::: Zany's Homepage ::: Zany Wiki | 사이트 통합 검색
 
 
 

SSL Cipher suites 확인

게시판
Web Technologies
작성자
Zany
작성일
2019-03-14 10:44:35
읽은수
264
평점
   
표시옵션
HTML사용 | 자동BR태그 | 공백문자허용 | 가운데정렬 | 고정폭글꼴 | 자동URL링크 | 마우스선택
관련링크01
https://maxchadwick.xyz/blog/checking-ssl-tls-version-support-of-remote-host-from-command-line 
관련링크02
https://www.baeldung.com/java-7-tls-v12 
● 서버에서 현재 지원하는 cipher 종류와 버전 확인
[zany@titan ~]$ openssl ciphers -v | awk '{print $2}' | sort | uniq
SSLv3
TLSv1.2


● 접속하고자 하는 특정 서버가 해당 암호화 suite 로 접근을 허용하는지 확인
TLSv1
    openssl s_client -connect www.google.com:443 -tls1
TLSv1_1
    openssl s_client -connect www.google.com:443 -tls1_1
TLSv1_2
    openssl s_client -connect www.google.com:443 -tls1_2
[zany@titan ~]$ openssl s_client -connect www.google.com:443 -tls1_2
CONNECTED(00000003)
depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = www.google.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google LLC/CN=www.google.com
   i:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
 1 s:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
   i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEijCCA3KgAwIBAgIQdCea9tmy/T6rK/dDD1isujANBgkqhkiG9w0BAQsFADBU
MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMSUw
IwYDVQQDExxHb29nbGUgSW50ZXJuZXQgQXV0aG9yaXR5IEczMB4XDTE5MDMwMTA5
MjYyNFoXDTE5MDUyNDA5MjQwMFowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNh
bGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2ds
ZSBMTEMxFzAVBgNVBAMMDnd3dy5nb29nbGUuY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAttbZFEIB/gbgVh08AoR4+KlJHioNp1ezSf3ZVahFUzJt
oxppi/d/sEcBplBWJEiSs2EqqgpK8WqsT/de7RfUc0ur2Cp+aPbWH3FnfASbXSj1
t+MbtdzekLwd/YfuFUARYX8FKlrA5J/sIDdd3bmyAWCYv147sRVeUoiA1YhJ0r/X
F86wiVKuxtrcZriSr5jlgDI8nCOYvf6HKFKgyhjlURNmDfn5JgWWIJ9Qv4cE5okm
QRBNl4zQxSQehi7DEXFYsMLrtyJLAbU59ZWgrAKfRrHwac0k8jk+4tl0plBZPgQG
KWGBxxgJLv57Z+QyhYncWsp8RGsgsCTEGt5jKHGA8QIDAQABo4IBQjCCAT4wEwYD
VR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYI
KwYBBQUHAQEEXDBaMC0GCCsGAQUFBzAChiFodHRwOi8vcGtpLmdvb2cvZ3NyMi9H
VFNHSUFHMy5jcnQwKQYIKwYBBQUHMAGGHWh0dHA6Ly9vY3NwLnBraS5nb29nL0dU
U0dJQUczMB0GA1UdDgQWBBSGwtmdiuyB73xdMZ49+W2kdLk1dzAMBgNVHRMBAf8E
AjAAMB8GA1UdIwQYMBaAFHfCuFCaZ3Z2sS3ChtCDoH6mfrpLMCEGA1UdIAQaMBgw
DAYKKwYBBAHWeQIFAzAIBgZngQwBAgIwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov
L2NybC5wa2kuZ29vZy9HVFNHSUFHMy5jcmwwDQYJKoZIhvcNAQELBQADggEBAHt3
u/9Uhlu3cLVRiC0+Q99X1GeGFFxE7Osi0W4Aqr+AQ9no9el7vZd68OQb9ezoadui
wtaIbo5XMnWPo+8qISM2DfmzVCmtDxdo/V4g4AtzR80xdlFhuquPj8YX549svbHe
4Q7kIuvb0+ma0QB5ZPRcwsYT9Q5WUahlXYYV6SUlXVjy1o3X14gJN544AlhVicHS
FBByZN17M0/tJb9Aww4KO88tF26O/Exljnw49q0ZIvMo1qNY0VNuKfzmeVr4JPhK
UxBMF3WNsPx94q85TFLw+hwsH4KJ2hGggUrzIWsOkwtrNuVXaNE/Ca1DlJA/Y3EY
XDqTMVxfvpnNAHaD9s0=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google LLC/CN=www.google.com
issuer=/C=US/O=Google Trust Services/CN=Google Internet Authority G3
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 2994 bytes and written 373 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 6499AF99CA7DB4CBE5196114F2E9DC8C7B31BA7E3DDCB2996A26E62F65D71D49

    .... 생략 ....
    Start Time: 1552527679
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---
read:errno=0


● 접속하고자 하는 서버가 해당 암호화 suite 를 지원하지 않으면, 오류 발생.
140735577543560:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22/libressl/ssl/s3_pkt.c:1133:SSL alert number 70
140735577543560:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22/libressl/ssl/s3_pkt.c:522:


● Java 7 에서 TLSv1.2 지원
https://www.baeldung.com/java-7-tls-v12

게시물이 도움이 되셨으면 +1 을 눌러주세요~
 게시판 글 목록
No Subject Poster Hits Posted
Zany 264 2019-03-14 10:44:35
14219 Zany 368 2017-11-01 16:27:12
14197 Zany 365 2017-08-23 13:18:52
14066 Zany 485 2017-05-10 13:57:57
4516 Zany 1938 2013-06-18 11:35:45
4515 Zany 1993 2013-06-18 11:33:30
댓글 달기 - 이 글이 도움이 되었거나 흥미로우셨다면, 댓글을 남겨주세요.(^^)(oo)(__)
작성자
                       
 
zany.kr
  Copyright ⓒ 2002-2010 Zany's Programming Lab. All Rights Not Reserved.
temporary This Page loads on 0.000 Secs