lost and found ( for me ? )

openssl s_client コマンド。

これ使うと、いろいろな ssl ( https , smtps , pops ) など、CLI で確認できるなー。

-port を変えれば OK

smtps なら、-port 465
pop3s なら -port 995

という感じ。


下記は https 接続した結果。
下記の GET / HTTP/1.0 を手動で入力した。
Cipher suite , session id なども表示されるし結構使えそう

-reconnect セッションIDを使用

# openssl s_client -host 127.1 -port 443 -state -prexit -reconnect
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=0 /C=JP/ST=test/L=test/O=test/OU=test/CN=www.example.com
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=JP/ST=test/L=test/O=test/OU=test/CN=www.example.com
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
---
Certificate chain
0 s:/C=JP/ST=test/L=test/O=test/OU=test/CN=www.example.com
i:/C=JP/ST=test/L=test/O=test/OU=test/CN=www.example.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDDTCCAnagAwIBAgIJAMJwWXsMGXqAMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNV
BAYTAkpQMQ0wCwYDVQQIEwR0ZXN0MQ0wCwYDVQQHEwR0ZXN0MQ0wCwYDVQQKEwR0
ZXN0MQ0wCwYDVQQLEwR0ZXN0MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wHhcN
MDkxMjAyMTEyODMxWhcNMTAxMjAyMTEyODMxWjBjMQswCQYDVQQGEwJKUDENMAsG
A1UECBMEdGVzdDENMAsGA1UEBxMEdGVzdDENMAsGA1UEChMEdGVzdDENMAsGA1UE
CxMEdGVzdDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQCxrGpZNmMmtIcg2uLE0yyotpickrJtgX/RxCIVHzeU0F3k
DT3QqvFqUFXo0RxXhZnKuyYfnZ0qnCbZ8sy60SL/+LGh1AGozsNYTlaCNz1EwkTq
TA0KwpzCn09v3p/VtXUrF9tGssuSLeQB/W1wbeIf0dCtjPn0zE01yco68wF6lQID
AQABo4HIMIHFMB0GA1UdDgQWBBRo75XE4Idmihu76PS8FN+vDs/bUzCBlQYDVR0j
BIGNMIGKgBRo75XE4Idmihu76PS8FN+vDs/bU6FnpGUwYzELMAkGA1UEBhMCSlAx
DTALBgNVBAgTBHRlc3QxDTALBgNVBAcTBHRlc3QxDTALBgNVBAoTBHRlc3QxDTAL
BgNVBAsTBHRlc3QxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbYIJAMJwWXsMGXqA
MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAMwsKRdjQktL5Kg3FYTkz
sINfprk28yX68X8TDq4Ly7pJvKbAMexSro095+ki+EZaBMP8EIW3/Tu1RHlHmnQ5
rTwSGhfWbytffbuTvqmT6qvLUOUCk5nHhvZBJbrUnGVSrpQHTLtq9kcdS04tmfDA
RQbY/iN8OaYLXyAoJt/rJkI=
-----END CERTIFICATE-----
subject=/C=JP/ST=test/L=test/O=test/OU=test/CN=www.example.com
issuer=/C=JP/ST=test/L=test/O=test/OU=test/CN=www.example.com
---
No client certificate CA names sent
---
SSL handshake has read 1349 bytes and written 316 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 1888582FCDE7F3A1BF91074509A6C272854C1BDED9CDAA27A04D8F8CB7A688D9
Session-ID-ctx:
Master-Key: 096CF1F0DBC3053A523E538E67158482AFC7CA0C50EAC34B406E59FE8EE8A6484E01DC4D962D3DC1CBB66317984CF150
Key-Arg : None
Krb5 Principal: None
Start Time: 1259778602
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
drop connection and then reconnect
SSL3 alert write:warning:close notify
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read finished A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
---
Reused, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 1888582FCDE7F3A1BF91074509A6C272854C1BDED9CDAA27A04D8F8CB7A688D9
Session-ID-ctx:
Master-Key: 096CF1F0DBC3053A523E538E67158482AFC7CA0C50EAC34B406E59FE8EE8A6484E01DC4D962D3DC1CBB66317984CF150
Key-Arg : None
Krb5 Principal: None
Compression: 1 (zlib compression)
Start Time: 1259778602
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
drop connection and then reconnect
SSL3 alert write:warning:close notify
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read finished A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
---
Reused, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 1888582FCDE7F3A1BF91074509A6C272854C1BDED9CDAA27A04D8F8CB7A688D9
Session-ID-ctx:
Master-Key: 096CF1F0DBC3053A523E538E67158482AFC7CA0C50EAC34B406E59FE8EE8A6484E01DC4D962D3DC1CBB66317984CF150
Key-Arg : None
Krb5 Principal: None
Compression: 1 (zlib compression)
Start Time: 1259778602
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
drop connection and then reconnect
SSL3 alert write:warning:close notify
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read finished A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
---
Reused, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 1888582FCDE7F3A1BF91074509A6C272854C1BDED9CDAA27A04D8F8CB7A688D9
Session-ID-ctx:
Master-Key: 096CF1F0DBC3053A523E538E67158482AFC7CA0C50EAC34B406E59FE8EE8A6484E01DC4D962D3DC1CBB66317984CF150
Key-Arg : None
Krb5 Principal: None
Compression: 1 (zlib compression)
Start Time: 1259778602
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
drop connection and then reconnect
SSL3 alert write:warning:close notify
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read finished A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
---
Reused, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 1888582FCDE7F3A1BF91074509A6C272854C1BDED9CDAA27A04D8F8CB7A688D9
Session-ID-ctx:
Master-Key: 096CF1F0DBC3053A523E538E67158482AFC7CA0C50EAC34B406E59FE8EE8A6484E01DC4D962D3DC1CBB66317984CF150
Key-Arg : None
Krb5 Principal: None
Compression: 1 (zlib compression)
Start Time: 1259778602
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
drop connection and then reconnect
SSL3 alert write:warning:close notify
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read finished A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
---
Reused, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 1888582FCDE7F3A1BF91074509A6C272854C1BDED9CDAA27A04D8F8CB7A688D9
Session-ID-ctx:
Master-Key: 096CF1F0DBC3053A523E538E67158482AFC7CA0C50EAC34B406E59FE8EE8A6484E01DC4D962D3DC1CBB66317984CF150
Key-Arg : None
Krb5 Principal: None
Compression: 1 (zlib compression)
Start Time: 1259778602
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
GET / HTTP/1.0

HTTP/1.1 200 OK
Date: Wed, 02 Dec 2009 18:30:08 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 01 Dec 2009 18:20:06 GMT
ETag: "2a82d-6-ceb3c180"
Accept-Ranges: bytes
Content-Length: 6
Connection: close
Content-Type: text/html; charset=UTF-8
X-Pad: avoid browser bug

hello
SSL3 alert read:warning:close notify
closed
SSL3 alert write:warning:close notify
---
Certificate chain
0 s:/C=JP/ST=test/L=test/O=test/OU=test/CN=www.example.com
i:/C=JP/ST=test/L=test/O=test/OU=test/CN=www.example.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDDTCCAnagAwIBAgIJAMJwWXsMGXqAMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNV
BAYTAkpQMQ0wCwYDVQQIEwR0ZXN0MQ0wCwYDVQQHEwR0ZXN0MQ0wCwYDVQQKEwR0
ZXN0MQ0wCwYDVQQLEwR0ZXN0MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wHhcN
MDkxMjAyMTEyODMxWhcNMTAxMjAyMTEyODMxWjBjMQswCQYDVQQGEwJKUDENMAsG
A1UECBMEdGVzdDENMAsGA1UEBxMEdGVzdDENMAsGA1UEChMEdGVzdDENMAsGA1UE
CxMEdGVzdDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQCxrGpZNmMmtIcg2uLE0yyotpickrJtgX/RxCIVHzeU0F3k
DT3QqvFqUFXo0RxXhZnKuyYfnZ0qnCbZ8sy60SL/+LGh1AGozsNYTlaCNz1EwkTq
TA0KwpzCn09v3p/VtXUrF9tGssuSLeQB/W1wbeIf0dCtjPn0zE01yco68wF6lQID
AQABo4HIMIHFMB0GA1UdDgQWBBRo75XE4Idmihu76PS8FN+vDs/bUzCBlQYDVR0j
BIGNMIGKgBRo75XE4Idmihu76PS8FN+vDs/bU6FnpGUwYzELMAkGA1UEBhMCSlAx
DTALBgNVBAgTBHRlc3QxDTALBgNVBAcTBHRlc3QxDTALBgNVBAoTBHRlc3QxDTAL
BgNVBAsTBHRlc3QxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbYIJAMJwWXsMGXqA
MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAMwsKRdjQktL5Kg3FYTkz
sINfprk28yX68X8TDq4Ly7pJvKbAMexSro095+ki+EZaBMP8EIW3/Tu1RHlHmnQ5
rTwSGhfWbytffbuTvqmT6qvLUOUCk5nHhvZBJbrUnGVSrpQHTLtq9kcdS04tmfDA
RQbY/iN8OaYLXyAoJt/rJkI=
-----END CERTIFICATE-----
subject=/C=JP/ST=test/L=test/O=test/OU=test/CN=www.example.com
issuer=/C=JP/ST=test/L=test/O=test/OU=test/CN=www.example.com
---
No client certificate CA names sent
---
SSL handshake has read 489 bytes and written 379 bytes
---
Reused, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 1888582FCDE7F3A1BF91074509A6C272854C1BDED9CDAA27A04D8F8CB7A688D9
Session-ID-ctx:
Master-Key: 096CF1F0DBC3053A523E538E67158482AFC7CA0C50EAC34B406E59FE8EE8A6484E01DC4D962D3DC1CBB66317984CF150
Key-Arg : None
Krb5 Principal: None
Compression: 1 (zlib compression)
Start Time: 1259778602
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
#

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.