LG

Outils pour utilisateurs

Outils du site

Piste : tls
doc:web:tls

Table des matières

Comment ça marche ?

J'ai trouvé 3 documents qui je trouve présente bien notre affaire. C'est détaillé plutôt dans le contenu des trames.

1. Principes du chiffrement avec le protocole SSL_TLS, Archive du 16/03/2011 le 15/10/2019

En plus poussé avec des dump Wireshark, Archive

Décrypter du SSL _ Druides (quand on connait la clé privée), Archive du 01/2015 le 15/10/2019

Voir aussi les implémentations dans la partie hash.

OpenSSL

Suites cryptographiques (cipher) supportées par un serveur

Ce script teste toutes les suites cryptographiques connues par openssl sur le poste client et donne le résultat de la communication avec le serveur distant.

security - How do I list the SSL_TLS cipher suites a particular website offers_ - Super User, Archive du 15/02/2010 le 15/10/2019

Paramètre 1 : l'adresse IP (ou le nom de domaine), Paramètre 2 : le port (443)

bash
#!/usr/bin/env bash
 
# OpenSSL requires the port number.
SERVER=$1:$2
DELAY=1
ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g')
 
echo Obtaining cipher list from $(openssl version).
 
for cipher in ${ciphers[@]}
do
echo -n Testing $cipher...
result=$(echo -n | openssl s_client -cipher "$cipher" -connect $SERVER 2>&1)
if [[ "$result" =~ ":error:" ]] ; then
  error=$(echo -n $result | cut -d':' -f6)
  echo NO \($error\)
else
  if [[ "$result" =~ "Cipher is ${cipher}" || "$result" =~ "Cipher    :" ]] ; then
    echo YES
  else
    echo UNKNOWN RESPONSE
    echo $result
  fi
fi
sleep $DELAY
done

Exemple avec google.fr:443 : 

Obtaining cipher list from OpenSSL 1.0.2l 25 May 2017.
Testing ECDHE-RSA-AES256-GCM-SHA384...YES
Testing ECDHE-ECDSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES256-SHA384...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES256-SHA384...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES256-SHA...YES
Testing ECDHE-ECDSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing SRP-DSS-AES-256-CBC-SHA...NO (no ciphers available)
Testing SRP-RSA-AES-256-CBC-SHA...NO (no ciphers available)
Testing SRP-AES-256-CBC-SHA...NO (no ciphers available)
Testing DH-DSS-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing DH-RSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES256-SHA256...NO (sslv3 alert handshake failure)
Testing DH-RSA-AES256-SHA256...NO (sslv3 alert handshake failure)
Testing DH-DSS-AES256-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DH-RSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DH-DSS-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing DH-RSA-CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing DH-DSS-CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-AES256-SHA...NO (sslv3 alert handshake failure)
Testing ADH-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ADH-AES256-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-AES256-SHA...NO (sslv3 alert handshake failure)
Testing ADH-CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES256-SHA384...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES256-SHA384...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing AES256-GCM-SHA384...YES
Testing AES256-SHA256...NO (sslv3 alert handshake failure)
Testing AES256-SHA...YES
Testing CAMELLIA256-SHA...NO (sslv3 alert handshake failure)
Testing PSK-AES256-CBC-SHA...NO (no ciphers available)
Testing ECDHE-RSA-AES128-GCM-SHA256...YES
Testing ECDHE-ECDSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ECDHE-RSA-AES128-SHA...YES
Testing ECDHE-ECDSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing SRP-DSS-AES-128-CBC-SHA...NO (no ciphers available)
Testing SRP-RSA-AES-128-CBC-SHA...NO (no ciphers available)
Testing SRP-AES-128-CBC-SHA...NO (no ciphers available)
Testing DH-DSS-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing DH-RSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing DH-RSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing DH-DSS-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DH-RSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DH-DSS-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-SEED-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-SEED-SHA...NO (sslv3 alert handshake failure)
Testing DH-RSA-SEED-SHA...NO (sslv3 alert handshake failure)
Testing DH-DSS-SEED-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing DH-RSA-CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing DH-DSS-CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-AES128-SHA...NO (sslv3 alert handshake failure)
Testing ADH-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ADH-AES128-SHA...NO (sslv3 alert handshake failure)
Testing ADH-SEED-SHA...NO (sslv3 alert handshake failure)
Testing ADH-CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES128-SHA256...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-AES128-SHA...NO (sslv3 alert handshake failure)
Testing AES128-GCM-SHA256...YES
Testing AES128-SHA256...NO (sslv3 alert handshake failure)
Testing AES128-SHA...YES
Testing SEED-SHA...NO (sslv3 alert handshake failure)
Testing CAMELLIA128-SHA...NO (sslv3 alert handshake failure)
Testing IDEA-CBC-SHA...NO (sslv3 alert handshake failure)
Testing PSK-AES128-CBC-SHA...NO (no ciphers available)
Testing KRB5-IDEA-CBC-SHA...NO (no ciphers available)
Testing KRB5-IDEA-CBC-MD5...NO (no ciphers available)
Testing ECDHE-RSA-RC4-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-RC4-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-RC4-SHA...NO (sslv3 alert handshake failure)
Testing ADH-RC4-MD5...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-RC4-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-RC4-SHA...NO (sslv3 alert handshake failure)
Testing RC4-SHA...NO (sslv3 alert handshake failure)
Testing RC4-MD5...NO (sslv3 alert handshake failure)
Testing PSK-RC4-SHA...NO (no ciphers available)
Testing KRB5-RC4-SHA...NO (no ciphers available)
Testing KRB5-RC4-MD5...NO (no ciphers available)
Testing ECDHE-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing SRP-DSS-3DES-EDE-CBC-SHA...NO (no ciphers available)
Testing SRP-RSA-3DES-EDE-CBC-SHA...NO (no ciphers available)
Testing SRP-3DES-EDE-CBC-SHA...NO (no ciphers available)
Testing EDH-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing EDH-DSS-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing DH-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing DH-DSS-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ADH-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing DES-CBC3-SHA...YES
Testing PSK-3DES-EDE-CBC-SHA...NO (no ciphers available)
Testing KRB5-DES-CBC3-SHA...NO (no ciphers available)
Testing KRB5-DES-CBC3-MD5...NO (no ciphers available)
Testing ECDHE-RSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing ECDHE-ECDSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing AECDH-NULL-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-RSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing ECDH-ECDSA-NULL-SHA...NO (sslv3 alert handshake failure)
Testing NULL-SHA256...NO (sslv3 alert handshake failure)
Testing NULL-SHA...NO (sslv3 alert handshake failure)
Testing NULL-MD5...NO (sslv3 alert handshake failure)

De ce que j'ai compris :

  • no ciphers available signifie que le serveur distant n'implémente pas cette suite,
  • sslv3 alert handshake failure indique que le serveur distant a volontairement coupé la communication pendant la poignée de main. Il est probable que la suite cryptographique a été considérée comme peu fiable et donc désactivée.

Utilisation

Serveur 

openssl s_server -accept 8080 -cert mycert.pem

Client 

openssl s_client -host 127.0.0.1 -port 8080 -ssl3 -state -msg

Rendu serveur : 

Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MHoCAQECAgMABALAFAQgP3wwxETqDq94gEAlDn6mdiFeAIv6+uwkjsHiuq9bjPIE
MNIGXpcKCfDDi6JtIiW48jBuqB7PHP9eb6CuBxTzHHR9Qxjfe1FqZtgpri6CTHId
3qEGAgRbjaHeogQCAgEspAYEBAEAAACrAwQBAQ==
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA
CIPHER is ECDHE-RSA-AES256-SHA
Secure Renegotiation IS supported

Rendu client : 

CONNECTED(00000003)
SSL_connect:before/connect initialization
>>> ??? [length 0005]
    16 03 00 00 90
>>> SSL 3.0 Handshake [length 0090], ClientHello
    01 00 00 8c 03 00 85 7b e0 01 72 07 84 55 71 74
    91 ce b8 87 9d d5 e7 37 65 4e 79 60 c1 a1 84 de
    ae 70 82 f3 9b c0 00 00 64 c0 14 c0 0a 00 39 00
    38 00 37 00 36 00 88 00 87 00 86 00 85 c0 0f c0
    05 00 35 00 84 c0 13 c0 09 00 33 00 32 00 31 00
    30 00 9a 00 99 00 98 00 97 00 45 00 44 00 43 00
    42 c0 0e c0 04 00 2f 00 96 00 41 00 07 c0 11 c0
    07 c0 0c c0 02 00 05 00 04 c0 12 c0 08 00 16 00
    13 00 10 00 0d c0 0d c0 03 00 0a 00 ff 02 01 00
SSL_connect:SSLv3 write client hello A
<<< ??? [length 0005]
    16 03 00 00 51
<<< SSL 3.0 Handshake [length 0051], ServerHello
    02 00 00 4d 03 00 27 b9 9c b0 69 b4 93 6e e4 b9
    09 ee 1e f5 95 4d 71 b6 5d 9c fb 76 af 22 96 ae
    69 7a 3c 55 1f a0 20 3f 7c 30 c4 44 ea 0e af 78
    80 40 25 0e 7e a6 76 21 5e 00 8b fa fa ec 24 8e
    c1 e2 ba af 5b 8c f2 c0 14 01 00 05 ff 01 00 01
    00
SSL_connect:SSLv3 read server hello A
<<< ??? [length 0005]
    16 03 00 02 66
<<< SSL 3.0 Handshake [length 0266], Certificate
    0b 00 02 62 00 02 5f 00 02 5c 30 82 02 58 30 82
    01 c1 a0 03 02 01 02 02 09 00 ba ef af 2e f8 df
    93 e9 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05
    00 30 45 31 0b 30 09 06 03 55 04 06 13 02 41 55
    31 13 30 11 06 03 55 04 08 0c 0a 53 6f 6d 65 2d
    53 74 61 74 65 31 21 30 1f 06 03 55 04 0a 0c 18
    49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 73
    20 50 74 79 20 4c 74 64 30 1e 17 0d 31 38 30 39
    30 33 31 38 33 37 33 39 5a 17 0d 31 39 30 39 30
    33 31 38 33 37 33 39 5a 30 45 31 0b 30 09 06 03
    55 04 06 13 02 41 55 31 13 30 11 06 03 55 04 08
    0c 0a 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f
    06 03 55 04 0a 0c 18 49 6e 74 65 72 6e 65 74 20
    57 69 64 67 69 74 73 20 50 74 79 20 4c 74 64 30
    81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05
    00 03 81 8d 00 30 81 89 02 81 81 00 ce e1 84 d0
    9f 53 a9 ad cd a3 c4 8c ff ff 91 fc ad 3e 6b 19
    9b f7 15 fe ba 21 47 5b 53 76 19 be 33 27 25 d2
    05 77 f8 ea 30 22 f8 4f 0b a6 f2 f4 07 4e 81 60
    dc 86 a4 85 a3 cb 20 9e 3e 4d e2 6b 71 2a 83 3f
    dd 8e e9 95 ee ec 78 1b e0 dd 04 36 f0 4c 16 44
    ad 41 07 a3 c7 2f de b3 93 08 c2 fc a8 6b dc 87
    47 dd 99 ed a6 4d e3 09 e4 4d 9b 6c af 70 81 42
    d1 11 ca d0 a3 1e be ad 5f 0a fe a1 02 03 01 00
    01 a3 50 30 4e 30 1d 06 03 55 1d 0e 04 16 04 14
    18 ab 46 e9 69 80 f0 4f 73 cd 30 c3 58 36 49 a7
    3b 7d df 7e 30 1f 06 03 55 1d 23 04 18 30 16 80
    14 18 ab 46 e9 69 80 f0 4f 73 cd 30 c3 58 36 49
    a7 3b 7d df 7e 30 0c 06 03 55 1d 13 04 05 30 03
    01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b
    05 00 03 81 81 00 17 70 2d 05 a7 4d ee e3 0e 53
    02 d5 c5 75 6a 1e 31 c4 a7 fd 66 d0 60 bf f0 50
    e9 77 fe 4b ec a1 ea 6a b2 a4 83 43 17 89 3a a2
    3a e0 7f 79 e9 0e 06 cc 0a 8e e7 ad 9c f7 d2 7d
    e0 3d 81 74 0e f3 a2 da 3a e3 01 fe 8f ff 4e 36
    81 ba 73 db 2c cb 87 02 7b 9d 90 8b 3f 87 72 8d
    0d af 69 50 2b fd 1f 67 a5 cc 76 68 e7 0f c0 1b
    e2 81 b1 b0 6f e7 c3 b0 db 41 f7 06 e8 de 8a bc
    71 66 a4 a1 e9 ea
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify return:1
SSL_connect:SSLv3 read server certificate A
<<< ??? [length 0005]
    16 03 00 00 cb
<<< SSL 3.0 Handshake [length 00cb], ServerKeyExchange
    0c 00 00 c7 03 00 17 41 04 4b 1d 1c 2d 3d 07 48
    93 92 69 8e 9f 4e 21 63 12 66 eb 18 86 9d ba 74
    99 07 39 57 1b 15 a7 23 f3 58 40 5d 0a 58 c4 3b
    fd 62 73 24 52 1f 7d a1 68 6a 8e 01 0d 90 18 79
    0a 64 0e 99 ac bf a4 e3 35 00 80 72 70 f4 70 00
    c6 ac 31 62 6c 16 60 8f 85 96 d9 7e 15 0f c2 b0
    37 e3 81 c2 82 88 dd ef 7f fc 1c 64 9d af 3b f3
    83 78 a2 0b 02 59 06 ce 52 2e de 7d f1 e2 8b 48
    4c 7c b1 b5 4b 4a 70 38 b1 88 9f a2 a9 98 62 fc
    63 16 31 d6 0c ed 00 16 6d bd 7a 42 84 0b 29 37
    7d d2 bb 8c e6 6a cf 58 2a d1 88 57 1e 20 77 40
    3a ae 7f dc a6 54 4e 4a 24 c9 85 bc de d7 c6 8a
    52 ce 13 08 24 0d 65 30 15 2a af
SSL_connect:SSLv3 read server key exchange A
<<< ??? [length 0005]
    16 03 00 00 04
<<< SSL 3.0 Handshake [length 0004], ServerHelloDone
    0e 00 00 00
SSL_connect:SSLv3 read server done A
>>> ??? [length 0005]
    16 03 00 00 46
>>> SSL 3.0 Handshake [length 0046], ClientKeyExchange
    10 00 00 42 41 04 8f 17 ff 81 6b 02 3d 3b 89 33
    44 4c 01 b3 10 93 a8 39 8f 5d 75 cb ca 80 4f 29
    a1 c8 71 0c 15 da 8f ca d0 f5 8e 99 95 35 91 b9
    e2 a6 15 05 7a da 4b dc 01 af 25 54 2b 44 02 7f
    bc 1e d6 aa 73 f2
SSL_connect:SSLv3 write client key exchange A
>>> ??? [length 0005]
    14 03 00 00 01
>>> SSL 3.0 ChangeCipherSpec [length 0001]
    01
SSL_connect:SSLv3 write change cipher spec A
>>> ??? [length 0005]
    16 03 00 00 50
>>> SSL 3.0 Handshake [length 0028], Finished
    14 00 00 24 25 6c 18 d7 56 cc 94 84 4d 26 98 50
    d6 79 fc b6 03 eb 7d 61 24 b3 90 ff d8 39 b8 c7
    8b 40 b1 db 92 41 22 49
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
<<< ??? [length 0005]
    14 03 00 00 01
<<< SSL 3.0 ChangeCipherSpec [length 0001]
    01
<<< ??? [length 0005]
    16 03 00 00 50
<<< SSL 3.0 Handshake [length 0028], Finished
    14 00 00 24 a2 ef 3f 7e c3 8f 49 e0 ea 3a b0 69
    41 24 a3 13 06 6d ae e2 a9 66 1c 15 dc 6f a6 08
    f5 8e fd 5c e1 fb 33 33
SSL_connect:SSLv3 read finished A
---
Certificate chain
 0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
   i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICWDCCAcGgAwIBAgIJALrvry7435PpMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTgwOTAzMTgzNzM5WhcNMTkwOTAzMTgzNzM5WjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDO4YTQn1Oprc2jxIz//5H8rT5rGZv3Ff66IUdbU3YZvjMnJdIFd/jqMCL4Twum
8vQHToFg3IakhaPLIJ4+TeJrcSqDP92O6ZXu7Hgb4N0ENvBMFkStQQejxy/es5MI
wvyoa9yHR92Z7aZN4wnkTZtsr3CBQtERytCjHr6tXwr+oQIDAQABo1AwTjAdBgNV
HQ4EFgQUGKtG6WmA8E9zzTDDWDZJpzt9334wHwYDVR0jBBgwFoAUGKtG6WmA8E9z
zTDDWDZJpzt9334wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAXcC0F
p03u4w5TAtXFdWoeMcSn/WbQYL/wUOl3/kvsoepqsqSDQxeJOqI64H956Q4GzAqO
562c99J94D2BdA7zoto64wH+j/9ONoG6c9ssy4cCe52Qiz+Hco0Nr2lQK/0fZ6XM
dmjnD8Ab4oGxsG/nw7DbQfcG6N6KvHFmpKHp6g==
-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
No client certificate CA names sent
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1013 bytes and written 315 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
No ALPN negotiated
SSL-Session:
    Protocol  : SSLv3
    Cipher    : ECDHE-RSA-AES256-SHA
    Session-ID: 3F7C30C444EA0EAF788040250E7EA676215E008BFAFAEC248EC1E2BAAF5B8CF2
    Session-ID-ctx: 
    Master-Key: D2065E970A09F0C38BA26D2225B8F2306EA81ECF1CFF5E6FA0AE0714F31C747D4318DF7B516A66D829AE2E824C721DDE
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Compression: 1 (zlib compression)
    Start Time: 1536008670
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
---
doc/web/tls.txt · Dernière modification : 2019/10/15 22:54 de root