Шукати в цьому блозі

пʼятниця, 1 грудня 2017 р.

Як перевірити з'єднання по https/http2?

Сподіваюся, що всім відомо, що звичайне з'єднання по http-протоколу можна перевірити використовуючи звичайну команду telnet:
$ telnet google.com.ua 80
Trying 172.217.20.163...
Connected to google.com.ua.
Escape character is '^]'.
GET /
HTTP/1.0 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Location: http://www.google.com.ua/?gfe_rd=cr&dcr=0&ei=51chWtS7ErTi8Aed2bXIBA
Content-Length: 272
Date: Fri, 01 Dec 2017 13:23:51 GMT

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.google.com.ua/?gfe_rd=cr&dcr=0&ei=51chWtS7ErTi8Aed2bXIBA">here</A>.
</BODY></HTML>
Connection closed by foreign host.
А як перевірити https/http2?
Виявляється, що теж доволі просто:
$ openssl s_client -connect google.com.ua:443
CONNECTED(00000003)
depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority
verify return:1
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = google.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=google.com
   i:/C=US/O=Google Inc/CN=Google Internet Authority G2
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIgzjCCH7agAwIBAgIIC3opcadHGlowDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE
…skip…
aVs=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=google.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
---
No client certificate CA names sent
---
SSL handshake has read 11078 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: CF87F01549DC0A0F009A3BE4125C7FC4CEA275ECA69BB770311C6D36FCF9D3F3
    Session-ID-ctx: 
    Master-Key: BFED552D2D80DDC539E59DAE4593F349FD4CB9AD334F3515640D213C3948771855C5F4EAA378025EF179BAD5FDC952AA
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 100800 (seconds)
    TLS session ticket:
    0000 - 00 f6 8f 2c 19 9c a3 e3-1b 90 16 f0 0d c3 f7 c2   ...,............
    …skip…
    00d0 - 13 56 e8 9f 2e                                    .V...

    Start Time: 1512134921
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
GET /
HTTP/1.0 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Location: https://www.google.com.ua/?gfe_rd=cr&dcr=0&ei=DFkhWt_PNa_i8Aeci6y4AQ
Content-Length: 273
Date: Fri, 01 Dec 2017 13:28:44 GMT
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="https://www.google.com.ua/?gfe_rd=cr&dcr=0&ei=DFkhWt_PNa_i8Aeci6y4AQ">here</A>.
</BODY></HTML>
read:errno=0
От так от.

Приблизно те саме, але для smtp TLS:
openssl s_client -starttls smtp -crlf -connect smtp.mailgun.org:587
Ну, а по інших моментах певно man openssl допомогти зможе :)