阅读量:3
在Linux上使用OpenSSL进行SSL/TLS握手,可以通过命令行工具来实现。以下是具体步骤:
1. 安装OpenSSL
首先,确保你的Linux系统上已经安装了OpenSSL。如果没有安装,可以使用以下命令进行安装:
sudo apt-get update
sudo apt-get install openssl
2. 启动OpenSSL客户端
使用以下命令启动OpenSSL客户端:
openssl s_client
3. 指定目标服务器和端口
在启动OpenSSL客户端后,你需要指定要连接的目标服务器和端口。例如,如果你想连接到www.example.com的443端口,可以使用以下命令:
openssl s_client -connect www.example.com:443
4. 查看握手过程
OpenSSL客户端会显示SSL/TLS握手的详细过程,包括客户端和服务器之间的所有通信。你可以看到以下信息:
- 客户端发送ClientHello消息
- 服务器发送ServerHello消息
- 交换证书
- 交换密钥(如果使用的是非对称加密)
- 握手完成
5. 退出OpenSSL客户端
如果你想退出OpenSSL客户端,可以按Ctrl+C。
示例输出
以下是一个典型的SSL/TLS握手过程的示例输出:
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=19:self signed certificate in certificate chain
verify return:1
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = www.example.com
verify return:1
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
Certificate chain
0 s:CN = www.example.com
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDdzCCAl+gAwIBAgIEbJy1MjANBgkqhkiG9w0BAQsFADBzMQswCQYDVQQGEwJV
...
-----END CERTIFICATE-----
subject=CN = www.example.com
issuer=C = US, O = Let's Encrypt, CN = R3
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3597 bytes and written 434 bytes
Verification error: self signed certificate in certificate chain
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
Certificate chain
0 s:CN = www.example.com
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDdzCCAl+gAwIBAgIEbJy1MjANBgkqhkiG9w0BAQsFADBzMQswCQYDVQQGEwJV
...
-----END CERTIFICATE-----
subject=CN = www.example.com
issuer=C = US, O = Let's Encrypt, CN = R3
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3597 bytes and written 434 bytes
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
Certificate chain
0 s:CN = www.example.com
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDdzCCAl+gAwIBAgIEbJy1MjANBgkqhkiG9w0BAQsFADBzMQswCQYDVQQGEwJV
...
-----END CERTIFICATE-----
subject=CN = www.example.com
issuer=C = US, O = Let's Encrypt, CN = R3
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3597 bytes and written 434 bytes
---
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: ...
Session-ID-ctx:
Master-Key: ...
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1633072800
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
通过以上步骤,你可以在Linux上使用OpenSSL进行SSL/TLS握手,并查看详细的握手过程。
以上就是关于“OpenSSL在Linux上如何进行SSL/TLS握手”的相关介绍,筋斗云是国内较早的云主机应用的服务商,拥有10余年行业经验,提供丰富的云服务器、租用服务器等相关产品服务。云服务器资源弹性伸缩,主机vCPU、内存性能强悍、超高I/O速度、故障秒级恢复;电子化备案,提交快速,专业团队7×24小时服务支持!
简单好用、高性价比云服务器租用链接:https://www.jindouyun.cn/product/cvm