현재 openssl 버전확인
# openssl version
=> OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)
# tls 확인 명령어
openssl s_client -connect domain:port
openssl s_client -connect ip:port
openssl s_client -connect domain:port -tls1_3
openssl s_client -connect domain:port -tls1_2
openssl s_client -connect domain:port -tls1_1
openssl s_client -connect domain:port -tls1
예) www.google.com:443 (구글 테스트)
openssl s_client -connect www.google.com:443
CONNECTED(00000003)
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = www.google.com
verify return:1
---
Certificate chain
0 s:CN = www.google.com
i:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
v:NotBefore: Nov 28 08:19:01 2022 GMT; NotAfter: Feb 20 08:19:00 2023 GMT
1 s:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
i:C = US, O = Google Trust Services LLC, CN = GTS Root R1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 13 00:00:42 2020 GMT; NotAfter: Sep 30 00:00:42 2027 GMT
2 s:C = US, O = Google Trust Services LLC, CN = GTS Root R1
i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jun 19 00:00:42 2020 GMT; NotAfter: Jan 28 00:00:42 2028 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEiTCCA3GgAwIBAgIRAIItupOcy7eoEhJW2Crts2UwDQYJKoZIhvcNAQELBQAw
RjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBM
.........
ojpWgNV83bSQw8jr7FdsAT/BISnk0tLsyjGNRM96PQ0zDaZxv+WXTtWAU/k2/H1n
P6YDK8dpYDx49y2cUA==
-----END CERTIFICATE-----
subject=CN = www.google.com
issuer=C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4295 bytes and written 400 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
---
4087F249A57F0000:error:0A000126:SSL routines:(unknown function):unexpected eof while reading:ssl/record/rec_layer_s3.c:321:
[chnmwas@unplwebwas01 conf]$ openssl s_client -connect www.google.com:443 -tls1_2
CONNECTED(00000003)
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = www.google.com
verify return:1
---
Certificate chain
0 s:CN = www.google.com
i:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
v:NotBefore: Nov 28 08:19:01 2022 GMT; NotAfter: Feb 20 08:19:00 2023 GMT
1 s:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
i:C = US, O = Google Trust Services LLC, CN = GTS Root R1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 13 00:00:42 2020 GMT; NotAfter: Sep 30 00:00:42 2027 GMT
2 s:C = US, O = Google Trust Services LLC, CN = GTS Root R1
i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jun 19 00:00:42 2020 GMT; NotAfter: Jan 28 00:00:42 2028 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEiTCCA3GgAwIBAgIRAIItupOcy7eoEhJW2Crts2UwDQYJKoZIhvcNAQELBQAw
RjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBM
.....
25yJJFZo3OfOipA7KnmX0dvawAWK4W0K8mQYIU4olHMAKLrBcXOlOTOWlp47Wm/Z
ojpWgNV83bSQw8jr7FdsAT/BISnk0tLsyjGNRM96PQ0zDaZxv+WXTtWAU/k2/H1n
P6YDK8dpYDx49y2cUA==
-----END CERTIFICATE-----
subject=CN = www.google.com
issuer=C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4487 bytes and written 296 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.2, Cipher is ECDHE-ECDSA-CHACHA20-POLY1305
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-CHACHA20-POLY1305
Session-ID: 748488D9B80F13BC8F78FFF0616BA29DDFE1A8B36CD43D36161AA024F77CD496
Session-ID-ctx:
Master-Key: 6E798498FD12E45227B51A9DC1E67E04E6570BBED088BD15543FE3CB06A732815B8017D9A6693D801B4F020078B93972
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 100800 (seconds)
TLS session ticket:
0000 - 02 ca 7e 41 e5 62 02 61-a1 f2 84 19 47 24 96 33 ..~A.b.a....G$.3
0010 - .............
00e0 - 6b 59 46 9a 36 kYF.6
Start Time: 1672034181
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Extended master secret: yes
---SSL Server Test
온라인 ssl 및 tls 점검
https://www.ssllabs.com/ssltest/index.html
SSL Server Test (Powered by Qualys SSL Labs)
SSL Server Test This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet. Please note that the information you submit here is used only to provide you the service. We don't use the domain names or
www.ssllabs.com
'Server > linux' 카테고리의 다른 글
| [nginx robots 설정] nginx 에서 robots.txt 파일 별도 지정 (0) | 2023.04.06 |
|---|---|
| [nginx ssl 설정] nginx ssl 설정 및 경고 메세지 처리 (0) | 2022.12.27 |
| [Linux 사용자 관리 명령] useradd, usermod 및 userdel 명령 (0) | 2022.12.27 |
| [리눅스명령어] 사용자 목록확인 (How to List Users in Linux) (0) | 2022.08.25 |