Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Trying to connect with SSL_RSA_WITH_RC4_128_SHA
- "write:errno=10054" meaning IIS disconnects.
- C:\OpenSSL-Win32\bin>openssl.exe s_client -connect MYHOSTNAME:443 -tls1 -cipher RC4-SHA
- WARNING: can't open config file: /usr/local/ssl/openssl.cnf
- CONNECTED(00000768)
- write:errno=10054
- ---
- no peer certificate available
- ---
- No client certificate CA names sent
- ---
- SSL handshake has read 0 bytes and written 0 bytes
- ---
- New, (NONE), Cipher is (NONE)
- Secure Renegotiation IS NOT supported
- Compression: NONE
- Expansion: NONE
- No ALPN negotiated
- SSL-Session:
- Protocol : TLSv1
- Cipher : 0000
- Session-ID:
- Session-ID-ctx:
- Master-Key:
- Key-Arg : None
- PSK identity: None
- PSK identity hint: None
- SRP username: None
- Start Time: 1470393852
- Timeout : 7200 (sec)
- Verify return code: 0 (ok)
- ---
- Trying to connect with TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- (determined by constraining Firefox to TLSv1.0 by setting security.tls.version.max to 1 instead of 3,
- listening to the handshake with Wireshark and seeing which cipher the server picks)
- This works since I get a session ticket.
- C:\OpenSSL-Win32\bin>openssl.exe s_client -connect MYHOSTNAME:443 -tls1 -cipher ECDHE-RSA-AES256-SHA
- WARNING: can't open config file: /usr/local/ssl/openssl.cnf
- CONNECTED(00000768)
- depth=0 CN = MYFQDN
- verify error:num=18:self signed certificate
- verify return:1
- depth=0 CN = MYFQDN
- verify return:1
- ---
- Certificate chain
- 0 s:/CN=MYFQDN
- i:/CN=MYFQDN
- ---
- Server certificate
- -----BEGIN CERTIFICATE-----
- [certificate elided]
- -----END CERTIFICATE-----
- subject=/CN=MYFQDN
- issuer=/CN=MYFQDN
- ---
- No client certificate CA names sent
- Server Temp Key: ECDH, P-521, 521 bits
- ---
- SSL handshake has read 2019 bytes and written 305 bytes
- ---
- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
- Server public key is 2048 bit
- Secure Renegotiation IS supported
- Compression: NONE
- Expansion: NONE
- No ALPN negotiated
- SSL-Session:
- Protocol : TLSv1
- Cipher : ECDHE-RSA-AES256-SHA
- Session-ID: 068AFA7E226F04F9CCE7092415E334828F6C350FC007F812E347C9BDA8563ABB
- Session-ID-ctx:
- Master-Key: 0BC0694C7AB21EC8CB54E58A96293570A01255FE24D789769F756B20FB417C4B
- 5CEFC4D6FAF9A8FA33FC2E3DABA58EA8
- Key-Arg : None
- PSK identity: None
- PSK identity hint: None
- SRP username: None
- TLS session ticket lifetime hint: 36000 (seconds)
- TLS session ticket:
- 0000 - 30 82 02 89 06 09 2a 86-48 86 f7 0d 01 07 03 a0 0.....*.H.......
- 0010 - 82 02 7a 30 82 02 76 02-01 02 31 82 01 7a a2 82 ..z0..v...1..z..
- 0020 - 01 76 02 01 04 30 82 01-38 04 82 01 06 01 00 00 .v...0..8.......
- 0030 - 00 d0 8c 9d df 01 15 d1-11 8c 7a 00 c0 4f c2 97 ..........z..O..
- 0040 - eb 01 00 00 00 3c 1b ee-9c 23 2b 3f 49 b8 25 4c .....<...#+?I.%L
- 0050 - 80 03 3f 2b 5a 00 00 00-00 02 00 00 00 00 00 10 ..?+Z...........
- 0060 - 66 00 00 00 01 00 00 20-00 00 00 53 08 48 1c bc f...... ...S.H..
- 0070 - 51 27 c3 5d d4 e2 12 7d-a4 e8 c3 2e 8d dd 94 77 Q'.]...}.......w
- 0080 - dd 2d 88 ec 2c 3f 08 a7-6d 07 4f 00 00 00 00 0e .-..,?..m.O.....
- 0090 - 80 00 00 00 02 00 00 20-00 00 00 b2 9a 2c d7 9e ....... .....,..
- 00a0 - 4f 6f 2d 26 ea 6f 89 d2-3f df f2 f7 e5 49 70 17 Oo-&.o..?....Ip.
- 00b0 - dc be 6d 72 ad ae 24 37-85 5c 0b 30 00 00 00 60 ..mr..$7.\.0...`
- 00c0 - af 2f 8b e6 cc cf 7b b7-98 d3 99 9c b4 8f 2a ce ./....{.......*.
- 00d0 - 1f 8b cd d5 55 63 c8 5b-d6 c3 45 cb 51 63 2d 7f ....Uc.[..E.Qc-.
- 00e0 - 8d 72 72 d8 97 bd c2 de-0c a2 7d 1e 10 9d 50 40 .rr.......}...P@
- 00f0 - 00 00 00 ac 16 d5 e3 f4-cd 4f df 06 9e 95 17 ed .........O......
- 0100 - 4a 65 be fc 33 53 7e 5b-7e f9 d1 9d 4d 20 2c db Je..3S~[~...M ,.
- 0110 - b2 30 74 90 4a d5 84 20-f7 fc ef f7 79 31 45 fd .0t.J.. ....y1E.
- 0120 - b8 1b 51 6d e3 47 98 80-44 44 49 36 fb 0d fe 1f ..Qm.G..DDI6....
- 0130 - 90 b7 09 30 2c 06 09 2b-06 01 04 01 82 37 4a 01 ...0,..+.....7J.
- 0140 - 30 1f 06 0a 2b 06 01 04-01 82 37 4a 01 08 30 11 0...+.....7J..0.
- 0150 - 30 0f 30 0d 0c 05 4c 4f-43 41 4c 0c 04 75 73 65 0.0...LOCAL..use
- 0160 - 72 30 0b 06 09 60 86 48-01 65 03 04 01 2d 04 28 r0...`.H.e...-.(
- 0170 - bf 48 a8 2f f1 a0 02 c5-37 b7 d8 45 84 2e ad c1 .H./....7..E....
- 0180 - 98 a1 0c 47 4f 49 9a 76-26 04 d8 65 df d5 95 7a ...GOI.v&..e...z
- 0190 - 07 0c f6 7e 48 6d e8 f2-30 81 f2 06 09 2a 86 48 ...~Hm..0....*.H
- 01a0 - 86 f7 0d 01 07 01 30 1e-06 09 60 86 48 01 65 03 ......0...`.H.e.
- 01b0 - 04 01 2e 30 11 04 0c 23-fa c1 7b 2b 8a a9 26 c0 ...0...#..{+..&.
- 01c0 - c8 53 c9 02 01 10 80 81-c4 04 41 80 af 2c ce 8f .S........A..,..
- 01d0 - 55 bb c3 ed 6a dd a5 c8-91 b5 96 83 27 2a 17 b5 U...j.......'*..
- 01e0 - 7f ca a8 73 4f e0 62 76-11 8b 8b 6b c4 82 eb 49 ...sO.bv...k...I
- 01f0 - 17 a6 20 df 9a ef e2 dd-21 c2 c0 59 c4 51 75 4e .. .....!..Y.QuN
- 0200 - 0e d1 f2 c2 0d 71 a2 a3-ef 26 1a 91 91 2c e9 2f .....q...&...,./
- 0210 - 78 80 29 4b e6 79 ab bb-1c 68 e8 bf c4 1c 7b 8b x.)K.y...h....{.
- 0220 - 33 5e 82 eb 17 07 03 c0-c3 e0 78 33 dd e4 86 46 3^........x3...F
- 0230 - e0 f0 da b0 81 b4 1c 18-6e 82 74 85 69 46 ed 79 ........n.t.iF.y
- 0240 - e9 6c fb f2 f9 2d 87 df-d6 d0 23 8b 79 eb aa 19 .l...-....#.y...
- 0250 - 19 fc 45 5a c0 82 3e e8-39 5b d6 20 39 56 0c 2a ..EZ..>.9[. 9V.*
- 0260 - a1 ad c8 4a 5e e0 91 0f-1d de f6 30 90 93 88 c3 ...J^......0....
- 0270 - 24 14 a4 66 e0 86 91 9c-77 75 12 a0 2b 99 53 99 $..f....wu..+.S.
- 0280 - 4b bf a3 fc 3c 31 5e b6-8f 9a a6 c4 31 K...<1^.....1
- Start Time: 1470393705
- Timeout : 7200 (sec)
- Verify return code: 18 (self signed certificate)
- ---
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement