====Comment ça marche ?====
J'ai trouvé 3 documents qui je trouve présente bien notre affaire. C'est détaillé plutôt dans le contenu des trames.

[[http://wiki.linuxwall.info/doku.php/fr:ressources:dossiers:ssl_pki:1_les_bases|1. Principes du chiffrement avec le protocole SSL_TLS]], {{ :doc:web:tls:1._principes_du_chiffrement_avec_le_protocole_ssl_tls_linuxwall.info_wiki_2019-10-15_22_44_00_.html |Archive du 16/03/2011 le 15/10/2019}}

[[http://lacl.u-pec.fr/cegielski/sec/ch4.pdf|En plus poussé avec des dump Wireshark]], {{ doc:web:tls:ch4.pdf |Archive}}

[[https://www.druid.es/content/decrypter-du-ssl|Décrypter du SSL _ Druides]] (quand on connait la clé privée), {{ :doc:web:tls:druides_2019-10-15_22_44_18_.html |Archive du 01/2015 le 15/10/2019}}

Voir aussi les implémentations dans la partie [[helloworld:securite:hash|hash]].

=====OpenSSL=====
====Suites cryptographiques (cipher) supportées par un serveur====
Ce script teste toutes les suites cryptographiques connues par ''openssl'' sur le poste client et donne le résultat de la communication avec le serveur distant.

[[https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers|security - How do I list the SSL_TLS cipher suites a particular website offers_ - Super User]], {{ :doc:web:tls:security_-_how_do_i_list_the_ssl_tls_cipher_suites_a_particular_website_offers_-_super_user_2019-10-15_22_43_44_.html |Archive du 15/02/2010 le 15/10/2019}}

Paramètre 1 : l'adresse IP (ou le nom de domaine), Paramètre 2 : le port (443)

<file cipher.sh bash>
#!/usr/bin/env bash

# OpenSSL requires the port number.
SERVER=$1:$2
DELAY=1
ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g')

echo Obtaining cipher list from $(openssl version).

for cipher in ${ciphers[@]}
do
echo -n Testing $cipher...
result=$(echo -n | openssl s_client -cipher "$cipher" -connect $SERVER 2>&1)
if [[ "$result" =~ ":error:" ]] ; then
  error=$(echo -n $result | cut -d':' -f6)
  echo NO \($error\)
else
  if [[ "$result" =~ "Cipher is ${cipher}" || "$result" =~ "Cipher    :" ]] ; then
    echo YES
  else
    echo UNKNOWN RESPONSE
    echo $result
  fi
fi
sleep $DELAY
done
</file>

Exemple avec ''google.fr:443'' :

<code>
Obtaining cipher list from OpenSSL 1.0.2l 25 May 2017.
Testing ECDHE-RSA-AES256-GCM-SHA384...YES
Testing ECDHE-ECDSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES256-SHA384...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES256-SHA384...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES256-SHA...YES
Testing ECDHE-ECDSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing SRP-DSS-AES-256-CBC-SHA...NO (no ciphers available)
Testing SRP-RSA-AES-256-CBC-SHA...NO (no ciphers available)
Testing SRP-AES-256-CBC-SHA...NO (no ciphers available)
Testing DH-DSS-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing DH-RSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES256-SHA256...NO (sslv3 alert handshake failure)
Testing DH-RSA-AES256-SHA256...NO (sslv3 alert handshake failure)
Testing DH-DSS-AES256-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DH-RSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DH-DSS-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing DH-RSA-CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing DH-DSS-CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-AES256-SHA...NO (sslv3 alert handshake failure)
Testing ADH-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ADH-AES256-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-AES256-SHA...NO (sslv3 alert handshake failure)
Testing ADH-CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES256-SHA384...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES256-SHA384...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing AES256-GCM-SHA384...YES
Testing AES256-SHA256...NO (sslv3 alert handshake failure)
Testing AES256-SHA...YES
Testing CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing PSK-AES256-CBC-SHA...NO (no ciphers available)
Testing ECDHE-RSA-AES128-GCM-SHA256...YES
Testing ECDHE-ECDSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES128-SHA...YES
Testing ECDHE-ECDSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing SRP-DSS-AES-128-CBC-SHA...NO (no ciphers available)
Testing SRP-RSA-AES-128-CBC-SHA...NO (no ciphers available)
Testing SRP-AES-128-CBC-SHA...NO (no ciphers available)
Testing DH-DSS-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing DH-RSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing DH-RSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing DH-DSS-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DH-RSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DH-DSS-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-SEED-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-SEED-SHA...NO (sslv3 alert handshake failure)
Testing DH-RSA-SEED-SHA...NO (sslv3 alert handshake failure)
Testing DH-DSS-SEED-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing DH-RSA-CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing DH-DSS-CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-AES128-SHA...NO (sslv3 alert handshake failure)
Testing ADH-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-AES128-SHA...NO (sslv3 alert handshake failure)
Testing ADH-SEED-SHA...NO (sslv3 alert handshake failure)
Testing ADH-CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing AES128-GCM-SHA256...YES
Testing AES128-SHA256...NO (sslv3 alert handshake failure)
Testing AES128-SHA...YES
Testing SEED-SHA...NO (sslv3 alert handshake failure)
Testing CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing IDEA-CBC-SHA...NO (sslv3 alert handshake failure)
Testing PSK-AES128-CBC-SHA...NO (no ciphers available)
Testing KRB5-IDEA-CBC-SHA...NO (no ciphers available)
Testing KRB5-IDEA-CBC-MD5...NO (no ciphers available)
Testing ECDHE-RSA-RC4-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-RC4-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-RC4-SHA...NO (sslv3 alert handshake failure)
Testing ADH-RC4-MD5...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-RC4-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-RC4-SHA...NO (sslv3 alert handshake failure)
Testing RC4-SHA...NO (sslv3 alert handshake failure)
Testing RC4-MD5...NO (sslv3 alert handshake failure)
Testing PSK-RC4-SHA...NO (no ciphers available)
Testing KRB5-RC4-SHA...NO (no ciphers available)
Testing KRB5-RC4-MD5...NO (no ciphers available)
Testing ECDHE-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing SRP-DSS-3DES-EDE-CBC-SHA...NO (no ciphers available)
Testing SRP-RSA-3DES-EDE-CBC-SHA...NO (no ciphers available)
Testing SRP-3DES-EDE-CBC-SHA...NO (no ciphers available)
Testing EDH-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing EDH-DSS-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing DH-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing DH-DSS-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ADH-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing DES-CBC3-SHA...YES
Testing PSK-3DES-EDE-CBC-SHA...NO (no ciphers available)
Testing KRB5-DES-CBC3-SHA...NO (no ciphers available)
Testing KRB5-DES-CBC3-MD5...NO (no ciphers available)
Testing ECDHE-RSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-NULL-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing NULL-SHA256...NO (sslv3 alert handshake failure)
Testing NULL-SHA...NO (sslv3 alert handshake failure)
Testing NULL-MD5...NO (sslv3 alert handshake failure)
</code>

De ce que j'ai compris :
  * ''no ciphers available'' signifie que le serveur distant n'implémente pas cette suite,
  * ''sslv3 alert handshake failure'' indique que le serveur distant a volontairement coupé la communication pendant la poignée de main. Il est probable que la suite cryptographique a été considérée comme peu fiable et donc désactivée.

====Utilisation====
Serveur
  openssl s_server -accept 8080 -cert mycert.pem

Client
  openssl s_client -host 127.0.0.1 -port 8080 -ssl3 -state -msg

Rendu serveur :
  Using default temp DH parameters
  ACCEPT
  -----BEGIN SSL SESSION PARAMETERS-----
  MHoCAQECAgMABALAFAQgP3wwxETqDq94gEAlDn6mdiFeAIv6+uwkjsHiuq9bjPIE
  MNIGXpcKCfDDi6JtIiW48jBuqB7PHP9eb6CuBxTzHHR9Qxjfe1FqZtgpri6CTHId
  3qEGAgRbjaHeogQCAgEspAYEBAEAAACrAwQBAQ==
  -----END SSL SESSION PARAMETERS-----
  Shared ciphers:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA
  CIPHER is ECDHE-RSA-AES256-SHA
  Secure Renegotiation IS supported

Rendu client :
  CONNECTED(00000003)
  SSL_connect:before/connect initialization
  >>> ??? [length 0005]
      16 03 00 00 90
  >>> SSL 3.0 Handshake [length 0090], ClientHello
      01 00 00 8c 03 00 85 7b e0 01 72 07 84 55 71 74
      91 ce b8 87 9d d5 e7 37 65 4e 79 60 c1 a1 84 de
      ae 70 82 f3 9b c0 00 00 64 c0 14 c0 0a 00 39 00
      38 00 37 00 36 00 88 00 87 00 86 00 85 c0 0f c0
      05 00 35 00 84 c0 13 c0 09 00 33 00 32 00 31 00
      30 00 9a 00 99 00 98 00 97 00 45 00 44 00 43 00
      42 c0 0e c0 04 00 2f 00 96 00 41 00 07 c0 11 c0
      07 c0 0c c0 02 00 05 00 04 c0 12 c0 08 00 16 00
      13 00 10 00 0d c0 0d c0 03 00 0a 00 ff 02 01 00
  SSL_connect:SSLv3 write client hello A
  <<< ??? [length 0005]
      16 03 00 00 51
  <<< SSL 3.0 Handshake [length 0051], ServerHello
      02 00 00 4d 03 00 27 b9 9c b0 69 b4 93 6e e4 b9
      09 ee 1e f5 95 4d 71 b6 5d 9c fb 76 af 22 96 ae
      69 7a 3c 55 1f a0 20 3f 7c 30 c4 44 ea 0e af 78
      80 40 25 0e 7e a6 76 21 5e 00 8b fa fa ec 24 8e
      c1 e2 ba af 5b 8c f2 c0 14 01 00 05 ff 01 00 01
      00
  SSL_connect:SSLv3 read server hello A
  <<< ??? [length 0005]
      16 03 00 02 66
  <<< SSL 3.0 Handshake [length 0266], Certificate
      0b 00 02 62 00 02 5f 00 02 5c 30 82 02 58 30 82
      01 c1 a0 03 02 01 02 02 09 00 ba ef af 2e f8 df
      93 e9 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05
      00 30 45 31 0b 30 09 06 03 55 04 06 13 02 41 55
      31 13 30 11 06 03 55 04 08 0c 0a 53 6f 6d 65 2d
      53 74 61 74 65 31 21 30 1f 06 03 55 04 0a 0c 18
      49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 73
      20 50 74 79 20 4c 74 64 30 1e 17 0d 31 38 30 39
      30 33 31 38 33 37 33 39 5a 17 0d 31 39 30 39 30
      33 31 38 33 37 33 39 5a 30 45 31 0b 30 09 06 03
      55 04 06 13 02 41 55 31 13 30 11 06 03 55 04 08
      0c 0a 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f
      06 03 55 04 0a 0c 18 49 6e 74 65 72 6e 65 74 20
      57 69 64 67 69 74 73 20 50 74 79 20 4c 74 64 30
      81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05
      00 03 81 8d 00 30 81 89 02 81 81 00 ce e1 84 d0
      9f 53 a9 ad cd a3 c4 8c ff ff 91 fc ad 3e 6b 19
      9b f7 15 fe ba 21 47 5b 53 76 19 be 33 27 25 d2
      05 77 f8 ea 30 22 f8 4f 0b a6 f2 f4 07 4e 81 60
      dc 86 a4 85 a3 cb 20 9e 3e 4d e2 6b 71 2a 83 3f
      dd 8e e9 95 ee ec 78 1b e0 dd 04 36 f0 4c 16 44
      ad 41 07 a3 c7 2f de b3 93 08 c2 fc a8 6b dc 87
      47 dd 99 ed a6 4d e3 09 e4 4d 9b 6c af 70 81 42
      d1 11 ca d0 a3 1e be ad 5f 0a fe a1 02 03 01 00
      01 a3 50 30 4e 30 1d 06 03 55 1d 0e 04 16 04 14
      18 ab 46 e9 69 80 f0 4f 73 cd 30 c3 58 36 49 a7
      3b 7d df 7e 30 1f 06 03 55 1d 23 04 18 30 16 80
      14 18 ab 46 e9 69 80 f0 4f 73 cd 30 c3 58 36 49
      a7 3b 7d df 7e 30 0c 06 03 55 1d 13 04 05 30 03
      01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b
      05 00 03 81 81 00 17 70 2d 05 a7 4d ee e3 0e 53
      02 d5 c5 75 6a 1e 31 c4 a7 fd 66 d0 60 bf f0 50
      e9 77 fe 4b ec a1 ea 6a b2 a4 83 43 17 89 3a a2
      3a e0 7f 79 e9 0e 06 cc 0a 8e e7 ad 9c f7 d2 7d
      e0 3d 81 74 0e f3 a2 da 3a e3 01 fe 8f ff 4e 36
      81 ba 73 db 2c cb 87 02 7b 9d 90 8b 3f 87 72 8d
      0d af 69 50 2b fd 1f 67 a5 cc 76 68 e7 0f c0 1b
      e2 81 b1 b0 6f e7 c3 b0 db 41 f7 06 e8 de 8a bc
      71 66 a4 a1 e9 ea
  depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
  verify error:num=18:self signed certificate
  verify return:1
  depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
  verify return:1
  SSL_connect:SSLv3 read server certificate A
  <<< ??? [length 0005]
      16 03 00 00 cb
  <<< SSL 3.0 Handshake [length 00cb], ServerKeyExchange
      0c 00 00 c7 03 00 17 41 04 4b 1d 1c 2d 3d 07 48
      93 92 69 8e 9f 4e 21 63 12 66 eb 18 86 9d ba 74
      99 07 39 57 1b 15 a7 23 f3 58 40 5d 0a 58 c4 3b
      fd 62 73 24 52 1f 7d a1 68 6a 8e 01 0d 90 18 79
      0a 64 0e 99 ac bf a4 e3 35 00 80 72 70 f4 70 00
      c6 ac 31 62 6c 16 60 8f 85 96 d9 7e 15 0f c2 b0
      37 e3 81 c2 82 88 dd ef 7f fc 1c 64 9d af 3b f3
      83 78 a2 0b 02 59 06 ce 52 2e de 7d f1 e2 8b 48
      4c 7c b1 b5 4b 4a 70 38 b1 88 9f a2 a9 98 62 fc
      63 16 31 d6 0c ed 00 16 6d bd 7a 42 84 0b 29 37
      7d d2 bb 8c e6 6a cf 58 2a d1 88 57 1e 20 77 40
      3a ae 7f dc a6 54 4e 4a 24 c9 85 bc de d7 c6 8a
      52 ce 13 08 24 0d 65 30 15 2a af
  SSL_connect:SSLv3 read server key exchange A
  <<< ??? [length 0005]
      16 03 00 00 04
  <<< SSL 3.0 Handshake [length 0004], ServerHelloDone
      0e 00 00 00
  SSL_connect:SSLv3 read server done A
  >>> ??? [length 0005]
      16 03 00 00 46
  >>> SSL 3.0 Handshake [length 0046], ClientKeyExchange
      10 00 00 42 41 04 8f 17 ff 81 6b 02 3d 3b 89 33
      44 4c 01 b3 10 93 a8 39 8f 5d 75 cb ca 80 4f 29
      a1 c8 71 0c 15 da 8f ca d0 f5 8e 99 95 35 91 b9
      e2 a6 15 05 7a da 4b dc 01 af 25 54 2b 44 02 7f
      bc 1e d6 aa 73 f2
  SSL_connect:SSLv3 write client key exchange A
  >>> ??? [length 0005]
      14 03 00 00 01
  >>> SSL 3.0 ChangeCipherSpec [length 0001]
      01
  SSL_connect:SSLv3 write change cipher spec A
  >>> ??? [length 0005]
      16 03 00 00 50
  >>> SSL 3.0 Handshake [length 0028], Finished
      14 00 00 24 25 6c 18 d7 56 cc 94 84 4d 26 98 50
      d6 79 fc b6 03 eb 7d 61 24 b3 90 ff d8 39 b8 c7
      8b 40 b1 db 92 41 22 49
  SSL_connect:SSLv3 write finished A
  SSL_connect:SSLv3 flush data
  <<< ??? [length 0005]
      14 03 00 00 01
  <<< SSL 3.0 ChangeCipherSpec [length 0001]
      01
  <<< ??? [length 0005]
      16 03 00 00 50
  <<< SSL 3.0 Handshake [length 0028], Finished
      14 00 00 24 a2 ef 3f 7e c3 8f 49 e0 ea 3a b0 69
      41 24 a3 13 06 6d ae e2 a9 66 1c 15 dc 6f a6 08
      f5 8e fd 5c e1 fb 33 33
  SSL_connect:SSLv3 read finished A
  ---
  Certificate chain
   0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
     i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
  ---
  Server certificate
  -----BEGIN CERTIFICATE-----
  MIICWDCCAcGgAwIBAgIJALrvry7435PpMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
  BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
  aWRnaXRzIFB0eSBMdGQwHhcNMTgwOTAzMTgzNzM5WhcNMTkwOTAzMTgzNzM5WjBF
  MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
  ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
  gQDO4YTQn1Oprc2jxIz//5H8rT5rGZv3Ff66IUdbU3YZvjMnJdIFd/jqMCL4Twum
  8vQHToFg3IakhaPLIJ4+TeJrcSqDP92O6ZXu7Hgb4N0ENvBMFkStQQejxy/es5MI
  wvyoa9yHR92Z7aZN4wnkTZtsr3CBQtERytCjHr6tXwr+oQIDAQABo1AwTjAdBgNV
  HQ4EFgQUGKtG6WmA8E9zzTDDWDZJpzt9334wHwYDVR0jBBgwFoAUGKtG6WmA8E9z
  zTDDWDZJpzt9334wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAXcC0F
  p03u4w5TAtXFdWoeMcSn/WbQYL/wUOl3/kvsoepqsqSDQxeJOqI64H956Q4GzAqO
  562c99J94D2BdA7zoto64wH+j/9ONoG6c9ssy4cCe52Qiz+Hco0Nr2lQK/0fZ6XM
  dmjnD8Ab4oGxsG/nw7DbQfcG6N6KvHFmpKHp6g==
  -----END CERTIFICATE-----
  subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
  issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
  ---
  No client certificate CA names sent
  Server Temp Key: ECDH, P-256, 256 bits
  ---
  SSL handshake has read 1013 bytes and written 315 bytes
  ---
  New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
  Server public key is 1024 bit
  Secure Renegotiation IS supported
  Compression: zlib compression
  Expansion: zlib compression
  No ALPN negotiated
  SSL-Session:
      Protocol  : SSLv3
      Cipher    : ECDHE-RSA-AES256-SHA
      Session-ID: 3F7C30C444EA0EAF788040250E7EA676215E008BFAFAEC248EC1E2BAAF5B8CF2
      Session-ID-ctx: 
      Master-Key: D2065E970A09F0C38BA26D2225B8F2306EA81ECF1CFF5E6FA0AE0714F31C747D4318DF7B516A66D829AE2E824C721DDE
      Key-Arg   : None
      Krb5 Principal: None
      PSK identity: None
      PSK identity hint: None
      SRP username: None
      Compression: 1 (zlib compression)
      Start Time: 1536008670
      Timeout   : 7200 (sec)
      Verify return code: 18 (self signed certificate)
  ---