Reading "TLS Mastery" by Michael W Lucas.
I have read "TLS Mastery" by Michael W Lucas.
It is not a bad introduction into openssl and TLS, but I feel that his book on SSH is better.
1. Review
So, I found that I had to read an introduction into TLS when I failed to generate a self-signed certificate for a simple setup at work, which needed a few TLS certificates to place a stupid piece of software which refused to work without them.
The system was completely closed-circuit, none of that stuff was required or even beneficial for my use-case, but since Open Source is obsessed with cryptomania and is extremely keen on embedding it into everything which falls into their hands, I thought that it is worth learning a few bits.
I had already known that Lucas is good at reading man pages aloud (or rather rewriting their dry and terse language into something much more palatable, having a structure and a narrative), I resorted to reading his book "TLS Mastery".
What can I say? It is not a bad book, but I am feeling that it over-complicates things.
It is true that TLS is over-complicated by design, and Lucas actually does a decent job introducing the needless but unavoidable complexities, I am feeling that he buys into the TLS complexity too much, taking it at face value and not simplifying where it is possible to simplify things.
On the other hand, I am writing this from a position of someone who has already spent time on fighting with TLS certificates for some time.
The books essentially consists of four parts:
- Introducing TLS, vocabulary, and notation.
- Describing keypair generation and those few cryptography parameters which might be of use for a practitioner.
- Getting certificates signed by an automated service like Let's Encrypt.
- Running one's own Certificate Authority, which is not an organisation, but a set of scripts.
The last part is introduced in great detail, and describes every step of this potentially overbearing process, but does not give a few "simple and straightforward" commands to plug into your script and placate the pesky software which just needs encryption for whatever reason.
Anyway, the last part of 2 in this file gives one for you.
In any case, the book is short, the language is lively and rich with metaphors, so it is a fun read anyway.
The language is, maybe, even a little bit too simple and approachable, for me, but this is not necessarily bad, because nowadays everyone has to be a little bit of a sysadmin, even though for most of us it is not an activity of choice but an unfortunate necessity, and therefore treating us all as ignorant newbies is a good thing, not bad.
2. Notes
2.1. References
2.2. Simple request
openssh s_client
is a TLS-aware telnet/netcat, similar to stunnel
openssl s_client -showcerts -connect www.baidu.com:443 <<EOF GET / HTTP/1.1 EOF
2.3. Understanding the crypto system
2.3.1. HMAC
HMAC is essentially a signature. Hash-based Message Authentication Code. Message -> hash(message) -> privkey_enc(hash(message)) -> short signature/hmac
check correct if hash(message)==pubkey_dec(hmac)
But there may be other methods to generate the HMAC
Again, they are used during stream exchange to encrypt every block, not during key exchange (even though key exchange needs a signature too).
2.3.2. Algorithms
- Key Exchange
openssl ciphers -v 'ALL:COMPLEMENTOFALL' | awk '{print $3;}' | sort | uniq
Kx=DH Kx=DHEPSK Kx=ECDH Kx=ECDHEPSK Kx=PSK Kx=RSA Kx=RSAPSK Kx=any Kx=SRP
https://openssl-users.openssl.narkive.com/N0eGKnwY/ecdh-vs-ecdhe
- ECDHE :: Elliptic Curve Diffie Hellman Ephemeral (no, the last E is NOT "Exchange")
- ECDHEPSK :: Not sure, I think it is ECDHE, but with some unfair optimisations
- ECDH :: Elliptic Curve Diffie Hellman (same key persists over the session)
- RSA :: Rivest Shamir Adleman
- RSAPSK :: -//-
- DH :: Diffie Hellman (not Elliptic)
- DHE :: Diffie Hellman Ephemeral
- DHEPSK :: -//-
- SRP :: Some obscure stuff from 1997 "Secure Remote Password protocol (SRP) is an augmented password-authenticated key exchange (PAKE) protocol"
Surprisingly, Curve25519 is missing.
- Authentication
openssl ciphers -v 'ALL:COMPLEMENTOFALL' | awk '{print $4;}' | sort | uniq
Au=DSS Au=ECDSA Au=None Au=PSK Au=RSA Au=any
- ECDSA :: Elliptic Curve Digital Signature Algorithm
- RSA :: -//-
- DSA :: -//-, 1991
Missing ciphers o_O?
- EdDSA :: Edwards' DSA, why is it missing?
- Symmetric Encryption with Method
openssl ciphers -v 'ALL:COMPLEMENTOFALL' | awk '{print $5;}' | sort | uniq
Enc=AES(128) Enc=AES(256) Enc=AESCCM(128) Enc=AESCCM(256) Enc=AESCCM8(128) Enc=AESCCM8(256) Enc=AESGCM(128) Enc=AESGCM(256) Enc=ARIAGCM(128) Enc=ARIAGCM(256) Enc=CHACHA20/POLY1305(256) Enc=Camellia(128) Enc=Camellia(256) Enc=IDEA(128) Enc=None Enc=SEED(128)
- AES :: Rijndael 2002, a "new" standard when DES was broken.
- ARIA :: South Korean AES 2003
- ChaCha20-Poly1305 :: Bernstein's cipher from 2005/2008, ChaCha20 works only in AEAD with Poly1305, I don't know why
- Camellia :: NTT/Mitsubishi candidate for AES, 2000
- IDEA :: 1991, First replacement for DES
- SEED :: South Korean cipher from 1998
Missing
- Deprecated DES/3DES :: Digital Encryption Standard, 56 bit
- Deprecated RC2 :: 1987, Rivest Cipher 2
- Deprecated RC4 :: 1987, Rivest Cipher 4 40-2048 bits, nowadays seldom used
- Salsa20
- XChaCha20
Methods are extensively covered in Bruce Schneier's book.
- CBC :: Cipher block chaining https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CBC
- CCM :: Counter with cipher block chaining message authentication code
- CCM_8 :: CCM with different authentication tag, 8 bytes (not bits)
- GCM :: Galois Counter Mode
- Message Authentication Code (MAC, Hash-based MAC (HMAC))
openssl ciphers -v 'ALL:COMPLEMENTOFALL' | awk '{print $6;}' | sort | uniq
Mac=AEAD Mac=MD5 Mac=SHA1 Mac=SHA256 Mac=SHA384
AEAD is not a separate algorithm, it means that Message Authentication is built into encryption.
openssl ciphers -v | grep -F 1.3
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
The suffix is SHA256, but Mac=AEAD. facepalm
2.3.3. Perfect Forward Secrecy
Inability to decrypt a full session dump even if a key is recovered later.
2.4. File formats
2.4.1. Serialisation
ASN.1 and OID.
ASN.1 is used for encoding:
- X.500 directory structure
- X.509 (TLS and similar) certificates
- LDAP
- SNMP
Not sure if it is much better than protobuf, but this is a decision taken years ago.
ASN.1 is a syntactic notation, and needs a "lexical syntax" encoding.
- DER :: Distinguished Encoding Rules, a binary format for ASN.1
- PEM :: Privacy-Enanced Mail, a text format for ASN.1, headers+base64(der)
- pkcs12 :: usually cert+key+chain in one file, with .p12 ext
2.4.2. Working with keys
- openssl rsa :: working with rsa keys
- openssl ec :: working with elliptic curves, dsa keys
- openssl x509 :: working with x509 certs
- openssl pkcs12 :: working with pkcs12 cert archives
Funny, if you give openssl a "bundle", a lump of certificates, it only processes the first one, but gnutls (certtool) processes all of them.
How to save a website cert and chain into a file?
openssl s_client -connect www.baidu.com:443 -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM > file.pem
openssl s_client -showcerts -connect www.rabobank.nl:443 </dev/null 2>/dev/null | openssl x509 -noout -text
Certificate: Data: Version: 3 (0x2) Serial Number: 39:0f:97:a1:9b:b1:9a:2d:d6:10:b9:82:df:f7:23:b6 Signature Algorithm: ecdsa-with-SHA256 Issuer: C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo ECC Extended Validation Secure Server CA Validity Not Before: Apr 1 00:00:00 2025 GMT Not After : Apr 1 23:59:59 2026 GMT Subject: serialNumber = 30046259, jurisdictionC = NL, businessCategory = Private Organization, C = NL, ST = Utrecht, O = Cooperatieve Rabobank U.A., CN = rabobank.nl Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:fa:72:7e:f6:30:8f:ad:f4:5e:d7:47:05:35:5a: ae:cf:63:4b:4e:4c:4b:8f:f6:e6:c2:93:6c:bf:61: 7e:4c:a1:71:2d:5a:c5:0d:49:bc:4d:c5:be:5b:33: 03:26:7c:de:b3:37:6b:bd:9b:47:be:65:94:df:bb: 9e:d1:e2:fb:b1 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Authority Key Identifier: keyid:EF:C1:2A:95:0C:32:DA:FB:73:30:DC:8A:13:D8:15:4B:F7:13:E8:F8 X509v3 Subject Key Identifier: 2A:F2:1C:C8:05:79:FA:45:42:12:5B:77:64:3A:21:15:A8:CC:32:A5 X509v3 Key Usage: critical Digital Signature X509v3 Basic Constraints: critical CA:FALSE X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.6449.1.2.1.5.1 CPS: https://sectigo.com/CPS Policy: 2.23.140.1.1 X509v3 CRL Distribution Points: Full Name: URI:http://crl.sectigo.com/SectigoECCExtendedValidationSecureServerCA.crl Authority Information Access: CA Issuers - URI:http://crt.sectigo.com/SectigoECCExtendedValidationSecureServerCA.crt OCSP - URI:http://ocsp.sectigo.com CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 96:97:64:BF:55:58:97:AD:F7:43:87:68:37:08:42:77: E9:F0:3A:D5:F6:A4:F3:36:6E:46:A4:3F:0F:CA:A9:C6 Timestamp : Apr 1 13:36:49.891 2025 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:2E:80:F4:58:61:1D:DF:B7:BB:0F:AA:B7: 4C:A3:B8:F7:4C:E2:F2:D1:73:CE:2A:26:42:F7:83:93: 42:35:72:F1:02:20:6E:A0:4B:FA:72:3D:EB:55:F3:8A: F8:97:7C:B1:E4:A3:AD:33:9C:21:25:DA:14:48:A5:9B: 7D:C7:E4:78:9D:11 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 19:86:D4:C7:28:AA:6F:FE:BA:03:6F:78:2A:4D:01:91: AA:CE:2D:72:31:0F:AE:CE:5D:70:41:2D:25:4C:C7:D4 Timestamp : Apr 1 13:36:49.859 2025 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:2C:C5:F2:D4:94:D0:44:7D:48:BA:27:C0: 44:2E:6A:57:01:16:4F:5B:54:A7:65:B9:44:4F:D5:BA: 2B:78:03:9A:02:21:00:8E:EC:5C:3F:32:08:E2:0C:DC: 7C:FE:53:E1:F1:2F:1A:D4:78:18:40:83:4F:31:26:99: D3:3B:2B:B6:68:31:FC Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 0E:57:94:BC:F3:AE:A9:3E:33:1B:2C:99:07:B3:F7:90: DF:9B:C2:3D:71:32:25:DD:21:A9:25:AC:61:C5:4E:21 Timestamp : Apr 1 13:36:49.889 2025 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:D1:3C:38:FB:A8:A4:21:72:36:92:C2: D1:EA:14:98:94:FA:C1:79:67:60:CD:4C:95:77:AC:10: 4F:BB:C2:95:31:02:20:47:39:49:5E:C2:46:CB:BC:97: FE:97:2F:B3:81:44:1C:D7:A8:1D:13:BE:2F:E4:6E:EF: 92:E4:53:1A:94:44:A2 X509v3 Subject Alternative Name: DNS:rabobank.nl, DNS:www.rabobank.nl Signature Algorithm: ecdsa-with-SHA256 30:44:02:20:1e:00:23:53:80:75:3f:19:f4:38:8f:00:bb:6a: 5f:f2:27:db:56:2e:ca:4c:d3:96:40:84:08:4d:11:aa:b0:f7: 02:20:43:0e:64:a1:63:37:6b:14:26:ce:a5:91:14:36:72:50: 3e:fe:35:8e:4f:d5:43:c0:fd:ae:b5:66:8c:ec:fa:72
The above is an Extended Validation certificate, which has not just a domain name in the Subject, but the country and the business name.
2.5. Signing and Encryption
We do not use Public Key Encryption any more.
We use Public Key Signing, and apply it to obtaining Symmetric Encryption Keys using Diffie-Hellman.
So even if your certificate is invalid for signing, it does not mean that the key is not good for organising an encrypted communication link. (It probably does not work for asynchronous encryption, such as email or ordinary mail.)
2.6. Revocation
- openssl crl
curl 'http://crl.sectigo.com/SectigoECCExtendedValidationSecureServerCA.crl' | openssl crl -inform DER -noout -text
Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: ecdsa-with-SHA256 Issuer: C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo ECC Extended Validation Secure Server CA Last Update: May 22 13:01:18 2025 GMT Next Update: May 29 13:01:18 2025 GMT CRL extensions: X509v3 Authority Key Identifier: keyid:EF:C1:2A:95:0C:32:DA:FB:73:30:DC:8A:13:D8:15:4B:F7:13:E8:F8 X509v3 CRL Number: 2461 Revoked Certificates: Serial Number: F68D62FBF1623665C9CCD6C71A5549DE Revocation Date: Jun 10 15:00:25 2024 GMT Serial Number: 054D37B37752D9AE48F5292AFB1AD799 Revocation Date: Sep 9 12:52:04 2024 GMT Serial Number: 7FC8A4C765F72B86725390B2D79F4E5B Revocation Date: Sep 25 13:35:00 2024 GMT CRL entry extensions: X509v3 CRL Reason Code: Superseded Serial Number: 50E07CD40E1358AC8AA8EA336D365833 Revocation Date: Oct 1 23:55:55 2024 GMT Serial Number: 7BD6D2B8666F79C9022CCDE3FA26839D Revocation Date: Oct 1 23:55:56 2024 GMT Serial Number: 9BC21C5B7E1D909B9E3F9ADFC4DA0DF3 Revocation Date: Oct 4 13:37:30 2024 GMT Serial Number: B671F7363552EDAA2EC68D4A5852AD15 Revocation Date: Oct 21 12:22:24 2024 GMT Serial Number: 5AB252C6DB13A335E40CA6E10985A7AB Revocation Date: Oct 22 09:24:52 2024 GMT Serial Number: 085A9DC7B48A82CB52BCFC2E99628979 Revocation Date: Oct 23 11:43:24 2024 GMT Serial Number: B7321C7A2C5CCF8DE73E982BA44748C1 Revocation Date: Feb 21 14:12:52 2025 GMT Serial Number: 35641F6F81DC2639A810DC1A53AF04F4 Revocation Date: Mar 5 19:24:59 2025 GMT CRL entry extensions: X509v3 CRL Reason Code: Superseded Serial Number: 21927D6ADA83B7617F367BE59798976E Revocation Date: Mar 5 19:25:19 2025 GMT CRL entry extensions: X509v3 CRL Reason Code: Superseded Serial Number: 3606E08FFCAF6E809BAB0632C6722A73 Revocation Date: Mar 5 19:25:43 2025 GMT CRL entry extensions: X509v3 CRL Reason Code: Superseded Serial Number: 6D305EA71C9749936EBE6082F0A7F555 Revocation Date: Mar 27 09:48:55 2025 GMT Serial Number: B80F154F16A648C32F9D218B14A5724C Revocation Date: Mar 31 18:53:03 2025 GMT Serial Number: 9BE747179EA0A5898DA46AC68E89D2E4 Revocation Date: Apr 16 13:23:21 2025 GMT Serial Number: 6E5BE0F63B29A51737DA8C1DD9F88D40 Revocation Date: Apr 17 22:05:17 2025 GMT CRL entry extensions: X509v3 CRL Reason Code: Cessation Of Operation Serial Number: 6D2A42743E9A0BEAA26E227A550AB29C Revocation Date: Apr 28 14:41:52 2025 GMT CRL entry extensions: X509v3 CRL Reason Code: Cessation Of Operation Signature Algorithm: ecdsa-with-SHA256 30:44:02:20:75:78:f1:55:ee:6b:5e:06:5c:cf:fd:1f:3b:ce: 7e:c8:0a:bb:44:44:02:12:37:11:85:5d:9c:41:be:f2:65:ae: 02:20:6d:13:bc:00:b4:58:31:85:9e:14:10:0f:e3:32:6e:62: 85:6a:7f:57:6a:9d:b2:af:bd:96:86:fd:7b:4f:a1:1c
2.7. Negotiation
openssl s_client -crlf -tls1_2 -connect baidu.com:443 </dev/null 2>&1
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2 verify return:1 depth=1 C = US, O = "DigiCert, Inc.", CN = DigiCert Secure Site Pro G2 TLS CN RSA4096 SHA256 2022 CA1 verify return:1 depth=0 C = CN, ST = \E5\8C\97\E4\BA\AC\E5\B8\82, O = "BeiJing Baidu Netcom Science Technology Co., Ltd", CN = www.baidu.cn verify return:1 CONNECTED(00000008) --- Certificate chain 0 s:C = CN, ST = \E5\8C\97\E4\BA\AC\E5\B8\82, O = "BeiJing Baidu Netcom Science Technology Co., Ltd", CN = www.baidu.cn i:C = US, O = "DigiCert, Inc.", CN = DigiCert Secure Site Pro G2 TLS CN RSA4096 SHA256 2022 CA1 1 s:C = US, O = "DigiCert, Inc.", CN = DigiCert Secure Site Pro G2 TLS CN RSA4096 SHA256 2022 CA1 i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2 2 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2 i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA --- Server certificate -----BEGIN CERTIFICATE----- MIIIlzCCBn+gAwIBAgIQD41nR/OhQo95k3ouSXk0KDANBgkqhkiG9w0BAQsFADBr MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQzBBBgNVBAMT OkRpZ2lDZXJ0IFNlY3VyZSBTaXRlIFBybyBHMiBUTFMgQ04gUlNBNDA5NiBTSEEy NTYgMjAyMiBDQTEwHhcNMjUwMjEyMDAwMDAwWhcNMjYwMzAzMjM1OTU5WjBzMQsw CQYDVQQGEwJDTjESMBAGA1UECAwJ5YyX5Lqs5biCMTkwNwYDVQQKEzBCZWlKaW5n IEJhaWR1IE5ldGNvbSBTY2llbmNlIFRlY2hub2xvZ3kgQ28uLCBMdGQxFTATBgNV BAMTDHd3dy5iYWlkdS5jbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB ANugve9PaRllDOS4+X6lmki6d0pBR2xa5N5TY/2nU7asjQRoowyuD0c5d6lAoibl z4KaeglV9yjTD/Z6kkbwmj/G5ckMdvZ1t2TH9zqrsvD4sHCJjdCfJhFm2zF4OyU3 7bnh7J0UpjcjzkIWV6ZqpYy68FNBhxYDzUwECABHzR8/x9GG8kfS2y0NDT6pu+Ky /v+XLKbLj6OXWFdgstRKXgJ6G0fxpPhxyHjsLWLVpXMfTuGa0IvDuBAaWUpOyOp6 v2fpnNKP9VAfLpJMJsgBb7QVmYEscd0C76LPZ8QupvbtiWTKCH86UweOY0RWUh/2 L16CaKFckpz+4BgARtspVtUCAwEAAaOCBC0wggQpMB8GA1UdIwQYMBaAFOFsw5SF b+dBL1V6M32PX7YgUDYVMB0GA1UdDgQWBBRRok2im6uS1qk+tBoyHaONJ14WKTCB 9AYDVR0RBIHsMIHpggx3d3cuYmFpZHUuY26CCGJhaWR1LmNuggliYWlkdS5jb22C DGJhaWR1LmNvbS5jboILdy5iYWlkdS5jb22CDHd3LmJhaWR1LmNvbYIQd3d3LmJh aWR1LmNvbS5jboIQd3d3LmJhaWR1LmNvbS5oa4IMd3d3LmJhaWR1LmhrghB3d3cu YmFpZHUubmV0LmF1ghB3d3cuYmFpZHUubmV0LnBoghB3d3cuYmFpZHUubmV0LnR3 ghB3d3cuYmFpZHUubmV0LnZugg53d3d3LmJhaWR1LmNvbYIRd3d3dy5iYWlkdS5j b20uY24wPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDov L3d3dy5kaWdpY2VydC5jb20vQ1BTMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU BggrBgEFBQcDAQYIKwYBBQUHAwIwXAYDVR0fBFUwUzBRoE+gTYZLaHR0cDovL2Ny bC5kaWdpY2VydC5jbi9EaWdpQ2VydFNlY3VyZVNpdGVQcm9HMlRMU0NOUlNBNDA5 NlNIQTI1NjIwMjJDQTEuY3JsMIGSBggrBgEFBQcBAQSBhTCBgjAjBggrBgEFBQcw AYYXaHR0cDovL29jc3AuZGlnaWNlcnQuY24wWwYIKwYBBQUHMAKGT2h0dHA6Ly9j YWNlcnRzLmRpZ2ljZXJ0LmNuL0RpZ2lDZXJ0U2VjdXJlU2l0ZVByb0cyVExTQ05S U0E0MDk2U0hBMjU2MjAyMkNBMS5jcnQwDAYDVR0TAQH/BAIwADCCAX4GCisGAQQB 1nkCBAIEggFuBIIBagFoAHYADleUvPOuqT4zGyyZB7P3kN+bwj1xMiXdIaklrGHF TiEAAAGU+RfM4wAABAMARzBFAiBBJjCKso+A6d+o0MMRnWEpYq5dMR2DuJo6mJk+ HDIFvAIhAMtz1Ix2SIlFew3WPahi1YnH5LhZjcfMmBtWxWeeq8FtAHYAZBHEbKQS 7KeJHKICLgC8q08oB9QeNSer6v7VA8l9zfAAAAGU+RfNIAAABAMARzBFAiB6FmgL IFKV+n4Ook6Z7ngweREUpJhRVjQQ8d4Huss9OQIhAM+HihT8LiftaPkbNUaLkOO8 FkKMSOAFL1Fi82T53fEaAHYASZybad4dfOz8Nt7Nh2SmuFuvCoeAGdFVUvvp6ynd +MMAAAGU+RfNOQAABAMARzBFAiBf0Fj9+VSVmJIvrjVeSa/Jppcrw52PvqWOQaRS H9OnrAIhAJvSf8uTVrt5wJV9nCLXNM9lM7KzieAedSpt1Z/m8uqEMA0GCSqGSIb3 DQEBCwUAA4ICAQBmsknr6XATyiEkC9+l6Vd1rOIoZuNnyVUXgSNe4FIeIxRgV7yK Nua2y94uQHB5CkbCh2NIupM5fftAKBdyeTlW1eqCLsNVXTxcaR/C+NDFIsRp98r7 Izv4fFcaa5HQc86GFD4yMI3sBea2BP0ceUnEXSUMPr5vM7+6VVi2vBrgDHRTxyfr 8ZzsvYutyL04lsQFsIIJ21luAvVRIpA9UMj43Y3KMOLsQnjsoicRmLbf1FWm5M/y kl+Os7IWwqbaILjJr9dkgDUFYTifRcVdehxirb2lafvtTm6pSBZvfdAlADvVtdPO DopU2AePbhtmOqI3xqNtzubtPFYmH/tA7ROZwtrAsZXh2+cgdo5DA5oK1zFCuv1X QBdDvAOdxGyZDNI4qVxmSn1XnAj4344W8GpLW3qWc5GmS75Sl2jPzUcijqqHIsLg PKU9vfPfItlnAVLEQUZLZ1VDWcCR/rzvYXdqNHfSF2XKzY0BO+SgZ16GPf75rDlC Qa8ZjQcaG4l5pXDdHqfUobC0lXxOFlrUuL7VbQ9xdfszctPbRWjWcRchiu/+2b/0 6vSIZwGzlvHum1/fr0jzzb1NH7+0ripdYSZpr5bkH55FiYV+TfSWvzk3iXx+QHQH 79ciq5i7ls8IId2SNzcJ6r/SqN03ukj3oOUC0Y3r+whc7f28H5jK/uf/0g== -----END CERTIFICATE----- subject=C = CN, ST = \E5\8C\97\E4\BA\AC\E5\B8\82, O = "BeiJing Baidu Netcom Science Technology Co., Ltd", CN = www.baidu.cn issuer=C = US, O = "DigiCert, Inc.", CN = DigiCert Secure Site Pro G2 TLS CN RSA4096 SHA256 2022 CA1 --- No client certificate CA names sent Peer signing digest: SHA512 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 5531 bytes and written 338 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: 8528DF68F938AD4BDFBB93769E99CB39D10D5F6052DD606D0C3C32BCA0152D45 Session-ID-ctx: Master-Key: BB69A85A7F9DB25C7C8FE1BB68D33D5987CE4F7BCBD321189485952B396E5994CE35DC49BD5A2E0CA19C5B1436499705 PSK identity: None PSK identity hint: None TLS session ticket lifetime hint: 72000 (seconds) TLS session ticket: 0000 - f3 5a 68 38 69 0a 42 7e-86 4a ba 21 56 60 9a 0e .Zh8i.B~.J.!V`.. 0010 - 62 0c f2 2e e4 cb 47 98-2d 24 92 9f c0 a6 65 a2 b.....G.-$....e. 0020 - b6 2b 0c cf bc c5 0b 58-d9 77 88 6e 84 f0 0e dd .+.....X.w.n.... 0030 - 55 a0 3c 88 37 d2 af 93-aa e1 3a c6 74 0d 42 19 U.<.7.....:.t.B. 0040 - e1 a8 11 29 85 47 82 d5-1b 2b 4d d1 98 50 fb e5 ...).G...+M..P.. 0050 - c3 b0 5a 6d f3 c2 eb 61-2e 77 05 e4 70 b6 53 66 ..Zm...a.w..p.Sf 0060 - fd 6c 53 0e f0 56 a1 27-90 49 c0 ca 3a 3c 3e b5 .lS..V.'.I..:<>. 0070 - b7 58 6a f6 ac 25 4b 97-82 28 6c d0 0b 8f 4f 85 .Xj..%K..(l...O. 0080 - 4b be 10 76 f7 6e 32 4d-f3 0b 33 d9 8c 8b fd de K..v.n2M..3..... 0090 - a1 61 2e 76 8c 7f 49 e7-5b a2 cc 60 44 99 eb 02 .a.v..I.[..`D... 00a0 - 43 4f fe b8 5d a1 5b 8c-27 fc 15 1f b9 af 4d 6a CO..].[.'.....Mj Start Time: 1747984221 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no --- DONE
openssl s_client -crlf -connect microsoft.com:443 </dev/null 2>&1
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2 verify return:1 depth=1 C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 07 verify return:1 depth=0 C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = microsoft.com verify return:1 CONNECTED(00000008) --- Certificate chain 0 s:C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = microsoft.com i:C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 07 1 s:C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 07 i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2 --- Server certificate -----BEGIN CERTIFICATE----- MIIX/jCCFeagAwIBAgITMwHcJgjNfZPjbA8h7QAAAdwmCDANBgkqhkiG9w0BAQwF ADBdMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u MS4wLAYDVQQDEyVNaWNyb3NvZnQgQXp1cmUgUlNBIFRMUyBJc3N1aW5nIENBIDA3 MB4XDTI1MDUxMjA1MDIyNVoXDTI1MTEwODA1MDIyNVowZDELMAkGA1UEBhMCVVMx CzAJBgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv ZnQgQ29ycG9yYXRpb24xFjAUBgNVBAMTDW1pY3Jvc29mdC5jb20wggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmPRwEUpxujh+9TnkarQyW6a1gJWsNVHFa vDX0Xhf0+7Hd+67bhGfGJHkx6h75E4tuFAX4eWDgrTV99RiSbheCKfBzkJFcrBxd W9Ag30KfjmBimuNIIGSwaTu7RbBhkzSncR9G743xZR97ZrRv9AppKRp/ilvuRjwC ai76GWNfATPjveWL9H6gGexDNgiyzaioYozykp11u94fJvTIHlExtfoVeMKkQYhH iGZ5PWGEzYhj8YIXFlu/neT1tGjNzsdP6HAfR1l2G4RYI1Jd6F9hBR7W+HmpBxHO o9Tio0rn7CwNcrj2zgxANRGVu07JLyCWvAo6ncSntLKLGI8luCIBAgMBAAGjghOu MIITqjCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHYA3dzKNJXX4RYF55Uy+sef +D0cUN/bADoUEnYKLKy7yCoAAAGWwuilLwAABAMARzBFAiEAvC6oatUhqBkjpW4Q U4e3Y/e1fAhkT5H+NeHb3JgZu8ICICHV4M+ti4V8kZZd9MkBWeRibL3/5QFK+n2b 9UafMAFvAHYAfVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGWwuil oQAABAMARzBFAiEAv4ISi9QSpwj+z6Na5vlUMrKKLewAZaxxfcK4UUX7mOECIFSB XJs6CF7txFWvx311RDs14PiK0/4Gp2hA0PRAU5/KAHYAEvFONL1TckyEBhnDjz96 E/jntWKHiJxtMAWE6+WGJjoAAAGWwuilCwAABAMARzBFAiEAzNMr40YnIDI36H7N 3oGbJfP2z6oPFBxPwGUMy4eiCkQCIADGUTflg/VNEXbkn5ca+ZIpK1G1FdtlBV4/ HjGlmwwkMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEw PAYJKwYBBAGCNxUHBC8wLQYlKwYBBAGCNxUIh73XG4Hn60aCgZ0ujtAMh/DaHV2C q+cwh+3xHwIBZAIBLTCBtAYIKwYBBQUHAQEEgacwgaQwcwYIKwYBBQUHMAKGZ2h0 dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIw QXp1cmUlMjBSU0ElMjBUTFMlMjBJc3N1aW5nJTIwQ0ElMjAwNyUyMC0lMjB4c2ln bi5jcnQwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vbmVvY3NwLm1pY3Jvc29mdC5jb20v b2NzcDAdBgNVHQ4EFgQUUCq83upFRUuEEK81AUCWJKa+WzUwDgYDVR0PAQH/BAQD AgWgMIIPtQYDVR0RBIIPrDCCD6iCDW1pY3Jvc29mdC5jb22CD3MubWljcm9zb2Z0 LmNvbYIQZ2EubWljcm9zb2Z0LmNvbYIRYWVwLm1pY3Jvc29mdC5jb22CEWFlci5t aWNyb3NvZnQuY29tghFncnYubWljcm9zb2Z0LmNvbYIRaHVwLm1pY3Jvc29mdC5j b22CEW1hYy5taWNyb3NvZnQuY29tghFta2IubWljcm9zb2Z0LmNvbYIRcG1lLm1p Y3Jvc29mdC5jb22CEXBtaS5taWNyb3NvZnQuY29tghFyc3MubWljcm9zb2Z0LmNv bYIRc2FyLm1pY3Jvc29mdC5jb22CEXRjby5taWNyb3NvZnQuY29tghJmdXNlLm1p Y3Jvc29mdC5jb22CEmllYWsubWljcm9zb2Z0LmNvbYISbWFjMi5taWNyb3NvZnQu Y29tghJtY3NwLm1pY3Jvc29mdC5jb22CEm9wZW4ubWljcm9zb2Z0LmNvbYISc2hv cC5taWNyb3NvZnQuY29tghJzcHVyLm1pY3Jvc29mdC5jb22CE2l0cHJvLm1pY3Jv c29mdC5jb22CE21hbmdvLm1pY3Jvc29mdC5jb22CE211c2ljLm1pY3Jvc29mdC5j b22CE3B5bWVzLm1pY3Jvc29mdC5jb22CE3N0b3JlLm1pY3Jvc29mdC5jb22CFGFl dGhlci5taWNyb3NvZnQuY29tghRhbGVydHMubWljcm9zb2Z0LmNvbYIUZGVzaWdu Lm1pY3Jvc29mdC5jb22CFGdhcmFnZS5taWNyb3NvZnQuY29tghRnaWdqYW0ubWlj cm9zb2Z0LmNvbYIUbXNjdGVjLm1pY3Jvc29mdC5jb22CFG9ubGluZS5taWNyb3Nv ZnQuY29tghRzdHJlYW0ubWljcm9zb2Z0LmNvbYIVYWZmbGluay5taWNyb3NvZnQu Y29tghVjb25uZWN0Lm1pY3Jvc29mdC5jb22CFWRldmVsb3AubWljcm9zb2Z0LmNv bYIVZG9tYWlucy5taWNyb3NvZnQuY29tghVleGFtcGxlLm1pY3Jvc29mdC5jb22C FW1hZGVpcmEubWljcm9zb2Z0LmNvbYIVbXNkbmlzdi5taWNyb3NvZnQuY29tghVt c3ByZXNzLm1pY3Jvc29mdC5jb22CFXd3dy5hZXAubWljcm9zb2Z0LmNvbYIVd3d3 LmFlci5taWNyb3NvZnQuY29tghV3d3diZXRhLm1pY3Jvc29mdC5jb22CFmJ1c2lu ZXNzLm1pY3Jvc29mdC5jb22CFmVtcHJlc2FzLm1pY3Jvc29mdC5jb22CFmxlYXJu aW5nLm1pY3Jvc29mdC5jb22CFm1zZG53aWtpLm1pY3Jvc29mdC5jb22CFm9wZW5u ZXNzLm1pY3Jvc29mdC5jb22CFnBpbnBvaW50Lm1pY3Jvc29mdC5jb22CFnNuYWNr Ym94Lm1pY3Jvc29mdC5jb22CFnNwb25zb3JzLm1pY3Jvc29mdC5jb22CFnN0YXRp b25xLm1pY3Jvc29mdC5jb22CF2Fpc3Rvcmllcy5taWNyb3NvZnQuY29tghdjb21t dW5pdHkubWljcm9zb2Z0LmNvbYIXY3Jhd2xtc2RuLm1pY3Jvc29mdC5jb22CF2lv dHNjaG9vbC5taWNyb3NvZnQuY29tghdtZXNzZW5nZXIubWljcm9zb2Z0LmNvbYIX bWluZWNyYWZ0Lm1pY3Jvc29mdC5jb22CGGJhY2tvZmZpY2UubWljcm9zb2Z0LmNv bYIYZW50ZXJwcmlzZS5taWNyb3NvZnQuY29tghhpb3RjZW50cmFsLm1pY3Jvc29m dC5jb22CGHBpbnVuYmxvY2subWljcm9zb2Z0LmNvbYIYcmVyb3V0ZTQ0My5taWNy b3NvZnQuY29tghljb21tdW5pdGllcy5taWNyb3NvZnQuY29tghlleHBsb3JlLXNt Yi5taWNyb3NvZnQuY29tghlleHByZXNzaW9ucy5taWNyb3NvZnQuY29tghlvbmRl cm5lbWVycy5taWNyb3NvZnQuY29tghl0ZWNoYWNhZGVteS5taWNyb3NvZnQuY29t ghl0ZXJyYXNlcnZlci5taWNyb3NvZnQuY29tghpjb21tdW5pdGllczIubWljcm9z b2Z0LmNvbYIaY29ubmVjdGV2ZW50Lm1pY3Jvc29mdC5jb22CGmRhdGFwbGF0Zm9y bS5taWNyb3NvZnQuY29tghplbnRyZXByZW5ldXIubWljcm9zb2Z0LmNvbYIaaHhk LnJlc2VhcmNoLm1pY3Jvc29mdC5jb22CGm1zcGFydG5lcmlyYS5taWNyb3NvZnQu Y29tghpteWRhdGFoZWFsdGgubWljcm9zb2Z0LmNvbYIab2VtY29tbXVuaXR5Lm1p Y3Jvc29mdC5jb22CGnJlYWwtc3Rvcmllcy5taWNyb3NvZnQuY29tghp3d3cuZm9y bXNwcm8ubWljcm9zb2Z0LmNvbYIbZnV0dXJlZGVjb2RlZC5taWNyb3NvZnQuY29t ght1cGdyYWRlY2VudGVyLm1pY3Jvc29mdC5jb22CHGxlYXJuYW5hbHl0aWNzLm1p Y3Jvc29mdC5jb22CHG9ubGluZWxlYXJuaW5nLm1pY3Jvc29mdC5jb22CHWJ1c2lu ZXNzY2VudHJhbC5taWNyb3NvZnQuY29tgh1jbG91ZC1pbW1lcnNpb24ubWljcm9z b2Z0LmNvbYIdc3R1ZGVudHBhcnRuZXJzLm1pY3Jvc29mdC5jb22CHmFuYWx5dGlj c3BhcnRuZXIubWljcm9zb2Z0LmNvbYIeYnVzaW5lc3NwbGF0Zm9ybS5taWNyb3Nv ZnQuY29tgh5leHBsb3JlLXNlY3VyaXR5Lm1pY3Jvc29mdC5jb22CHmtsZWludW50 ZXJuZWhtZW4ubWljcm9zb2Z0LmNvbYIecGFydG5lcmNvbW11bml0eS5taWNyb3Nv ZnQuY29tgh9leHBsb3JlLW1hcmtldGluZy5taWNyb3NvZnQuY29tgh9pbm5vdmF0 aW9uY29udGVzdC5taWNyb3NvZnQuY29tgh9wYXJ0bmVyaW5jZW50aXZlcy5taWNy b3NvZnQuY29tgh9waG9lbml4Y2F0YWxvZ3VhdC5taWNyb3NvZnQuY29tgh9zemtv bHlwcnp5c3psb3NjaS5taWNyb3NvZnQuY29tgh93d3cucG93ZXJhdXRvbWF0ZS5t aWNyb3NvZnQuY29tgiBzdWNjZXNzaW9ucGxhbm5pbmcubWljcm9zb2Z0LmNvbYIi bHVtaWFjb252ZXJzYXRpb25zdWsubWljcm9zb2Z0LmNvbYIjc3VjY2Vzc2lvbnBs YW5uaW5ndWF0Lm1pY3Jvc29mdC5jb22CJGJ1c2luZXNzbW9iaWxpdHljZW50ZXIu bWljcm9zb2Z0LmNvbYIlc2t5cGVhbmR0ZWFtcy5mYXN0dHJhY2subWljcm9zb2Z0 LmNvbYInd3d3Lm1pY3Jvc29mdGRsYXBhcnRuZXJvdy5taWNyb3NvZnQuY29tgihj b21tZXJjaWFsYXBwY2VydGlmaWNhdGlvbi5taWNyb3NvZnQuY29tgil3d3cuc2t5 cGVhbmR0ZWFtcy5mYXN0dHJhY2subWljcm9zb2Z0LmNvbYIiY2VvY29ubmVjdGlv bnMuZXZlbnQubWljcm9zb2Z0LmNvbYIYYml6NGFmcmlrYS5taWNyb3NvZnQuY29t ghZjYXNoYmFjay5taWNyb3NvZnQuY29tghp3d3cuY2FzaGJhY2subWljcm9zb2Z0 LmNvbYITdmlzaW8ubWljcm9zb2Z0LmNvbYIXaW5zaWRlbXNyLm1pY3Jvc29mdC5j b22CH2RldmVsb3BlcnZlbG9jaXR5YXNzZXNzbWVudC5jb22CI3d3dy5kZXZlbG9w ZXJ2ZWxvY2l0eWFzc2Vzc21lbnQuY29tggpnZWFyczUuY29tgg53d3cuZ2VhcnM1 LmNvbYIUd3d3LmdlYXJzdGFjdGljcy5jb22CEGdlYXJzdGFjdGljcy5jb22CEW0x Mi5taWNyb3NvZnQuY29tggxzZWVpbmdhaS5jb22CGHlvdXJjaG9pY2UubWljcm9z b2Z0LmNvbYIZbXZ0ZC5ldmVudHMubWljcm9zb2Z0LmNvbYIVaW1hZ2luZS5taWNy b3NvZnQuY29tghBtaWNyb3NvZnQuY29tLmF1ghR3d3cubWljcm9zb2Z0LmNvbS5h dYIWZHluYW1pY3MubWljcm9zb2Z0LmNvbYIbcG93ZXJwbGF0Zm9ybS5taWNyb3Nv ZnQuY29tghdwb3dlcmFwcHMubWljcm9zb2Z0LmNvbYIbcG93ZXJhdXRvbWF0ZS5t aWNyb3NvZnQuY29tgiBwb3dlcnZpcnR1YWxhZ2VudHMubWljcm9zb2Z0LmNvbYIY cG93ZXJwYWdlcy5taWNyb3NvZnQuY29tgh90ZXN0LmlkZWFzLmZhYnJpYy5taWNy b3NvZnQuY29tghFzZHMubWljcm9zb2Z0LmNvbYIVcHBlLnNkcy5taWNyb3NvZnQu Y29tght3d3cubWljcm9zb2Z0MzY1Y29waWxvdC5jb22CEHd3dy5qY2xhcml0eS5j b22CG3RlY2hpbm5vdmF0b3Jzc3BvdGxpZ2h0LmNvbYIfd3d3LnRlY2hpbm5vdmF0 b3Jzc3BvdGxpZ2h0LmNvbYIKY29waWxvdC5haYIVZ2V0bGljZW5zaW5ncmVhZHku Y29tghl3d3cuZ2V0bGljZW5zaW5ncmVhZHkuY29tghRqcG4uZGVsdmUub2ZmaWNl LmNvbYIUYXVzLmRlbHZlLm9mZmljZS5jb22CFGluZC5kZWx2ZS5vZmZpY2UuY29t ghRrb3IuZGVsdmUub2ZmaWNlLmNvbYIWY29icmEubWUubWljcm9zb2Z0LmNvbYIX d3d3LmJ1c2luZXNzY2VudHJhbC5jb22CE2J1c2luZXNzY2VudHJhbC5jb22CHG1z YWlkYXRhc3R1ZGlvLm9mZmljZXBwZS5uZXSCGmlkZWFzLmZhYnJpYy5taWNyb3Nv ZnQuY29tggx3d3cuY3B0LmxpbmuCCGNwdC5saW5rggx5YXJwLmRvdC5uZXSCE21p Y3Jvc29mdHN0cmVhbS5jb22CF3d3dy5taWNyb3NvZnRzdHJlYW0uY29tghd3ZWIu bWljcm9zb2Z0c3RyZWFtLmNvbYITZGlzY292ZXIuY29waWxvdC5haYILY29waWxv dC5jb22CD3d3dy5jb3BpbG90LmNvbYIUZGlzY292ZXIuY29waWxvdC5jb20wDAYD VR0TAQH/BAIwADBqBgNVHR8EYzBhMF+gXaBbhllodHRwOi8vd3d3Lm1pY3Jvc29m dC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBBenVyZSUyMFJTQSUyMFRMUyUy MElzc3VpbmclMjBDQSUyMDA3LmNybDBmBgNVHSAEXzBdMFEGDCsGAQQBgjdMg30B ATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3Bz L0RvY3MvUmVwb3NpdG9yeS5odG0wCAYGZ4EMAQICMB8GA1UdIwQYMBaAFM4VFjvq AqOma9rZK/3ljFK+elCoMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAN BgkqhkiG9w0BAQwFAAOCAgEAD8oUKPFC+F7mlKiS+ZiX/OpuhS9Uhy6fCrlN7avs 5AkeUsrZ9B7pgmunvmtHU0xwPHb+I9coX81VKBUsyz+z8hPfSE/6xEyhXSN8EW8q +9DWT/n/icMFxKvoehMFU9zgmvpdg5oVa210nABLeGqL6k0ajZHXLBA1msYDdvUa FVHP+JKVrvcxBaDSiD5f29KoU6bwRQ9+8MoTA5hFn2RzDVV+FZ+sCnYRoVTxYtvZ Ecl7vAAWkJ4hVmLD9BoxwPzjPzuak3co7XMerwqAL6twuN3+6gynGol+U5azY4IR 2AtZ8zBxl01dyLisqhS3Pm4tm3VShyCUnNZ9fJ31nNUV9ygMgHpBWnoiEB6bCa9P YvHeV1x8c+ig+9gQybTskY/BDw4hMbJJY0wB6/aRW08dWwxVN1u2abcGBX9msizR eBRGeqDgHx/tJFUCmAqAPfhpgrzBXVz7LppaTJ8Go+eFrbBDklBzypiw7+11PsY4 rREajvXPQ/fpkW9fO4UaEbAlOK4Uzk4JdxmmKDJsurg94m0jm9/c3wkAV3ROJII8 Jyy/4cpWjl5bHy5a5qE/vW/2O+tvydWYhWmNw9oL+1PsBnyk4lU97z4Sz7doSpzw Gi2ZlJ19JpKaPFFyqbk01sUx3drmWpEYtB5BkpiqJl187d7NoHBuLEyJtSbLz/ub yOI= -----END CERTIFICATE----- subject=C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = microsoft.com issuer=C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 07 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 8147 bytes and written 379 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256 Server public key is 2048 bit Secure Renegotiation IS NOT supported No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- DONE
Master-Key should be an AES key.
TLS has a feature for PSK (pre-shared key), which is almost never used.
TLS has a feature for passwords (SRP), and I have also not seen it being used.
2.8. Making CSR
[ req ] # necessary ? prompt = no # no interactive default_keyfile = my-server.net.key distinguished_name = req_distinguished_name # refers to a section name req_extensions = v3_req # also section name [ req_distinguished_name ] CN = my-server.net # legacy [ v3_req ] subjectAltName = @alt_names [alt_names] DNS.1 = my-server.net DNS.3 = www.my-server.net IP.1 = 127.0.0.1
List ecdsa parameters
openssl ecparam -list_curves
secp112r1 : SECG/WTLS curve over a 112 bit prime field secp112r2 : SECG curve over a 112 bit prime field secp128r1 : SECG curve over a 128 bit prime field secp128r2 : SECG curve over a 128 bit prime field secp160k1 : SECG curve over a 160 bit prime field secp160r1 : SECG curve over a 160 bit prime field secp160r2 : SECG/WTLS curve over a 160 bit prime field secp192k1 : SECG curve over a 192 bit prime field secp224k1 : SECG curve over a 224 bit prime field secp224r1 : NIST/SECG curve over a 224 bit prime field secp256k1 : SECG curve over a 256 bit prime field secp384r1 : NIST/SECG curve over a 384 bit prime field secp521r1 : NIST/SECG curve over a 521 bit prime field prime192v1: NIST/X9.62/SECG curve over a 192 bit prime field prime192v2: X9.62 curve over a 192 bit prime field prime192v3: X9.62 curve over a 192 bit prime field prime239v1: X9.62 curve over a 239 bit prime field prime239v2: X9.62 curve over a 239 bit prime field prime239v3: X9.62 curve over a 239 bit prime field prime256v1: X9.62/SECG curve over a 256 bit prime field sect113r1 : SECG curve over a 113 bit binary field sect113r2 : SECG curve over a 113 bit binary field sect131r1 : SECG/WTLS curve over a 131 bit binary field sect131r2 : SECG curve over a 131 bit binary field sect163k1 : NIST/SECG/WTLS curve over a 163 bit binary field sect163r1 : SECG curve over a 163 bit binary field sect163r2 : NIST/SECG curve over a 163 bit binary field sect193r1 : SECG curve over a 193 bit binary field sect193r2 : SECG curve over a 193 bit binary field sect233k1 : NIST/SECG/WTLS curve over a 233 bit binary field sect233r1 : NIST/SECG/WTLS curve over a 233 bit binary field sect239k1 : SECG curve over a 239 bit binary field sect283k1 : NIST/SECG curve over a 283 bit binary field sect283r1 : NIST/SECG curve over a 283 bit binary field sect409k1 : NIST/SECG curve over a 409 bit binary field sect409r1 : NIST/SECG curve over a 409 bit binary field sect571k1 : NIST/SECG curve over a 571 bit binary field sect571r1 : NIST/SECG curve over a 571 bit binary field c2pnb163v1: X9.62 curve over a 163 bit binary field c2pnb163v2: X9.62 curve over a 163 bit binary field c2pnb163v3: X9.62 curve over a 163 bit binary field c2pnb176v1: X9.62 curve over a 176 bit binary field c2tnb191v1: X9.62 curve over a 191 bit binary field c2tnb191v2: X9.62 curve over a 191 bit binary field c2tnb191v3: X9.62 curve over a 191 bit binary field c2pnb208w1: X9.62 curve over a 208 bit binary field c2tnb239v1: X9.62 curve over a 239 bit binary field c2tnb239v2: X9.62 curve over a 239 bit binary field c2tnb239v3: X9.62 curve over a 239 bit binary field c2pnb272w1: X9.62 curve over a 272 bit binary field c2pnb304w1: X9.62 curve over a 304 bit binary field c2tnb359v1: X9.62 curve over a 359 bit binary field c2pnb368w1: X9.62 curve over a 368 bit binary field c2tnb431r1: X9.62 curve over a 431 bit binary field wap-wsg-idm-ecid-wtls1: WTLS curve over a 113 bit binary field wap-wsg-idm-ecid-wtls3: NIST/SECG/WTLS curve over a 163 bit binary field wap-wsg-idm-ecid-wtls4: SECG curve over a 113 bit binary field wap-wsg-idm-ecid-wtls5: X9.62 curve over a 163 bit binary field wap-wsg-idm-ecid-wtls6: SECG/WTLS curve over a 112 bit prime field wap-wsg-idm-ecid-wtls7: SECG/WTLS curve over a 160 bit prime field wap-wsg-idm-ecid-wtls8: WTLS curve over a 112 bit prime field wap-wsg-idm-ecid-wtls9: WTLS curve over a 160 bit prime field wap-wsg-idm-ecid-wtls10: NIST/SECG/WTLS curve over a 233 bit binary field wap-wsg-idm-ecid-wtls11: NIST/SECG/WTLS curve over a 233 bit binary field wap-wsg-idm-ecid-wtls12: WTLS curve over a 224 bit prime field Oakley-EC2N-3: IPSec/IKE/Oakley curve #3 over a 155 bit binary field. Not suitable for ECDSA. Questionable extension field! Oakley-EC2N-4: IPSec/IKE/Oakley curve #4 over a 185 bit binary field. Not suitable for ECDSA. Questionable extension field! brainpoolP160r1: RFC 5639 curve over a 160 bit prime field brainpoolP160t1: RFC 5639 curve over a 160 bit prime field brainpoolP192r1: RFC 5639 curve over a 192 bit prime field brainpoolP192t1: RFC 5639 curve over a 192 bit prime field brainpoolP224r1: RFC 5639 curve over a 224 bit prime field brainpoolP224t1: RFC 5639 curve over a 224 bit prime field brainpoolP256r1: RFC 5639 curve over a 256 bit prime field brainpoolP256t1: RFC 5639 curve over a 256 bit prime field brainpoolP320r1: RFC 5639 curve over a 320 bit prime field brainpoolP320t1: RFC 5639 curve over a 320 bit prime field brainpoolP384r1: RFC 5639 curve over a 384 bit prime field brainpoolP384t1: RFC 5639 curve over a 384 bit prime field brainpoolP512r1: RFC 5639 curve over a 512 bit prime field brainpoolP512t1: RFC 5639 curve over a 512 bit prime field SM2 : SM2 curve over a 256 bit prime field
2.9. Making an CA
When looking at the following code, pay a lot of attention to the -x509
switch to the req
command.
-x509 This option outputs a certificate instead of a certificate request. This is typically used to generate test certificates. It is implied by the -CA option. This option implies the -new flag if -in is not given. If an existing request is specified with the -in option, it is converted to a certificate; otherwise a request is created from scratch. Unless specified using the -set_serial option, a large random number will be used for the serial number. Unless the -copy_extensions option is used, X.509 extensions are not copied from any provided request input file. X.509 extensions to be added can be specified in the configuration file, possibly using the -config and -extensions options, and/or using the -addext option.
2.9.1. TODO RSA version
This section is unfinished and does not include client generation.
This section is config-file based, which is in theory better than just parameters, but I do not care for private use.
How to generate a root cert:
#!bash printf 'Hello\n' printf 'Deleting CA directory\n' rm -rf "CA_directory" mkdir -p CA_directory/root/{certs,newcerts,crl,private,csr} echo 1000 > CA_directory/root/serial echo 1000 > CA_directory/root/crlnumber touch CA_directory/root/index.txt cd CA_directory/root/ openssl req -config <(printf '%s' ' [ca] default_ca = CA_default # Section redirection [ CA_default ] dir = ./CA_directory/root certs = $dir/certs crl_dir = $dir/crl new_certs_dir = $dir/newcerts # how is it different from certs? database = $dir/index.txt private_keys = $dir/private/ca.key.pem certificate = $dir/certs/ca.cert.pem crlnumber = $dir/crlnumber crl = $dir/crl/ca.crl.pem crl_extensions = crl_ext cefault_crl_days = 30 name_opt = ca_default # magic? cert_opt = ca_default # magic? default_days = 375 # how long standard certs signed _with_this_ca_ live preserve = no # magic policy = policy_strict # root CA gets its policy from a section called policy_strict # I guess that for a simpleton certificate for a personal server none of this is needed? [ policy_strict ] # which certs a CA root can sign countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional [ req ] default_bits = 4096 distinguished_name = req_distinguished_name string_mask = utf8only default_md = sha256 x509_extensions = v3_ca prompt = no [ req_distinguished_name ] C = TS ST = TestProvince L = TestCity O = TestCompany OU = TestCompanyDepartment CN = My CA Root Certificate [ v3_ca ]# man openssl-x509v3_config subjectKeyIdentifier = hash # unique code, identifying certs, hash means use a hash of the cert authorityKeyIdentifier = keyid:always,issuer # add signing key info when signing certificates basicConstraints = critical, CA:true, pathlen:1 # must be a CA cert, can only sign non-further-signatures certs keyUsage = critical, digitalSignature, cRLSign, keyCertSign ') -newkey rsa -keyout private/ca.key.pem -x509 -days 7300 \ -extensions v3_ca -out certs/ca.cert.pem -nodes
2.9.2. A simpler RSA version
openssl req -x509\ -newkey rsa -keyout ca.key.pem -out ca.cert.pem \ -days 7300 \ -nodes \ -subj "/C=NL/ST=Zuid Holland/L=Rotterdam/O=ACME Corp/OU=IT Dept/CN=localhost"
# generate keypair openssl req \ -new \ -newkey rsa -keyout client0.key -out client0.csr.pem \ -subj "/C=NL/ST=Zuid Holland/L=Rotterdam/O=ACME Corp/OU=IT Dept/CN=localhost" \ -nodes # sign openssl x509 -req \ -extfile <(printf '%s' 'subjectAltName = DNS:localhost,DNS:blabla.org') \ -CA ca.cert.pem -CAkey ca.key.pem -in client0.csr.pem -out client0.cert.pem -CAcreateserial
The important thing is that the SAN extension is added during signing, not generating a keypair.
2.9.3. CA using ECDSA
PARAM=$(openssl genpkey -genparam -algorithm ec \ -pkeyopt ec_paramgen_curve:P-256) printf '%s\n' "$PARAM" openssl req \ -x509 \ -newkey ec:<(printf '%s\n' "$PARAM") -keyout ca.key.pem -out ca.cert.pem \ -days 7300 \ -nodes \ -subj "/C=NL/ST=Zuid Holland/L=Rotterdam/O=ACME Corp/OU=IT Dept/CN=localhost" # generate keypair openssl req \ -new \ -newkey ec:<(printf '%s' "$PARAM") -keyout client0.key -out client0.csr.pem \ -subj "/C=NL/ST=Zuid Holland/L=Rotterdam/O=ACME Corp/OU=IT Dept/CN=localhost" \ -nodes # sign openssl x509 -req \ -extfile <(printf '%s' 'subjectAltName = DNS.1:localhost,DNS.2:blabla.org,IP.1:127.0.0.1') \ -CA ca.cert.pem -CAkey ca.key.pem -in client0.csr.pem -CAcreateserial -out client0.cert.pem # check that it works openssl x509 -text -noout -in client0.cert.pem
3. TODO Words
- wobble :: shaking unsystematically
- besotted :: enthralled, stupefied, intoxicated, befuddled
- snazzy :: cool and attractive
- fling :: throw something forcefully or carelessly
- willy-nilly :: without much organisation
- tally stick :: the ancient cryptography device – write a document on a piece of wood and cut it jigsaw-like in halves. faking a piece of wood is nearly impossible
- Canadian loonie :: a Canadian 1-dollar coin
- daft :: dumb, stupid
- detritus :: debris, literally pieces of rocks broken off by ice
- wad of paper :: not even and neat piece of paper, a clot, usually as in "wad of cash", "wad of money"
- pummel :: strike repeatedly with fists
- finagle :: obtain something by illegitimate and dishonest means