Reading "TLS Mastery" by Michael W Lucas.

I have read "TLS Mastery" by Michael W Lucas.

It is not a bad introduction into openssl and TLS, but I feel that his book on SSH is better.

1. Review

So, I found that I had to read an introduction into TLS when I failed to generate a self-signed certificate for a simple setup at work, which needed a few TLS certificates to place a stupid piece of software which refused to work without them.

The system was completely closed-circuit, none of that stuff was required or even beneficial for my use-case, but since Open Source is obsessed with cryptomania and is extremely keen on embedding it into everything which falls into their hands, I thought that it is worth learning a few bits.

I had already known that Lucas is good at reading man pages aloud (or rather rewriting their dry and terse language into something much more palatable, having a structure and a narrative), I resorted to reading his book "TLS Mastery".

What can I say? It is not a bad book, but I am feeling that it over-complicates things.

It is true that TLS is over-complicated by design, and Lucas actually does a decent job introducing the needless but unavoidable complexities, I am feeling that he buys into the TLS complexity too much, taking it at face value and not simplifying where it is possible to simplify things.

On the other hand, I am writing this from a position of someone who has already spent time on fighting with TLS certificates for some time.

The books essentially consists of four parts:

  1. Introducing TLS, vocabulary, and notation.
  2. Describing keypair generation and those few cryptography parameters which might be of use for a practitioner.
  3. Getting certificates signed by an automated service like Let's Encrypt.
  4. Running one's own Certificate Authority, which is not an organisation, but a set of scripts.

The last part is introduced in great detail, and describes every step of this potentially overbearing process, but does not give a few "simple and straightforward" commands to plug into your script and placate the pesky software which just needs encryption for whatever reason.

Anyway, the last part of 2 in this file gives one for you.

In any case, the book is short, the language is lively and rich with metaphors, so it is a fun read anyway.

The language is, maybe, even a little bit too simple and approachable, for me, but this is not necessarily bad, because nowadays everyone has to be a little bit of a sysadmin, even though for most of us it is not an activity of choice but an unfortunate necessity, and therefore treating us all as ignorant newbies is a good thing, not bad.

2. Notes

2.2. Simple request

openssh s_client is a TLS-aware telnet/netcat, similar to stunnel 

openssl s_client -showcerts -connect www.baidu.com:443 <<EOF
GET / HTTP/1.1
EOF

2.3. Understanding the crypto system

2.3.1. HMAC

HMAC is essentially a signature. Hash-based Message Authentication Code. Message -> hash(message) -> privkey_enc(hash(message)) -> short signature/hmac

check correct if hash(message)==pubkey_dec(hmac)

But there may be other methods to generate the HMAC

Again, they are used during stream exchange to encrypt every block, not during key exchange (even though key exchange needs a signature too).

2.3.2. Algorithms

  1. Key Exchange
    openssl ciphers -v 'ALL:COMPLEMENTOFALL' | awk '{print $3;}' | sort | uniq

    Kx=DH Kx=DHEPSK Kx=ECDH Kx=ECDHEPSK Kx=PSK Kx=RSA Kx=RSAPSK Kx=any Kx=SRP

    https://openssl-users.openssl.narkive.com/N0eGKnwY/ecdh-vs-ecdhe

    1. ECDHE :: Elliptic Curve Diffie Hellman Ephemeral (no, the last E is NOT "Exchange")
    2. ECDHEPSK :: Not sure, I think it is ECDHE, but with some unfair optimisations
    3. ECDH :: Elliptic Curve Diffie Hellman (same key persists over the session)
    4. RSA :: Rivest Shamir Adleman
    5. RSAPSK :: -//-
    6. DH :: Diffie Hellman (not Elliptic)
    7. DHE :: Diffie Hellman Ephemeral
    8. DHEPSK :: -//-
    9. SRP :: Some obscure stuff from 1997 "Secure Remote Password protocol (SRP) is an augmented password-authenticated key exchange (PAKE) protocol"

    Surprisingly, Curve25519 is missing.

  2. Authentication
    openssl ciphers -v 'ALL:COMPLEMENTOFALL' | awk '{print $4;}' | sort | uniq

    Au=DSS Au=ECDSA Au=None Au=PSK Au=RSA Au=any

    1. ECDSA :: Elliptic Curve Digital Signature Algorithm
    2. RSA :: -//-
    3. DSA :: -//-, 1991

    Missing ciphers o_O?

    1. EdDSA :: Edwards' DSA, why is it missing?
  3. Symmetric Encryption with Method
    openssl ciphers -v 'ALL:COMPLEMENTOFALL' | awk '{print $5;}' | sort | uniq

    Enc=AES(128) Enc=AES(256) Enc=AESCCM(128) Enc=AESCCM(256) Enc=AESCCM8(128) Enc=AESCCM8(256) Enc=AESGCM(128) Enc=AESGCM(256) Enc=ARIAGCM(128) Enc=ARIAGCM(256) Enc=CHACHA20/POLY1305(256) Enc=Camellia(128) Enc=Camellia(256) Enc=IDEA(128) Enc=None Enc=SEED(128)

    1. AES :: Rijndael 2002, a "new" standard when DES was broken.
    2. ARIA :: South Korean AES 2003
    3. ChaCha20-Poly1305 :: Bernstein's cipher from 2005/2008, ChaCha20 works only in AEAD with Poly1305, I don't know why
    4. Camellia :: NTT/Mitsubishi candidate for AES, 2000
    5. IDEA :: 1991, First replacement for DES
    6. SEED :: South Korean cipher from 1998

    Missing

    1. Deprecated DES/3DES :: Digital Encryption Standard, 56 bit
    2. Deprecated RC2 :: 1987, Rivest Cipher 2
    3. Deprecated RC4 :: 1987, Rivest Cipher 4 40-2048 bits, nowadays seldom used
    4. Salsa20
    5. XChaCha20

    Methods are extensively covered in Bruce Schneier's book.

    BlockCipherModesofOperation.svg
    1. CBC :: Cipher block chaining https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CBC
    2. CCM :: Counter with cipher block chaining message authentication code
    3. CCM_8 :: CCM with different authentication tag, 8 bytes (not bits)
    4. GCM :: Galois Counter Mode
  4. Message Authentication Code (MAC, Hash-based MAC (HMAC))
    openssl ciphers -v 'ALL:COMPLEMENTOFALL' | awk '{print $6;}' | sort | uniq

    Mac=AEAD Mac=MD5 Mac=SHA1 Mac=SHA256 Mac=SHA384

    AEAD is not a separate algorithm, it means that Message Authentication is built into encryption. 

    openssl ciphers -v  | grep -F 1.3

    TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD

    The suffix is SHA256, but Mac=AEAD. facepalm

2.3.3. Perfect Forward Secrecy

Inability to decrypt a full session dump even if a key is recovered later.

2.4. File formats

2.4.1. Serialisation

ASN.1 and OID.

ASN.1 is used for encoding:

  1. X.500 directory structure
  2. X.509 (TLS and similar) certificates
  3. LDAP
  4. SNMP

Not sure if it is much better than protobuf, but this is a decision taken years ago.

ASN.1 is a syntactic notation, and needs a "lexical syntax" encoding.

  1. DER :: Distinguished Encoding Rules, a binary format for ASN.1
  2. PEM :: Privacy-Enanced Mail, a text format for ASN.1, headers+base64(der)
  3. pkcs12 :: usually cert+key+chain in one file, with .p12 ext

2.4.2. Working with keys

  1. openssl rsa :: working with rsa keys
  2. openssl ec :: working with elliptic curves, dsa keys
  3. openssl x509 :: working with x509 certs
  4. openssl pkcs12 :: working with pkcs12 cert archives

Funny, if you give openssl a "bundle", a lump of certificates, it only processes the first one, but gnutls (certtool) processes all of them.

How to save a website cert and chain into a file? 

openssl s_client -connect www.baidu.com:443 -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM > file.pem

openssl s_client -showcerts -connect www.rabobank.nl:443 </dev/null 2>/dev/null | openssl x509 -noout -text

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:0f:97:a1:9b:b1:9a:2d:d6:10:b9:82:df:f7:23:b6
        Signature Algorithm: ecdsa-with-SHA256
        Issuer: C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo ECC Extended Validation Secure Server CA
        Validity
            Not Before: Apr  1 00:00:00 2025 GMT
            Not After : Apr  1 23:59:59 2026 GMT
        Subject: serialNumber = 30046259, jurisdictionC = NL, businessCategory = Private Organization, C = NL, ST = Utrecht, O = Cooperatieve Rabobank U.A., CN = rabobank.nl
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:fa:72:7e:f6:30:8f:ad:f4:5e:d7:47:05:35:5a:
                    ae:cf:63:4b:4e:4c:4b:8f:f6:e6:c2:93:6c:bf:61:
                    7e:4c:a1:71:2d:5a:c5:0d:49:bc:4d:c5:be:5b:33:
                    03:26:7c:de:b3:37:6b:bd:9b:47:be:65:94:df:bb:
                    9e:d1:e2:fb:b1
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:EF:C1:2A:95:0C:32:DA:FB:73:30:DC:8A:13:D8:15:4B:F7:13:E8:F8

            X509v3 Subject Key Identifier: 
                2A:F2:1C:C8:05:79:FA:45:42:12:5B:77:64:3A:21:15:A8:CC:32:A5
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.6449.1.2.1.5.1
                  CPS: https://sectigo.com/CPS
                Policy: 2.23.140.1.1

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.sectigo.com/SectigoECCExtendedValidationSecureServerCA.crl

            Authority Information Access: 
                CA Issuers - URI:http://crt.sectigo.com/SectigoECCExtendedValidationSecureServerCA.crt
                OCSP - URI:http://ocsp.sectigo.com

            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 96:97:64:BF:55:58:97:AD:F7:43:87:68:37:08:42:77:
                                E9:F0:3A:D5:F6:A4:F3:36:6E:46:A4:3F:0F:CA:A9:C6
                    Timestamp : Apr  1 13:36:49.891 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:2E:80:F4:58:61:1D:DF:B7:BB:0F:AA:B7:
                                4C:A3:B8:F7:4C:E2:F2:D1:73:CE:2A:26:42:F7:83:93:
                                42:35:72:F1:02:20:6E:A0:4B:FA:72:3D:EB:55:F3:8A:
                                F8:97:7C:B1:E4:A3:AD:33:9C:21:25:DA:14:48:A5:9B:
                                7D:C7:E4:78:9D:11
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 19:86:D4:C7:28:AA:6F:FE:BA:03:6F:78:2A:4D:01:91:
                                AA:CE:2D:72:31:0F:AE:CE:5D:70:41:2D:25:4C:C7:D4
                    Timestamp : Apr  1 13:36:49.859 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:2C:C5:F2:D4:94:D0:44:7D:48:BA:27:C0:
                                44:2E:6A:57:01:16:4F:5B:54:A7:65:B9:44:4F:D5:BA:
                                2B:78:03:9A:02:21:00:8E:EC:5C:3F:32:08:E2:0C:DC:
                                7C:FE:53:E1:F1:2F:1A:D4:78:18:40:83:4F:31:26:99:
                                D3:3B:2B:B6:68:31:FC
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 0E:57:94:BC:F3:AE:A9:3E:33:1B:2C:99:07:B3:F7:90:
                                DF:9B:C2:3D:71:32:25:DD:21:A9:25:AC:61:C5:4E:21
                    Timestamp : Apr  1 13:36:49.889 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:D1:3C:38:FB:A8:A4:21:72:36:92:C2:
                                D1:EA:14:98:94:FA:C1:79:67:60:CD:4C:95:77:AC:10:
                                4F:BB:C2:95:31:02:20:47:39:49:5E:C2:46:CB:BC:97:
                                FE:97:2F:B3:81:44:1C:D7:A8:1D:13:BE:2F:E4:6E:EF:
                                92:E4:53:1A:94:44:A2
            X509v3 Subject Alternative Name: 
                DNS:rabobank.nl, DNS:www.rabobank.nl
    Signature Algorithm: ecdsa-with-SHA256
         30:44:02:20:1e:00:23:53:80:75:3f:19:f4:38:8f:00:bb:6a:
         5f:f2:27:db:56:2e:ca:4c:d3:96:40:84:08:4d:11:aa:b0:f7:
         02:20:43:0e:64:a1:63:37:6b:14:26:ce:a5:91:14:36:72:50:
         3e:fe:35:8e:4f:d5:43:c0:fd:ae:b5:66:8c:ec:fa:72

The above is an Extended Validation certificate, which has not just a domain name in the Subject, but the country and the business name.

2.5. Signing and Encryption

We do not use Public Key Encryption any more.

We use Public Key Signing, and apply it to obtaining Symmetric Encryption Keys using Diffie-Hellman.

So even if your certificate is invalid for signing, it does not mean that the key is not good for organising an encrypted communication link. (It probably does not work for asynchronous encryption, such as email or ordinary mail.)

2.6. Revocation

  1. openssl crl
curl 'http://crl.sectigo.com/SectigoECCExtendedValidationSecureServerCA.crl' | openssl  crl -inform DER -noout -text

Certificate Revocation List (CRL):
        Version 2 (0x1)
        Signature Algorithm: ecdsa-with-SHA256
        Issuer: C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo ECC Extended Validation Secure Server CA
        Last Update: May 22 13:01:18 2025 GMT
        Next Update: May 29 13:01:18 2025 GMT
        CRL extensions:
            X509v3 Authority Key Identifier: 
                keyid:EF:C1:2A:95:0C:32:DA:FB:73:30:DC:8A:13:D8:15:4B:F7:13:E8:F8

            X509v3 CRL Number: 
                2461
Revoked Certificates:
    Serial Number: F68D62FBF1623665C9CCD6C71A5549DE
        Revocation Date: Jun 10 15:00:25 2024 GMT
    Serial Number: 054D37B37752D9AE48F5292AFB1AD799
        Revocation Date: Sep  9 12:52:04 2024 GMT
    Serial Number: 7FC8A4C765F72B86725390B2D79F4E5B
        Revocation Date: Sep 25 13:35:00 2024 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                Superseded
    Serial Number: 50E07CD40E1358AC8AA8EA336D365833
        Revocation Date: Oct  1 23:55:55 2024 GMT
    Serial Number: 7BD6D2B8666F79C9022CCDE3FA26839D
        Revocation Date: Oct  1 23:55:56 2024 GMT
    Serial Number: 9BC21C5B7E1D909B9E3F9ADFC4DA0DF3
        Revocation Date: Oct  4 13:37:30 2024 GMT
    Serial Number: B671F7363552EDAA2EC68D4A5852AD15
        Revocation Date: Oct 21 12:22:24 2024 GMT
    Serial Number: 5AB252C6DB13A335E40CA6E10985A7AB
        Revocation Date: Oct 22 09:24:52 2024 GMT
    Serial Number: 085A9DC7B48A82CB52BCFC2E99628979
        Revocation Date: Oct 23 11:43:24 2024 GMT
    Serial Number: B7321C7A2C5CCF8DE73E982BA44748C1
        Revocation Date: Feb 21 14:12:52 2025 GMT
    Serial Number: 35641F6F81DC2639A810DC1A53AF04F4
        Revocation Date: Mar  5 19:24:59 2025 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                Superseded
    Serial Number: 21927D6ADA83B7617F367BE59798976E
        Revocation Date: Mar  5 19:25:19 2025 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                Superseded
    Serial Number: 3606E08FFCAF6E809BAB0632C6722A73
        Revocation Date: Mar  5 19:25:43 2025 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                Superseded
    Serial Number: 6D305EA71C9749936EBE6082F0A7F555
        Revocation Date: Mar 27 09:48:55 2025 GMT
    Serial Number: B80F154F16A648C32F9D218B14A5724C
        Revocation Date: Mar 31 18:53:03 2025 GMT
    Serial Number: 9BE747179EA0A5898DA46AC68E89D2E4
        Revocation Date: Apr 16 13:23:21 2025 GMT
    Serial Number: 6E5BE0F63B29A51737DA8C1DD9F88D40
        Revocation Date: Apr 17 22:05:17 2025 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                Cessation Of Operation
    Serial Number: 6D2A42743E9A0BEAA26E227A550AB29C
        Revocation Date: Apr 28 14:41:52 2025 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                Cessation Of Operation
    Signature Algorithm: ecdsa-with-SHA256
         30:44:02:20:75:78:f1:55:ee:6b:5e:06:5c:cf:fd:1f:3b:ce:
         7e:c8:0a:bb:44:44:02:12:37:11:85:5d:9c:41:be:f2:65:ae:
         02:20:6d:13:bc:00:b4:58:31:85:9e:14:10:0f:e3:32:6e:62:
         85:6a:7f:57:6a:9d:b2:af:bd:96:86:fd:7b:4f:a1:1c

2.7. Negotiation

openssl s_client -crlf -tls1_2 -connect baidu.com:443 </dev/null 2>&1

depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = "DigiCert, Inc.", CN = DigiCert Secure Site Pro G2 TLS CN RSA4096 SHA256 2022 CA1
verify return:1
depth=0 C = CN, ST = \E5\8C\97\E4\BA\AC\E5\B8\82, O = "BeiJing Baidu Netcom Science Technology Co., Ltd", CN = www.baidu.cn
verify return:1
CONNECTED(00000008)
---
Certificate chain
 0 s:C = CN, ST = \E5\8C\97\E4\BA\AC\E5\B8\82, O = "BeiJing Baidu Netcom Science Technology Co., Ltd", CN = www.baidu.cn
   i:C = US, O = "DigiCert, Inc.", CN = DigiCert Secure Site Pro G2 TLS CN RSA4096 SHA256 2022 CA1
 1 s:C = US, O = "DigiCert, Inc.", CN = DigiCert Secure Site Pro G2 TLS CN RSA4096 SHA256 2022 CA1
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
 2 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIIlzCCBn+gAwIBAgIQD41nR/OhQo95k3ouSXk0KDANBgkqhkiG9w0BAQsFADBr
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQzBBBgNVBAMT
OkRpZ2lDZXJ0IFNlY3VyZSBTaXRlIFBybyBHMiBUTFMgQ04gUlNBNDA5NiBTSEEy
NTYgMjAyMiBDQTEwHhcNMjUwMjEyMDAwMDAwWhcNMjYwMzAzMjM1OTU5WjBzMQsw
CQYDVQQGEwJDTjESMBAGA1UECAwJ5YyX5Lqs5biCMTkwNwYDVQQKEzBCZWlKaW5n
IEJhaWR1IE5ldGNvbSBTY2llbmNlIFRlY2hub2xvZ3kgQ28uLCBMdGQxFTATBgNV
BAMTDHd3dy5iYWlkdS5jbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
ANugve9PaRllDOS4+X6lmki6d0pBR2xa5N5TY/2nU7asjQRoowyuD0c5d6lAoibl
z4KaeglV9yjTD/Z6kkbwmj/G5ckMdvZ1t2TH9zqrsvD4sHCJjdCfJhFm2zF4OyU3
7bnh7J0UpjcjzkIWV6ZqpYy68FNBhxYDzUwECABHzR8/x9GG8kfS2y0NDT6pu+Ky
/v+XLKbLj6OXWFdgstRKXgJ6G0fxpPhxyHjsLWLVpXMfTuGa0IvDuBAaWUpOyOp6
v2fpnNKP9VAfLpJMJsgBb7QVmYEscd0C76LPZ8QupvbtiWTKCH86UweOY0RWUh/2
L16CaKFckpz+4BgARtspVtUCAwEAAaOCBC0wggQpMB8GA1UdIwQYMBaAFOFsw5SF
b+dBL1V6M32PX7YgUDYVMB0GA1UdDgQWBBRRok2im6uS1qk+tBoyHaONJ14WKTCB
9AYDVR0RBIHsMIHpggx3d3cuYmFpZHUuY26CCGJhaWR1LmNuggliYWlkdS5jb22C
DGJhaWR1LmNvbS5jboILdy5iYWlkdS5jb22CDHd3LmJhaWR1LmNvbYIQd3d3LmJh
aWR1LmNvbS5jboIQd3d3LmJhaWR1LmNvbS5oa4IMd3d3LmJhaWR1LmhrghB3d3cu
YmFpZHUubmV0LmF1ghB3d3cuYmFpZHUubmV0LnBoghB3d3cuYmFpZHUubmV0LnR3
ghB3d3cuYmFpZHUubmV0LnZugg53d3d3LmJhaWR1LmNvbYIRd3d3dy5iYWlkdS5j
b20uY24wPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDov
L3d3dy5kaWdpY2VydC5jb20vQ1BTMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU
BggrBgEFBQcDAQYIKwYBBQUHAwIwXAYDVR0fBFUwUzBRoE+gTYZLaHR0cDovL2Ny
bC5kaWdpY2VydC5jbi9EaWdpQ2VydFNlY3VyZVNpdGVQcm9HMlRMU0NOUlNBNDA5
NlNIQTI1NjIwMjJDQTEuY3JsMIGSBggrBgEFBQcBAQSBhTCBgjAjBggrBgEFBQcw
AYYXaHR0cDovL29jc3AuZGlnaWNlcnQuY24wWwYIKwYBBQUHMAKGT2h0dHA6Ly9j
YWNlcnRzLmRpZ2ljZXJ0LmNuL0RpZ2lDZXJ0U2VjdXJlU2l0ZVByb0cyVExTQ05S
U0E0MDk2U0hBMjU2MjAyMkNBMS5jcnQwDAYDVR0TAQH/BAIwADCCAX4GCisGAQQB
1nkCBAIEggFuBIIBagFoAHYADleUvPOuqT4zGyyZB7P3kN+bwj1xMiXdIaklrGHF
TiEAAAGU+RfM4wAABAMARzBFAiBBJjCKso+A6d+o0MMRnWEpYq5dMR2DuJo6mJk+
HDIFvAIhAMtz1Ix2SIlFew3WPahi1YnH5LhZjcfMmBtWxWeeq8FtAHYAZBHEbKQS
7KeJHKICLgC8q08oB9QeNSer6v7VA8l9zfAAAAGU+RfNIAAABAMARzBFAiB6FmgL
IFKV+n4Ook6Z7ngweREUpJhRVjQQ8d4Huss9OQIhAM+HihT8LiftaPkbNUaLkOO8
FkKMSOAFL1Fi82T53fEaAHYASZybad4dfOz8Nt7Nh2SmuFuvCoeAGdFVUvvp6ynd
+MMAAAGU+RfNOQAABAMARzBFAiBf0Fj9+VSVmJIvrjVeSa/Jppcrw52PvqWOQaRS
H9OnrAIhAJvSf8uTVrt5wJV9nCLXNM9lM7KzieAedSpt1Z/m8uqEMA0GCSqGSIb3
DQEBCwUAA4ICAQBmsknr6XATyiEkC9+l6Vd1rOIoZuNnyVUXgSNe4FIeIxRgV7yK
Nua2y94uQHB5CkbCh2NIupM5fftAKBdyeTlW1eqCLsNVXTxcaR/C+NDFIsRp98r7
Izv4fFcaa5HQc86GFD4yMI3sBea2BP0ceUnEXSUMPr5vM7+6VVi2vBrgDHRTxyfr
8ZzsvYutyL04lsQFsIIJ21luAvVRIpA9UMj43Y3KMOLsQnjsoicRmLbf1FWm5M/y
kl+Os7IWwqbaILjJr9dkgDUFYTifRcVdehxirb2lafvtTm6pSBZvfdAlADvVtdPO
DopU2AePbhtmOqI3xqNtzubtPFYmH/tA7ROZwtrAsZXh2+cgdo5DA5oK1zFCuv1X
QBdDvAOdxGyZDNI4qVxmSn1XnAj4344W8GpLW3qWc5GmS75Sl2jPzUcijqqHIsLg
PKU9vfPfItlnAVLEQUZLZ1VDWcCR/rzvYXdqNHfSF2XKzY0BO+SgZ16GPf75rDlC
Qa8ZjQcaG4l5pXDdHqfUobC0lXxOFlrUuL7VbQ9xdfszctPbRWjWcRchiu/+2b/0
6vSIZwGzlvHum1/fr0jzzb1NH7+0ripdYSZpr5bkH55FiYV+TfSWvzk3iXx+QHQH
79ciq5i7ls8IId2SNzcJ6r/SqN03ukj3oOUC0Y3r+whc7f28H5jK/uf/0g==
-----END CERTIFICATE-----
subject=C = CN, ST = \E5\8C\97\E4\BA\AC\E5\B8\82, O = "BeiJing Baidu Netcom Science Technology Co., Ltd", CN = www.baidu.cn

issuer=C = US, O = "DigiCert, Inc.", CN = DigiCert Secure Site Pro G2 TLS CN RSA4096 SHA256 2022 CA1

---
No client certificate CA names sent
Peer signing digest: SHA512
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5531 bytes and written 338 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 8528DF68F938AD4BDFBB93769E99CB39D10D5F6052DD606D0C3C32BCA0152D45
    Session-ID-ctx: 
    Master-Key: BB69A85A7F9DB25C7C8FE1BB68D33D5987CE4F7BCBD321189485952B396E5994CE35DC49BD5A2E0CA19C5B1436499705
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 72000 (seconds)
    TLS session ticket:
    0000 - f3 5a 68 38 69 0a 42 7e-86 4a ba 21 56 60 9a 0e   .Zh8i.B~.J.!V`..
    0010 - 62 0c f2 2e e4 cb 47 98-2d 24 92 9f c0 a6 65 a2   b.....G.-$....e.
    0020 - b6 2b 0c cf bc c5 0b 58-d9 77 88 6e 84 f0 0e dd   .+.....X.w.n....
    0030 - 55 a0 3c 88 37 d2 af 93-aa e1 3a c6 74 0d 42 19   U.<.7.....:.t.B.
    0040 - e1 a8 11 29 85 47 82 d5-1b 2b 4d d1 98 50 fb e5   ...).G...+M..P..
    0050 - c3 b0 5a 6d f3 c2 eb 61-2e 77 05 e4 70 b6 53 66   ..Zm...a.w..p.Sf
    0060 - fd 6c 53 0e f0 56 a1 27-90 49 c0 ca 3a 3c 3e b5   .lS..V.'.I..:<>.
    0070 - b7 58 6a f6 ac 25 4b 97-82 28 6c d0 0b 8f 4f 85   .Xj..%K..(l...O.
    0080 - 4b be 10 76 f7 6e 32 4d-f3 0b 33 d9 8c 8b fd de   K..v.n2M..3.....
    0090 - a1 61 2e 76 8c 7f 49 e7-5b a2 cc 60 44 99 eb 02   .a.v..I.[..`D...
    00a0 - 43 4f fe b8 5d a1 5b 8c-27 fc 15 1f b9 af 4d 6a   CO..].[.'.....Mj

    Start Time: 1747984221
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
DONE

openssl s_client -crlf -connect microsoft.com:443 </dev/null 2>&1

depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 07
verify return:1
depth=0 C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = microsoft.com
verify return:1
CONNECTED(00000008)
---
Certificate chain
 0 s:C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = microsoft.com
   i:C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 07
 1 s:C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 07
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIX/jCCFeagAwIBAgITMwHcJgjNfZPjbA8h7QAAAdwmCDANBgkqhkiG9w0BAQwF
ADBdMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
MS4wLAYDVQQDEyVNaWNyb3NvZnQgQXp1cmUgUlNBIFRMUyBJc3N1aW5nIENBIDA3
MB4XDTI1MDUxMjA1MDIyNVoXDTI1MTEwODA1MDIyNVowZDELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv
ZnQgQ29ycG9yYXRpb24xFjAUBgNVBAMTDW1pY3Jvc29mdC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmPRwEUpxujh+9TnkarQyW6a1gJWsNVHFa
vDX0Xhf0+7Hd+67bhGfGJHkx6h75E4tuFAX4eWDgrTV99RiSbheCKfBzkJFcrBxd
W9Ag30KfjmBimuNIIGSwaTu7RbBhkzSncR9G743xZR97ZrRv9AppKRp/ilvuRjwC
ai76GWNfATPjveWL9H6gGexDNgiyzaioYozykp11u94fJvTIHlExtfoVeMKkQYhH
iGZ5PWGEzYhj8YIXFlu/neT1tGjNzsdP6HAfR1l2G4RYI1Jd6F9hBR7W+HmpBxHO
o9Tio0rn7CwNcrj2zgxANRGVu07JLyCWvAo6ncSntLKLGI8luCIBAgMBAAGjghOu
MIITqjCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHYA3dzKNJXX4RYF55Uy+sef
+D0cUN/bADoUEnYKLKy7yCoAAAGWwuilLwAABAMARzBFAiEAvC6oatUhqBkjpW4Q
U4e3Y/e1fAhkT5H+NeHb3JgZu8ICICHV4M+ti4V8kZZd9MkBWeRibL3/5QFK+n2b
9UafMAFvAHYAfVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGWwuil
oQAABAMARzBFAiEAv4ISi9QSpwj+z6Na5vlUMrKKLewAZaxxfcK4UUX7mOECIFSB
XJs6CF7txFWvx311RDs14PiK0/4Gp2hA0PRAU5/KAHYAEvFONL1TckyEBhnDjz96
E/jntWKHiJxtMAWE6+WGJjoAAAGWwuilCwAABAMARzBFAiEAzNMr40YnIDI36H7N
3oGbJfP2z6oPFBxPwGUMy4eiCkQCIADGUTflg/VNEXbkn5ca+ZIpK1G1FdtlBV4/
HjGlmwwkMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEw
PAYJKwYBBAGCNxUHBC8wLQYlKwYBBAGCNxUIh73XG4Hn60aCgZ0ujtAMh/DaHV2C
q+cwh+3xHwIBZAIBLTCBtAYIKwYBBQUHAQEEgacwgaQwcwYIKwYBBQUHMAKGZ2h0
dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIw
QXp1cmUlMjBSU0ElMjBUTFMlMjBJc3N1aW5nJTIwQ0ElMjAwNyUyMC0lMjB4c2ln
bi5jcnQwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vbmVvY3NwLm1pY3Jvc29mdC5jb20v
b2NzcDAdBgNVHQ4EFgQUUCq83upFRUuEEK81AUCWJKa+WzUwDgYDVR0PAQH/BAQD
AgWgMIIPtQYDVR0RBIIPrDCCD6iCDW1pY3Jvc29mdC5jb22CD3MubWljcm9zb2Z0
LmNvbYIQZ2EubWljcm9zb2Z0LmNvbYIRYWVwLm1pY3Jvc29mdC5jb22CEWFlci5t
aWNyb3NvZnQuY29tghFncnYubWljcm9zb2Z0LmNvbYIRaHVwLm1pY3Jvc29mdC5j
b22CEW1hYy5taWNyb3NvZnQuY29tghFta2IubWljcm9zb2Z0LmNvbYIRcG1lLm1p
Y3Jvc29mdC5jb22CEXBtaS5taWNyb3NvZnQuY29tghFyc3MubWljcm9zb2Z0LmNv
bYIRc2FyLm1pY3Jvc29mdC5jb22CEXRjby5taWNyb3NvZnQuY29tghJmdXNlLm1p
Y3Jvc29mdC5jb22CEmllYWsubWljcm9zb2Z0LmNvbYISbWFjMi5taWNyb3NvZnQu
Y29tghJtY3NwLm1pY3Jvc29mdC5jb22CEm9wZW4ubWljcm9zb2Z0LmNvbYISc2hv
cC5taWNyb3NvZnQuY29tghJzcHVyLm1pY3Jvc29mdC5jb22CE2l0cHJvLm1pY3Jv
c29mdC5jb22CE21hbmdvLm1pY3Jvc29mdC5jb22CE211c2ljLm1pY3Jvc29mdC5j
b22CE3B5bWVzLm1pY3Jvc29mdC5jb22CE3N0b3JlLm1pY3Jvc29mdC5jb22CFGFl
dGhlci5taWNyb3NvZnQuY29tghRhbGVydHMubWljcm9zb2Z0LmNvbYIUZGVzaWdu
Lm1pY3Jvc29mdC5jb22CFGdhcmFnZS5taWNyb3NvZnQuY29tghRnaWdqYW0ubWlj
cm9zb2Z0LmNvbYIUbXNjdGVjLm1pY3Jvc29mdC5jb22CFG9ubGluZS5taWNyb3Nv
ZnQuY29tghRzdHJlYW0ubWljcm9zb2Z0LmNvbYIVYWZmbGluay5taWNyb3NvZnQu
Y29tghVjb25uZWN0Lm1pY3Jvc29mdC5jb22CFWRldmVsb3AubWljcm9zb2Z0LmNv
bYIVZG9tYWlucy5taWNyb3NvZnQuY29tghVleGFtcGxlLm1pY3Jvc29mdC5jb22C
FW1hZGVpcmEubWljcm9zb2Z0LmNvbYIVbXNkbmlzdi5taWNyb3NvZnQuY29tghVt
c3ByZXNzLm1pY3Jvc29mdC5jb22CFXd3dy5hZXAubWljcm9zb2Z0LmNvbYIVd3d3
LmFlci5taWNyb3NvZnQuY29tghV3d3diZXRhLm1pY3Jvc29mdC5jb22CFmJ1c2lu
ZXNzLm1pY3Jvc29mdC5jb22CFmVtcHJlc2FzLm1pY3Jvc29mdC5jb22CFmxlYXJu
aW5nLm1pY3Jvc29mdC5jb22CFm1zZG53aWtpLm1pY3Jvc29mdC5jb22CFm9wZW5u
ZXNzLm1pY3Jvc29mdC5jb22CFnBpbnBvaW50Lm1pY3Jvc29mdC5jb22CFnNuYWNr
Ym94Lm1pY3Jvc29mdC5jb22CFnNwb25zb3JzLm1pY3Jvc29mdC5jb22CFnN0YXRp
b25xLm1pY3Jvc29mdC5jb22CF2Fpc3Rvcmllcy5taWNyb3NvZnQuY29tghdjb21t
dW5pdHkubWljcm9zb2Z0LmNvbYIXY3Jhd2xtc2RuLm1pY3Jvc29mdC5jb22CF2lv
dHNjaG9vbC5taWNyb3NvZnQuY29tghdtZXNzZW5nZXIubWljcm9zb2Z0LmNvbYIX
bWluZWNyYWZ0Lm1pY3Jvc29mdC5jb22CGGJhY2tvZmZpY2UubWljcm9zb2Z0LmNv
bYIYZW50ZXJwcmlzZS5taWNyb3NvZnQuY29tghhpb3RjZW50cmFsLm1pY3Jvc29m
dC5jb22CGHBpbnVuYmxvY2subWljcm9zb2Z0LmNvbYIYcmVyb3V0ZTQ0My5taWNy
b3NvZnQuY29tghljb21tdW5pdGllcy5taWNyb3NvZnQuY29tghlleHBsb3JlLXNt
Yi5taWNyb3NvZnQuY29tghlleHByZXNzaW9ucy5taWNyb3NvZnQuY29tghlvbmRl
cm5lbWVycy5taWNyb3NvZnQuY29tghl0ZWNoYWNhZGVteS5taWNyb3NvZnQuY29t
ghl0ZXJyYXNlcnZlci5taWNyb3NvZnQuY29tghpjb21tdW5pdGllczIubWljcm9z
b2Z0LmNvbYIaY29ubmVjdGV2ZW50Lm1pY3Jvc29mdC5jb22CGmRhdGFwbGF0Zm9y
bS5taWNyb3NvZnQuY29tghplbnRyZXByZW5ldXIubWljcm9zb2Z0LmNvbYIaaHhk
LnJlc2VhcmNoLm1pY3Jvc29mdC5jb22CGm1zcGFydG5lcmlyYS5taWNyb3NvZnQu
Y29tghpteWRhdGFoZWFsdGgubWljcm9zb2Z0LmNvbYIab2VtY29tbXVuaXR5Lm1p
Y3Jvc29mdC5jb22CGnJlYWwtc3Rvcmllcy5taWNyb3NvZnQuY29tghp3d3cuZm9y
bXNwcm8ubWljcm9zb2Z0LmNvbYIbZnV0dXJlZGVjb2RlZC5taWNyb3NvZnQuY29t
ght1cGdyYWRlY2VudGVyLm1pY3Jvc29mdC5jb22CHGxlYXJuYW5hbHl0aWNzLm1p
Y3Jvc29mdC5jb22CHG9ubGluZWxlYXJuaW5nLm1pY3Jvc29mdC5jb22CHWJ1c2lu
ZXNzY2VudHJhbC5taWNyb3NvZnQuY29tgh1jbG91ZC1pbW1lcnNpb24ubWljcm9z
b2Z0LmNvbYIdc3R1ZGVudHBhcnRuZXJzLm1pY3Jvc29mdC5jb22CHmFuYWx5dGlj
c3BhcnRuZXIubWljcm9zb2Z0LmNvbYIeYnVzaW5lc3NwbGF0Zm9ybS5taWNyb3Nv
ZnQuY29tgh5leHBsb3JlLXNlY3VyaXR5Lm1pY3Jvc29mdC5jb22CHmtsZWludW50
ZXJuZWhtZW4ubWljcm9zb2Z0LmNvbYIecGFydG5lcmNvbW11bml0eS5taWNyb3Nv
ZnQuY29tgh9leHBsb3JlLW1hcmtldGluZy5taWNyb3NvZnQuY29tgh9pbm5vdmF0
aW9uY29udGVzdC5taWNyb3NvZnQuY29tgh9wYXJ0bmVyaW5jZW50aXZlcy5taWNy
b3NvZnQuY29tgh9waG9lbml4Y2F0YWxvZ3VhdC5taWNyb3NvZnQuY29tgh9zemtv
bHlwcnp5c3psb3NjaS5taWNyb3NvZnQuY29tgh93d3cucG93ZXJhdXRvbWF0ZS5t
aWNyb3NvZnQuY29tgiBzdWNjZXNzaW9ucGxhbm5pbmcubWljcm9zb2Z0LmNvbYIi
bHVtaWFjb252ZXJzYXRpb25zdWsubWljcm9zb2Z0LmNvbYIjc3VjY2Vzc2lvbnBs
YW5uaW5ndWF0Lm1pY3Jvc29mdC5jb22CJGJ1c2luZXNzbW9iaWxpdHljZW50ZXIu
bWljcm9zb2Z0LmNvbYIlc2t5cGVhbmR0ZWFtcy5mYXN0dHJhY2subWljcm9zb2Z0
LmNvbYInd3d3Lm1pY3Jvc29mdGRsYXBhcnRuZXJvdy5taWNyb3NvZnQuY29tgihj
b21tZXJjaWFsYXBwY2VydGlmaWNhdGlvbi5taWNyb3NvZnQuY29tgil3d3cuc2t5
cGVhbmR0ZWFtcy5mYXN0dHJhY2subWljcm9zb2Z0LmNvbYIiY2VvY29ubmVjdGlv
bnMuZXZlbnQubWljcm9zb2Z0LmNvbYIYYml6NGFmcmlrYS5taWNyb3NvZnQuY29t
ghZjYXNoYmFjay5taWNyb3NvZnQuY29tghp3d3cuY2FzaGJhY2subWljcm9zb2Z0
LmNvbYITdmlzaW8ubWljcm9zb2Z0LmNvbYIXaW5zaWRlbXNyLm1pY3Jvc29mdC5j
b22CH2RldmVsb3BlcnZlbG9jaXR5YXNzZXNzbWVudC5jb22CI3d3dy5kZXZlbG9w
ZXJ2ZWxvY2l0eWFzc2Vzc21lbnQuY29tggpnZWFyczUuY29tgg53d3cuZ2VhcnM1
LmNvbYIUd3d3LmdlYXJzdGFjdGljcy5jb22CEGdlYXJzdGFjdGljcy5jb22CEW0x
Mi5taWNyb3NvZnQuY29tggxzZWVpbmdhaS5jb22CGHlvdXJjaG9pY2UubWljcm9z
b2Z0LmNvbYIZbXZ0ZC5ldmVudHMubWljcm9zb2Z0LmNvbYIVaW1hZ2luZS5taWNy
b3NvZnQuY29tghBtaWNyb3NvZnQuY29tLmF1ghR3d3cubWljcm9zb2Z0LmNvbS5h
dYIWZHluYW1pY3MubWljcm9zb2Z0LmNvbYIbcG93ZXJwbGF0Zm9ybS5taWNyb3Nv
ZnQuY29tghdwb3dlcmFwcHMubWljcm9zb2Z0LmNvbYIbcG93ZXJhdXRvbWF0ZS5t
aWNyb3NvZnQuY29tgiBwb3dlcnZpcnR1YWxhZ2VudHMubWljcm9zb2Z0LmNvbYIY
cG93ZXJwYWdlcy5taWNyb3NvZnQuY29tgh90ZXN0LmlkZWFzLmZhYnJpYy5taWNy
b3NvZnQuY29tghFzZHMubWljcm9zb2Z0LmNvbYIVcHBlLnNkcy5taWNyb3NvZnQu
Y29tght3d3cubWljcm9zb2Z0MzY1Y29waWxvdC5jb22CEHd3dy5qY2xhcml0eS5j
b22CG3RlY2hpbm5vdmF0b3Jzc3BvdGxpZ2h0LmNvbYIfd3d3LnRlY2hpbm5vdmF0
b3Jzc3BvdGxpZ2h0LmNvbYIKY29waWxvdC5haYIVZ2V0bGljZW5zaW5ncmVhZHku
Y29tghl3d3cuZ2V0bGljZW5zaW5ncmVhZHkuY29tghRqcG4uZGVsdmUub2ZmaWNl
LmNvbYIUYXVzLmRlbHZlLm9mZmljZS5jb22CFGluZC5kZWx2ZS5vZmZpY2UuY29t
ghRrb3IuZGVsdmUub2ZmaWNlLmNvbYIWY29icmEubWUubWljcm9zb2Z0LmNvbYIX
d3d3LmJ1c2luZXNzY2VudHJhbC5jb22CE2J1c2luZXNzY2VudHJhbC5jb22CHG1z
YWlkYXRhc3R1ZGlvLm9mZmljZXBwZS5uZXSCGmlkZWFzLmZhYnJpYy5taWNyb3Nv
ZnQuY29tggx3d3cuY3B0LmxpbmuCCGNwdC5saW5rggx5YXJwLmRvdC5uZXSCE21p
Y3Jvc29mdHN0cmVhbS5jb22CF3d3dy5taWNyb3NvZnRzdHJlYW0uY29tghd3ZWIu
bWljcm9zb2Z0c3RyZWFtLmNvbYITZGlzY292ZXIuY29waWxvdC5haYILY29waWxv
dC5jb22CD3d3dy5jb3BpbG90LmNvbYIUZGlzY292ZXIuY29waWxvdC5jb20wDAYD
VR0TAQH/BAIwADBqBgNVHR8EYzBhMF+gXaBbhllodHRwOi8vd3d3Lm1pY3Jvc29m
dC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBBenVyZSUyMFJTQSUyMFRMUyUy
MElzc3VpbmclMjBDQSUyMDA3LmNybDBmBgNVHSAEXzBdMFEGDCsGAQQBgjdMg30B
ATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3Bz
L0RvY3MvUmVwb3NpdG9yeS5odG0wCAYGZ4EMAQICMB8GA1UdIwQYMBaAFM4VFjvq
AqOma9rZK/3ljFK+elCoMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAN
BgkqhkiG9w0BAQwFAAOCAgEAD8oUKPFC+F7mlKiS+ZiX/OpuhS9Uhy6fCrlN7avs
5AkeUsrZ9B7pgmunvmtHU0xwPHb+I9coX81VKBUsyz+z8hPfSE/6xEyhXSN8EW8q
+9DWT/n/icMFxKvoehMFU9zgmvpdg5oVa210nABLeGqL6k0ajZHXLBA1msYDdvUa
FVHP+JKVrvcxBaDSiD5f29KoU6bwRQ9+8MoTA5hFn2RzDVV+FZ+sCnYRoVTxYtvZ
Ecl7vAAWkJ4hVmLD9BoxwPzjPzuak3co7XMerwqAL6twuN3+6gynGol+U5azY4IR
2AtZ8zBxl01dyLisqhS3Pm4tm3VShyCUnNZ9fJ31nNUV9ygMgHpBWnoiEB6bCa9P
YvHeV1x8c+ig+9gQybTskY/BDw4hMbJJY0wB6/aRW08dWwxVN1u2abcGBX9msizR
eBRGeqDgHx/tJFUCmAqAPfhpgrzBXVz7LppaTJ8Go+eFrbBDklBzypiw7+11PsY4
rREajvXPQ/fpkW9fO4UaEbAlOK4Uzk4JdxmmKDJsurg94m0jm9/c3wkAV3ROJII8
Jyy/4cpWjl5bHy5a5qE/vW/2O+tvydWYhWmNw9oL+1PsBnyk4lU97z4Sz7doSpzw
Gi2ZlJ19JpKaPFFyqbk01sUx3drmWpEYtB5BkpiqJl187d7NoHBuLEyJtSbLz/ub
yOI=
-----END CERTIFICATE-----
subject=C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = microsoft.com

issuer=C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 07

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 8147 bytes and written 379 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
DONE

Master-Key should be an AES key.

TLS has a feature for PSK (pre-shared key), which is almost never used.

TLS has a feature for passwords (SRP), and I have also not seen it being used.

2.8. Making CSR

[ req ] # necessary ?
prompt = no # no interactive
default_keyfile = my-server.net.key
distinguished_name = req_distinguished_name # refers to a section name
req_extensions = v3_req # also section name

[ req_distinguished_name ]
CN = my-server.net # legacy

[ v3_req ]
subjectAltName = @alt_names

[alt_names]
DNS.1 = my-server.net
DNS.3 = www.my-server.net
IP.1  = 127.0.0.1

List ecdsa parameters 

openssl ecparam -list_curves

secp112r1 : SECG/WTLS curve over a 112 bit prime field
secp112r2 : SECG curve over a 112 bit prime field
secp128r1 : SECG curve over a 128 bit prime field
secp128r2 : SECG curve over a 128 bit prime field
secp160k1 : SECG curve over a 160 bit prime field
secp160r1 : SECG curve over a 160 bit prime field
secp160r2 : SECG/WTLS curve over a 160 bit prime field
secp192k1 : SECG curve over a 192 bit prime field
secp224k1 : SECG curve over a 224 bit prime field
secp224r1 : NIST/SECG curve over a 224 bit prime field
secp256k1 : SECG curve over a 256 bit prime field
secp384r1 : NIST/SECG curve over a 384 bit prime field
secp521r1 : NIST/SECG curve over a 521 bit prime field
prime192v1: NIST/X9.62/SECG curve over a 192 bit prime field
prime192v2: X9.62 curve over a 192 bit prime field
prime192v3: X9.62 curve over a 192 bit prime field
prime239v1: X9.62 curve over a 239 bit prime field
prime239v2: X9.62 curve over a 239 bit prime field
prime239v3: X9.62 curve over a 239 bit prime field
prime256v1: X9.62/SECG curve over a 256 bit prime field
sect113r1 : SECG curve over a 113 bit binary field
sect113r2 : SECG curve over a 113 bit binary field
sect131r1 : SECG/WTLS curve over a 131 bit binary field
sect131r2 : SECG curve over a 131 bit binary field
sect163k1 : NIST/SECG/WTLS curve over a 163 bit binary field
sect163r1 : SECG curve over a 163 bit binary field
sect163r2 : NIST/SECG curve over a 163 bit binary field
sect193r1 : SECG curve over a 193 bit binary field
sect193r2 : SECG curve over a 193 bit binary field
sect233k1 : NIST/SECG/WTLS curve over a 233 bit binary field
sect233r1 : NIST/SECG/WTLS curve over a 233 bit binary field
sect239k1 : SECG curve over a 239 bit binary field
sect283k1 : NIST/SECG curve over a 283 bit binary field
sect283r1 : NIST/SECG curve over a 283 bit binary field
sect409k1 : NIST/SECG curve over a 409 bit binary field
sect409r1 : NIST/SECG curve over a 409 bit binary field
sect571k1 : NIST/SECG curve over a 571 bit binary field
sect571r1 : NIST/SECG curve over a 571 bit binary field
c2pnb163v1: X9.62 curve over a 163 bit binary field
c2pnb163v2: X9.62 curve over a 163 bit binary field
c2pnb163v3: X9.62 curve over a 163 bit binary field
c2pnb176v1: X9.62 curve over a 176 bit binary field
c2tnb191v1: X9.62 curve over a 191 bit binary field
c2tnb191v2: X9.62 curve over a 191 bit binary field
c2tnb191v3: X9.62 curve over a 191 bit binary field
c2pnb208w1: X9.62 curve over a 208 bit binary field
c2tnb239v1: X9.62 curve over a 239 bit binary field
c2tnb239v2: X9.62 curve over a 239 bit binary field
c2tnb239v3: X9.62 curve over a 239 bit binary field
c2pnb272w1: X9.62 curve over a 272 bit binary field
c2pnb304w1: X9.62 curve over a 304 bit binary field
c2tnb359v1: X9.62 curve over a 359 bit binary field
c2pnb368w1: X9.62 curve over a 368 bit binary field
c2tnb431r1: X9.62 curve over a 431 bit binary field
wap-wsg-idm-ecid-wtls1: WTLS curve over a 113 bit binary field
wap-wsg-idm-ecid-wtls3: NIST/SECG/WTLS curve over a 163 bit binary field
wap-wsg-idm-ecid-wtls4: SECG curve over a 113 bit binary field
wap-wsg-idm-ecid-wtls5: X9.62 curve over a 163 bit binary field
wap-wsg-idm-ecid-wtls6: SECG/WTLS curve over a 112 bit prime field
wap-wsg-idm-ecid-wtls7: SECG/WTLS curve over a 160 bit prime field
wap-wsg-idm-ecid-wtls8: WTLS curve over a 112 bit prime field
wap-wsg-idm-ecid-wtls9: WTLS curve over a 160 bit prime field
wap-wsg-idm-ecid-wtls10: NIST/SECG/WTLS curve over a 233 bit binary field
wap-wsg-idm-ecid-wtls11: NIST/SECG/WTLS curve over a 233 bit binary field
wap-wsg-idm-ecid-wtls12: WTLS curve over a 224 bit prime field
Oakley-EC2N-3: 
      IPSec/IKE/Oakley curve #3 over a 155 bit binary field.
      Not suitable for ECDSA.
      Questionable extension field!
Oakley-EC2N-4: 
      IPSec/IKE/Oakley curve #4 over a 185 bit binary field.
      Not suitable for ECDSA.
      Questionable extension field!
brainpoolP160r1: RFC 5639 curve over a 160 bit prime field
brainpoolP160t1: RFC 5639 curve over a 160 bit prime field
brainpoolP192r1: RFC 5639 curve over a 192 bit prime field
brainpoolP192t1: RFC 5639 curve over a 192 bit prime field
brainpoolP224r1: RFC 5639 curve over a 224 bit prime field
brainpoolP224t1: RFC 5639 curve over a 224 bit prime field
brainpoolP256r1: RFC 5639 curve over a 256 bit prime field
brainpoolP256t1: RFC 5639 curve over a 256 bit prime field
brainpoolP320r1: RFC 5639 curve over a 320 bit prime field
brainpoolP320t1: RFC 5639 curve over a 320 bit prime field
brainpoolP384r1: RFC 5639 curve over a 384 bit prime field
brainpoolP384t1: RFC 5639 curve over a 384 bit prime field
brainpoolP512r1: RFC 5639 curve over a 512 bit prime field
brainpoolP512t1: RFC 5639 curve over a 512 bit prime field
SM2       : SM2 curve over a 256 bit prime field

2.9. Making an CA

When looking at the following code, pay a lot of attention to the -x509 switch to the req command. 

-x509

This option outputs a certificate instead of a certificate request. This is typically used to generate test certificates. It is
implied by the -CA option.

This option implies the -new flag if -in is not given.

If an existing request is specified with the -in option, it is converted to a certificate; otherwise a request is created from
scratch.

Unless specified using the -set_serial option, a large random number will be used for the serial number.

Unless the -copy_extensions option is used, X.509 extensions are not copied from any provided request input file.

X.509 extensions to be added can be specified in the configuration file, possibly using the -config and -extensions options, and/or
using the -addext option.

2.9.1. TODO RSA version

This section is unfinished and does not include client generation.

This section is config-file based, which is in theory better than just parameters, but I do not care for private use.

How to generate a root cert: 

#!bash

printf 'Hello\n'

printf 'Deleting CA directory\n'

rm -rf "CA_directory"

mkdir -p CA_directory/root/{certs,newcerts,crl,private,csr}

echo 1000 > CA_directory/root/serial
echo 1000 > CA_directory/root/crlnumber
touch CA_directory/root/index.txt

cd CA_directory/root/

openssl req -config <(printf '%s' '
[ca]
default_ca = CA_default # Section redirection

[ CA_default ]
dir = ./CA_directory/root
certs = $dir/certs
crl_dir = $dir/crl
new_certs_dir = $dir/newcerts # how is it different from certs?
database = $dir/index.txt
private_keys = $dir/private/ca.key.pem
certificate = $dir/certs/ca.cert.pem
crlnumber = $dir/crlnumber
crl = $dir/crl/ca.crl.pem
crl_extensions = crl_ext
cefault_crl_days = 30

name_opt = ca_default # magic?
cert_opt = ca_default # magic?
default_days = 375 # how long standard certs signed _with_this_ca_ live
preserve = no # magic
policy = policy_strict # root CA gets its policy from a section called policy_strict
# I guess that for a simpleton certificate for a personal server none of this is needed?

[ policy_strict ] # which certs a CA root can sign
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
string_mask = utf8only
default_md = sha256
x509_extensions = v3_ca
prompt = no

[ req_distinguished_name ] 
C = TS
ST = TestProvince
L = TestCity
O = TestCompany
OU = TestCompanyDepartment
CN = My CA Root Certificate

[ v3_ca ]# man openssl-x509v3_config
subjectKeyIdentifier = hash # unique code, identifying certs, hash means use a hash of the cert
authorityKeyIdentifier = keyid:always,issuer # add signing key info when signing certificates
basicConstraints = critical, CA:true, pathlen:1 # must be a CA cert, can only sign non-further-signatures certs
keyUsage = critical, digitalSignature, cRLSign, keyCertSign 

') -newkey rsa -keyout private/ca.key.pem -x509 -days 7300 \
        -extensions v3_ca -out certs/ca.cert.pem -nodes

2.9.2. A simpler RSA version

openssl req
        -x509\
        -newkey rsa -keyout ca.key.pem -out ca.cert.pem \
         -days 7300 \
         -nodes \
         -subj "/C=NL/ST=Zuid Holland/L=Rotterdam/O=ACME Corp/OU=IT Dept/CN=localhost"

# generate keypair
openssl req \
        -new \
        -newkey rsa -keyout client0.key -out client0.csr.pem \
        -subj "/C=NL/ST=Zuid Holland/L=Rotterdam/O=ACME Corp/OU=IT Dept/CN=localhost" \
        -nodes
# sign
openssl x509 -req \
        -extfile <(printf '%s' 'subjectAltName = DNS:localhost,DNS:blabla.org') \
        -CA ca.cert.pem -CAkey ca.key.pem -in client0.csr.pem -out client0.cert.pem -CAcreateserial

The important thing is that the SAN extension is added during signing, not generating a keypair.

2.9.3. CA using ECDSA

PARAM=$(openssl genpkey -genparam -algorithm ec \
     -pkeyopt ec_paramgen_curve:P-256)
printf '%s\n' "$PARAM"
 openssl req \
        -x509 \
        -newkey ec:<(printf '%s\n' "$PARAM") -keyout ca.key.pem -out ca.cert.pem \
         -days 7300 \
         -nodes \
         -subj "/C=NL/ST=Zuid Holland/L=Rotterdam/O=ACME Corp/OU=IT Dept/CN=localhost"

# generate keypair
openssl req \
        -new \
        -newkey ec:<(printf '%s' "$PARAM") -keyout client0.key -out client0.csr.pem \
        -subj "/C=NL/ST=Zuid Holland/L=Rotterdam/O=ACME Corp/OU=IT Dept/CN=localhost" \
        -nodes
# sign
openssl x509 -req \
        -extfile <(printf '%s' 'subjectAltName = DNS.1:localhost,DNS.2:blabla.org,IP.1:127.0.0.1') \
        -CA ca.cert.pem -CAkey ca.key.pem -in client0.csr.pem -CAcreateserial -out  client0.cert.pem
# check that it works
openssl x509 -text -noout -in client0.cert.pem

3. TODO Words

  1. wobble :: shaking unsystematically
  2. besotted :: enthralled, stupefied, intoxicated, befuddled
  3. snazzy :: cool and attractive
  4. fling :: throw something forcefully or carelessly
  5. willy-nilly :: without much organisation
  6. tally stick :: the ancient cryptography device – write a document on a piece of wood and cut it jigsaw-like in halves. faking a piece of wood is nearly impossible
  7. Canadian loonie :: a Canadian 1-dollar coin
  8. daft :: dumb, stupid
  9. detritus :: debris, literally pieces of rocks broken off by ice
  10. wad of paper :: not even and neat piece of paper, a clot, usually as in "wad of cash", "wad of money"
  11. pummel :: strike repeatedly with fists
  12. finagle :: obtain something by illegitimate and dishonest means

4. TODO Contacts