Testing with OpenSSL
OpenSSL имеет встроенную клиентскую утилиту для подключения к защищенным серверам
openssl s_client -connect server.com:443
Она похожа на telnet или nc
Позволяет контролировать следующий за SSL/TLS уровень
На вход требует сервер и порт
Пример
Дернем страничку через TELNET
root@three:~# telnet example.com 80
Trying 93.184.216.34...
Connected to example.com.
Escape character is '^]'.
GET / HTTP/1.1
Host: example.com
HTTP/1.1 200 OK
...
Content-Length: 1256
Example Domain
...
Example Domain
This domain is for use in illustrative examples in documents. You may use this
domain in literature without prior coordination or asking for permission.
More information...
^CConnection closed by foreign host.
То же самое через S_CLIENT
root@three:~# openssl s_client -connect example.com:443
CONNECTED(00000003)
... # разная отладачная инфа про серты
---
Server certificate
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
subject=C = US, ST = California, L = Los Angeles, O = Internet Corporation for Assigned Names and Numbers, CN = www.example.org
issuer=C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
---
... # еще какая-то инфа
---
SSL handshake has read 4654 bytes and written 719 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
...
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
...
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
...
---
read R BLOCK ### И наконец полезная инфа (делаем свой запрос)
GET / HTTP/1.1
Host: example.com
HTTP/1.1 200 OK # (получаем ответ)
... # headers
Example Domain
Example Domain
This domain is for use in illustrative examples in documents. You may use this
domain in literature without prior coordination or asking for permission.
More information...
^C
остановился на странице 49