvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ/XteDSGU9YzJqPjY8q3MDxrz
mqepBCf5o8mw/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wW
IRdAvKLWZu/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZ
USpxu6x6td0V7SvJCCosirSmIatj/9dSSVDQibet8q/7UK4v4ZUN80atnZz1yg==
-----ENDCERTIFICATE-----
---
Servercertificate
subject=/C=US/ST=California/L=MountainView/O=GoogleLLC/CN=dns.google
issuer=/C=US/O=GoogleTrustServices/CN=GTSCA1O1
---
NoclientcertificateCAnamessent
ServerTempKey:ECDH,X25519,253bits
---
SSLhandshakehasread3351bytesandwritten281bytes
---
New,TLSv1/SSLv3,CipherisECDHE-RSA-CHACHA20-POLY1305
Serverpublickeyis2048bit
SecureRenegotiationISsupported
Compression:NONE
Expansion:NONE
NoALPNnegotiated
SSL-Session:
Protocol:TLSv1.2
Cipher:ECDHE-RSA-CHACHA20-POLY1305
Session-ID:47BCFDC6F09F1C08656913CAB4851B105FC0366BBDA0469857CF32491EE2459E
Session-ID-ctx:
Master-Key:709A838FB4591838009662B8444D0392728187586EF01A5308004512FA9A78D94FB6A390C136EB772E7AB4B6D5C02801
TLSsessionticketlifetimehint:100800(seconds)
TLSsessionticket:
0000-0167b101e75c5642-e225d667473f8faf.g...\VB.%.gG?..
0010-0879f0bed4873a6b-3babf3a8011511ce.y....:k;.......
0020-f5f6db3f2d8af335-281cb16a457aa84b...?-..5(..jEz.K
0030-839492809893656d-454b67e0e8b6423b......emEKg...B;
0040-ab67b2a34f39a48a-7907a524aedae593.g..O9..y..$....
0050-62d6ec48efda9bb1-4a2140ac9a79baf4[email protected]
0060-77627e6f0ba6df32-21e00555263e1a6ewb~o...2!..U&>.n
0070-2a270fdf93e24ba2-6fd64fc1a5452c9e*'....K.o.O..E,.
0080-1e2770b102c76ca5-7c2aeb5d8780b8c9.'p...l.|*.]....
0090-7ed086f42ade5a5b-f4858edb5b8a2768~...*.Z[....[.'h
00a0-4af6487ad7d79d7e-4407a946f8ec3893J.Hz...~D..F..8.
00b0-2392b4d0b6d82cac-46ad124b59318e6a#.....,.F..KY1.j
00c0-8e2c4dad392f6733-2b4046ad2762ba25.,M.9/[email protected]'b.%
00d0-2f5260a4747198d0-f76d3ddb65/R`.tq...m=.e
StartTime:1610933223
Timeout:7200(sec)
Verifyreturncode:0(ok)
---
Use-tls1_2TLS1.2only:
$openssls_client-connectdns.google:853-tls1_2
CONNECTED(00000006)
depth=2OU=GlobalSignRootCA-R2,O=GlobalSign,CN=GlobalSign
verifyreturn:1
depth=1C=US,O=GoogleTrustServices,CN=GTSCA1O1
verifyreturn:1
depth=0C=US,ST=California,L=MountainView,O=GoogleLLC,CN=dns.google
verifyreturn:1
---
Certificatechain
0s:/C=US/ST=California/L=MountainView/O=GoogleLLC/CN=dns.google
i:/C=US/O=GoogleTrustServices/CN=GTSCA1O1
1s:/C=US/O=GoogleTrustServices/CN=GTSCA1O1
i:/OU=GlobalSignRootCA-R2/O=GlobalSign/CN=GlobalSign
---
Servercertificate
-----BEGINCERTIFICATE-----
MIIGIjCCBQqgAwIBAgIRAJTRUTehSoT8AwAAAADDI0EwDQYJKoZIhvcNAQELBQAw
QjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET
MBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMDEyMTUxNDM2MjZaFw0yMTAzMDkxNDM2
MjVaMGQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRMwEQYDVQQDEwpk
bnMuZ29vZ2xlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/ulxhYN
FowGZ+8VIk8eIWsj/tHekcfTtmtIP9KgdhyXlmXXlntHx330XiX9UfCSfbnu3UP5
Za/BM8rRm+3yVCsi0QVU+mey35hLLdBaKvdmrTQkYIdVhHDWGQN8C1f6UGq8nNPN
X7HLyxxXa03vEpLvtaSzULVprYfppGlqDLvUqqVbF9loTtZp6sdtPYAM0j8O71SK
DnUCdMu3WGPEhK2ImyUdk6Oq+CFueRNLbBL6Lfkd1NWLyebpbKQcMNmSbQfphZga
4WXmfhXWF5Vblyn4FBxarw96O1FDX/jUdOFbKRfR0GxvhS5Qt+dPEhom52JdTth6
dfLtmbvdnqPcAwIDAQABo4IC7zCCAuswDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQM
MAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJrgW406vF0JgE8F
CJd5Cgc1/RDOMB8GA1UdIwQYMBaAFJjR+G4Q68+b7GCfGJAboOt9Cf0rMGgGCCsG
AQUFBwEBBFwwWjArBggrBgEFBQcwAYYfaHR0cDovL29jc3AucGtpLmdvb2cvZ3Rz
MW8xY29yZTArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nL2dzcjIvR1RTMU8x
LmNydDCBrAYDVR0RBIGkMIGhggpkbnMuZ29vZ2xlghAqLmRucy5nb29nbGUuY29t
ggs4ODg4Lmdvb2dsZYIOZG5zLmdvb2dsZS5jb22CEGRuczY0LmRucy5nb29nbGWH
ECABSGBIYAAAAAAAAAAAAGSHECABSGBIYAAAAAAAAAAAZGSHECABSGBIYAAAAAAA
AAAAiESHECABSGBIYAAAAAAAAAAAiIiHBAgIBASHBAgICAgwIQYDVR0gBBowGDAI
BgZngQwBAgIwDAYKKwYBBAHWeQIFAzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8v
Y3JsLnBraS5nb29nL0dUUzFPMWNvcmUuY3JsMIIBAwYKKwYBBAHWeQIEAgSB9ASB
8QDvAHUA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF2ZwuscwAA
BAMARjBEAiAWqt7W7bSnzvbUwayFoEbGWagFR2K+itqZCW5NF4WG2AIgJ38Z6+ZF
eCnzIrOcZejKC/uj095tb1fIhhALpfNJEMIAdgCUILwejtWNbIhzH4KLIiwN0dpN
XmxPlD1h204vWE2iwgAAAXZnC6x9AAAEAwBHMEUCIQC/+FJmLcs2ijzNDaw8spRE
y5+9x53+ZzSUS55Dvun5GQIgV7cuRxpIdZ80U4d4B8zXliMiCMX2ppZ11R2Yof27
/5cwDQYJKoZIhvcNAQELBQADggEBADuBZ8NVva0NDcVcBDsy571lS/05TbHvq9u4
xzbqIwEjrX8LhJpEs9n/ZNcClzS63laDGSB8NtOLy1X4BIUoQXOBZ59Nhm43bJCO
ObwlZVOJvU8tQ3RajQeJ6vvBQEFtbTxPAphjrPWcrmt5Rn4nIToHRApd8SPgBAXo
e+T9S2MKFJh7M18VcSUpi8qUphwKoc3w1AMcZnrbM2WE6xdY/7H48pVijdNgyMau
VwAMTKh7a2fEs6/jAZHWbAnjtQQc3ltOWZO/h7MbG38TKbvTud8+JZQdcwCM5cS5
MnwzXvYoyKQEc4sHj9scMKnXyM9Cgbqh0wGH0eaIscCNIu7ULeU=
-----ENDCERTIFICATE-----
subject=/C=US/ST=California/L=MountainView/O=GoogleLLC/CN=dns.google
issuer=/C=US/O=GoogleTrustServices/CN=GTSCA1O1
---
NoclientcertificateCAnamessent
ServerTempKey:ECDH,X25519,253bits
---
SSLhandshakehasread3351bytesandwritten281bytes
---
New,TLSv1/SSLv3,CipherisECDHE-RSA-CHACHA20-POLY1305
Serverpublickeyis2048bit
SecureRenegotiationISsupported
Compression:NONE
Expansion:NONE
NoALPNnegotiated
SSL-Session:
Protocol:TLSv1.2
Cipher:ECDHE-RSA-CHACHA20-POLY1305
Session-ID:CC4A9A166E0DCF512A3206AC219AEFEB0496CBF05FB2EED933CB0AA942DACDD5
Session-ID-ctx:
Master-Key:D930863734390E930804BC6818721FFD2416246EA08F7EF4060D2D45FAD6B66640BC2579B56EA3E3C9033DE556FC123E
TLSsessionticketlifetimehint:100799(seconds)
TLSsessionticket:
0000-0156db77af6f7983-c8d1362b85d6e415.V.w.oy...6+....
0010-333f32e090c32414-8299164f2a5ef9e73?2...$....O*^..
0020-d030fb52600c16f3-5b727eca82f3662b.0.R`...[r~...f+
0030-4e4d18ed2ced9639-47617f24df175c32NM..,..9Ga.$..\2
0040-92f5072bed9b1967-05c0c2e8895118dc...+...g.....Q..
0050-f42e67686418b2cb-cf20ca0c1a3b9660..ghd.......;.`
0060-394d51b790ba6e4d-6e3634d5a6fe5e569MQ...nMn64...^V
0070-2f7dbf12c622596a-7c9179a66a2559dd/}..."Yj|.y.j%Y.
0080-ceb14325e2dcca90-f49947070bebfbd8..C%......G.....
0090-7e3a2a3d77fd9ad1-c1a83e7d6a67781e~:*=w.....>}jgx.
00a0-dcd9ef52207be910-a9ab66c6c1a2dedd...R{....f.....
00b0-53670d56171bd86f-202ccfe8b97726f5Sg.V...o,...w&.
00c0-52ce7dd57187604e-b876cb3c471e71b0R.}.q.`N.v.cert.pem
$catcert.pem
-----BEGINCERTIFICATE-----
MIIG1TCCBb2gAwIBAgIQD74IsIVNBXOKsMzhya/uyTANBgkqhkiG9w0BAQsFADBP
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQ...
vUzLnF7QYsJhvYtaYrZ2MLxGD+NFI8BkXw==
-----ENDCERTIFICATE-----
Sampleerrorwhenconnecttonon-TLSserver
$openssls_client-connectgoogle.com:80
CONNECTED(00000005)
4436717228:error:1400410B:SSLroutines:CONNECT_CR_SRVR_HELLO:wrongversionnumber:/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-56.60.2/libressl-2.8/ssl/ssl_pkt.c:386:
---
nopeercertificateavailable
---
NoclientcertificateCAnamessent
---
SSLhandshakehasread5bytesandwritten0bytes
---
New,(NONE),Cipheris(NONE)
SecureRenegotiationISNOTsupported
Compression:NONE
Expansion:NONE
NoALPNnegotiated
SSL-Session:
Protocol:TLSv1.2
Cipher:0000
Session-ID:
Session-ID-ctx:
Master-Key:
StartTime:1610933751
Timeout:7200(sec)
Verifyreturncode:0(ok)
---
References
manpage:openssl-s_client
Feedback
Wasthispagehelpful?
Yes
No
Gladtohearit!
Sorrytohearthat.
←Previous
Next→