Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
检查 SSL 协商详细信息的简便方法 - Knowledge Base - Palo Alto Networks

检查 SSL 协商详细信息的简便方法

36211
Created On 09/25/18 19:10 PM - Last Modified 06/07/23 10:08 AM


Symptom


如何检查 SSL 协商详细信息



Resolution


1。在客户端和服务器之间检查 SSL 协商详细信息的一种简便方法是使用 openssl。 

2。在 linux 系统中 (如: 卡莉 linux), 使用 openssl s_client 验证谈判细节。 

3。在 linux 中打开 shell

 

KL1。Jpg

 

4。使用的命令 

一个。#openssl

b。#s_client 连接www.systemstudio.com:443 --注: <domain name="">:<443> </443> </domain>

 KL2。Jpg

 

5。示例输出:

OpenSSL >> s_client 连接www.systemstudio.com:443
连接 (00000003)
depth=2 C = 是, O = GlobalSign 内华达州 sa, OU = 根 ca, CN = GlobalSign 根 ca
验证 return:1
depth=1 C = 是, O = GlobalSign nv sa, CN = GlobalSign 域验证 CA-SHA256 G2
验证 return:1
depth=0 OU = 域控件已验证, CN = cc.sedoparking.com
验证 return:1
---
证书链
0 s:/OU = 域控件已验证/CN = 抄送. sedoparking. com
i:/C = 是/O = GlobalSign nv-sa/CN =GlobalSign 域验证 CA-SHA256-G2
1 秒: c/c++ = GlobalSign = GlobalSign 域验证 CA-SHA256 G2
i:/c = 是/o = GlobalSign nv sa/OU = 根 ca/CN = GlobalSign 根 ca
---
服务器证书
-----开始证书-----
MIIE8jCCA9qgAwIBAgISESGTb+pqujeMpyMkW48SWnhQMA0GCSqGSIb3DQEBCwUA
MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD
VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTUxMTExMDg0NTQwWhcNMTcxMTExMDg0NTQwWjBAMSEwHwYDVQQLExhE
b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAMTEmNjLnNlZG9wYXJraW5n
LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALSX9ixYi6cB09+r
yhtRS1lh0wd11WhccAWnPq0kXp7+PnkUkv+wjRFZ/bjk/l+LPO8HwPWLYhKlembV
54 fn + UJyvEpvBuEF7iX7 + PW89Aymmx4/2Fggln4ozO3qFHpNBo/IJVet5YTMIqm7
PGNzR6V7NT8e8wGDqeFHKoEdxxIFNpXPNxCOPF2ZbFffATeIBqY+0QGB+NWM/emu
BYGkzkmoZRnHFH7+9INwCvPIo78xTInZQQMX1OvxX1AhEzw2U0JH9nVHLguQKuwr
u1uUMMQScx4o/0g2flmpMMa7Eep4Z+HJnuGE4NnBBzcg4M06kxByFWD1xULkYysO
b5907YMCAwEAAaOCAcQwggHAMA4GA1UdDwEB/wQEAwIFoDBJBgNVHSAEQjBAMD4G
BmeBDAECATA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNv
bS9yZXBvc2l0b3J5LzAdBgNVHREEFjAUghJjYy5zZWRvcGFya2luZy5jb20wCQYD
VR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYDVR0fBDww
OjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2RvbWFpbnZh
bHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAChjtodHRw
Oi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZhbHNoYTJn
MnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29t
L2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBQOb+sP/EvKLwTF/twbuKVfMeHD
ajAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG9w0BAQsF
AAOCAQEAUctF7dn2Zc9Lgv2k/AIwLgDYdHLFJD0yOhHFKuuR4vYmGS3mQ0y42FDT
SP7wiZRqEb+UUt/BaXYwo/rcRZUEtuuEDIfz4vbvUpJMBCLDG3Ft6YtK0+DApVp0
5MPhtB1LhPZhEH3BZUwmGlgtjH7ZVTNgr25DrFElkBD9bmdxH6xSLCrGzs3zzuz +
0 + a2UigS + rcLHGnQA/9 b + 8 quor/0HUUv2D68AbX7M9j9CKwYGYhYDlmvEyGLZz37
eceoZOGY8Voq9a/8HrOHcmxndjRQzx2takCQiYCUKazoeoQcbaP8uLefnNlcbJp7
psu5hAM6+KZceZ8GXoON9uO0Cj3tQA==
-----结束证书-----
主题 =/OU = 域控件验证/CN =cc.sedoparking.com
发行者 =/C = 是/O = GlobalSign nv/CN = GlobalSign 域验证 ca-SHA256 G2
---
没有发送
---SSL 握手的客户端证书 ca 名称
已读取2716个字节, 并写入641个字节
---
新的, TLSv1/SSLv3, 密码是 AES256-SHA
服务器公钥2048位安全重新
协商支持
压缩: 无
扩展: 无
ALPN 协商
SSL-会话:
协议: TLSv1
密码: AES256-SHA
会话-ID:ACE8E9B4C38D3B63359EEB4016C2FA3424AEC582ABCE4E293C92E4E717CD7D26
会话-ID-ctx:
主键: 3B26FC8251A071FEB876387781B1D49DAF22EB2612B2C61BCB6DCE346CDE59B71EF8D0DCF072BFAE4B1AD331CA579C9A
键-Arg: 无
PSK身份: 无
PSK 标识提示: none
用户名: 无
TLS 会话票证:
0000-e0 16 d4 ce bb fb b5 cb-32 ef 2c b2 0d a0 76.....。2.,.... v
0010-2b 59 82 09 1f 78 a3 67-ca 14 23 00 66 22 d6 8d + Y... x.g.。f..
0020-01 2d d7 eb 76 4b 99 47-ad 29 10 52 7f 2f a3 e1-。。vK 湾)。R..。
0030-a3 46 80 a4 dc 2f df b7-c6 a0 07 43 53 7d 4e d7。F..。CS} N.
0040-61 c1 a8 0a c5 f4 eb 6 d-3 c eb 8e 76<..v$...> </..v$...> 24 94 04 99 a. m
0050-e8 3d eb cb f1 ba b1 0 f ff 24 59 2f cf d5 f0 50... $Y/..。P
0060-83 4d 28 54 b8 c5 38 b6-bc d6 f6 8f 9d 45 9c 59。M (T。8. Y
0070-62 36 75 4c e4 a8 8b 30-79 1f 24 是 36 93 57 24 b6uL..。0 6. W $
0080-44 84 dc c0 04 3c b0 0 d 9 c 09 2b 61 14 c4 bf 06 D..。<....+a....></....+a....>
0090-4d 60 79 90 11 49 cf 86-f0 bc 74 16 de f3 fe e3 M..。我..。

开始时间: 1462909951
超时: 300 (秒)
验证返回代码: 0 (ok)
---
已关闭

 



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVCCA0&lang=zh_CN&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language