DokuWiki

Outils pour utilisateurs

Outils du site

Piste :
informatique:openssl

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

informatique:openssl [2020/08/09 13:03] – modification externe 127.0.0.1informatique:openssl [2021/01/11 20:05] (Version actuelle) simon
Ligne 21: Ligne 21:
 Source : [[https://www.shellhacks.com/openssl-check-ssl-certificate-expiration-date/|shellhacks.com]] Source : [[https://www.shellhacks.com/openssl-check-ssl-certificate-expiration-date/|shellhacks.com]]
  
 +==== Voir comment se déroule la connexion avec TLS ====
  
 +<code bash>
 +$ openssl s_client -host simonlefort.be -port 443
 +CONNECTED(00000003)
 +depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
 +verify return:1
 +depth=1 C = US, O = Let's Encrypt, CN = R3
 +verify return:1
 +depth=0 CN = simonlefort.be
 +verify return:1
 +---
 +Certificate chain
 + 0 s:CN = simonlefort.be
 +   i:C = US, O = Let's Encrypt, CN = R3
 + 1 s:C = US, O = Let's Encrypt, CN = R3
 +   i:O = Digital Signature Trust Co., CN = DST Root CA X3
 +---
 +Server certificate
 +-----BEGIN CERTIFICATE-----
 +MIIFvjCCBKagAwIBAgISAzDI7dzcDJFFhGCPhSuEOugeMA0GCSqGSIb3DQEBCwUA
 +MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
 +EwJSMzAeFw0yMTAxMDQwNTI1MTlaFw0yMTA0MDQwNTI1MTlaMBkxFzAVBgNVBAMT
 +DnNpbW9ubGVmb3J0LmJlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA
 +nKI1QA0/4qzHR183CzsjyLEumxY0Esn0mcvRNT1Xl979WTg+lDlNYSViELwTrBtO
 +Vm0jaQ4Ocq88z4MN7SkD1OC2Mj+0Mq08lb8OOoc21TPcuJqmoBeL5CoLx2WXVp29
 +EuGbfAb2LzpbX7YkfLvB9dvrcDfRHa9lb7alowTznkcZV+U3a+5DWnm7By4bZF6k
 +LNqcOkzYLm/gPMXXEjNe5v3mtaahSpzvYnjBNi4k6rBoeZYXs69v+0bKHfRpCHH8
 +570whnIFYTl4+ZR+oFscRoYFT/E9vqijr/yVNkNfTrGaz5vir9lUKom0x3H/m2QF
 +EIC+5nwu2ESdaluarguGXqh+xQ6busA42iz6MEwgvUsnzKy/pnFeJwk1Aviylc0z
 +upoJloOiek4fbKt28GTESpeJEr/LiJvHu9/E4uJTT/AUiFTT1/y5fJw9izJpMQ7j
 +9zmreE0YAmaBYPhREqvr8w6eEpYMz+lcAeC3CVVANmwdix7V6s0gKfZidoygL0oz
 +AgMBAAGjggJlMIICYTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH
 +AwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFOda0wvElD0lSrkC
 +f66SXksSRpPfMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsG
 +AQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIG
 +CCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMDUGA1UdEQQuMCyCDnNp
 +bW9ubGVmb3J0LmJlghp4bXBwLXVwbG9hZC5zaW1vbmxlZm9ydC5iZTBMBgNVHSAE
 +RTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRw
 +Oi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2
 +AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT/TM5a1toGoAAABdswSSckAAAQDAEcw
 +RQIgZDNVmJHan67Uur8fQVmrBc894eCfbLUmDYLNPPwSwi8CIQD6CmEM7VxI6NWE
 +VzfpvBYtctjsXdlfkK+g82Gl5uflTgB2AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/
 +LmqXaJl+IvDXAAABdswSSkAAAAQDAEcwRQIgPiIyUFiM262NU9CRrcYfAsOnUcqU
 +20a+0lZXJkJfSDkCIQCivz4LEw7AsajkfMBXocz4i+jKnCAS83RAVoxisgIn+zAN
 +BgkqhkiG9w0BAQsFAAOCAQEAsc2tPKa6RYRu2zsMT6ICAZ5PLhsPl99hI2PsCemh
 +Ln2PWv20SYoBFdPgaDf/MuGFrUU/1+wV68E7i2Gw1csEOX5pJa4DYZC7DK5rtum0
 +GRFglo8NByqEQnzFnGSyKNevY2a2aL0/m08DEmo/c0mrJ7PwCH7IcIRVn28dcp8G
 +QaDbrNbPeR2r6Qn7bRRhk7lC7a+KIvZITjACbBMkH5/840Zkc6zcLEwVY95YhmgA
 +Zw3DKVeRFPpC8tRu3c4Xi47arwS+QDuF8crY8Dc0bMtTAO/YdKy30/wRoEaLkJqw
 +inasdDS2/cmsevlaTT2sXK8HeQ1tz/Lx40+M8o2wPIfJxQ==
 +-----END CERTIFICATE-----
 +subject=CN = simonlefort.be
 +
 +issuer=C = US, O = Let's Encrypt, CN = R3
 +
 +---
 +No client certificate CA names sent
 +Peer signing digest: SHA256
 +Peer signature type: RSA-PSS
 +Server Temp Key: X25519, 253 bits
 +---
 +SSL handshake has read 3296 bytes and written 386 bytes
 +Verification: OK
 +---
 +New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
 +Server public key is 3072 bit
 +Secure Renegotiation IS NOT supported
 +Compression: NONE
 +Expansion: NONE
 +No ALPN negotiated
 +Early data was not sent
 +Verify return code: 0 (ok)
 +---
 +---
 +Post-Handshake New Session Ticket arrived:
 +SSL-Session:
 +    Protocol  : TLSv1.3
 +    Cipher    : TLS_AES_256_GCM_SHA384
 +    Session-ID: 6C0646071A6A536465B257579609473FE00430C0425CBA434FD44D36CEE9FCEF
 +    Session-ID-ctx: 
 +    Resumption PSK: 49F1325FF5ED2A54D454C5D2C93FEB35E958759FAC108749B67DDD7A2FBF6FA2AB24B68778DE21042278B2BEC7E23B2B
 +    PSK identity: None
 +    PSK identity hint: None
 +    SRP username: None
 +    TLS session ticket lifetime hint: 86400 (seconds)
 +    TLS session ticket:
 +    0000 - ab ea f5 35 44 19 8c 84-07 45 b7 a3 a5 77 73 d6   ...5D....E...ws.
 +    0010 - b0 8f 35 19 61 a9 69 74-d3 c7 bd 7f f6 38 71 35   ..5.a.it.....8q5
 +
 +    Start Time: 1610395479
 +    Timeout   : 7200 (sec)
 +    Verify return code: 0 (ok)
 +    Extended master secret: no
 +    Max Early Data: 0
 +---
 +read R BLOCK
 +---
 +Post-Handshake New Session Ticket arrived:
 +SSL-Session:
 +    Protocol  : TLSv1.3
 +    Cipher    : TLS_AES_256_GCM_SHA384
 +    Session-ID: B6643D912A0337A9271A67D8FFAD266B542E70F9BF5C55062788A24EFA90DE91
 +    Session-ID-ctx: 
 +    Resumption PSK: A371D300FBA506F34315ECCCA1C9CF34E0CDCD352A997E3E6689B651722467D9ED66D7DB8160D5C1345860783DD1C927
 +    PSK identity: None
 +    PSK identity hint: None
 +    SRP username: None
 +    TLS session ticket lifetime hint: 86400 (seconds)
 +    TLS session ticket:
 +    0000 - 86 ee 0a c4 eb 33 10 f6-58 15 53 be d3 25 df ec   .....3..X.S..%..
 +    0010 - 3d 96 4e bd 0c 13 8a 90-4f 05 99 91 91 af 74 d1   =.N.....O.....t.
 +
 +    Start Time: 1610395479
 +    Timeout   : 7200 (sec)
 +    Verify return code: 0 (ok)
 +    Extended master secret: no
 +    Max Early Data: 0
 +---
 +read R BLOCK
 +</code>
informatique/openssl.1596978214.txt.gz · Dernière modification : de 127.0.0.1