¡Ü ¼¹ö¿¡¼ ÇöÀç Áö¿øÇÏ´Â cipher Á¾·ù¿Í ¹öÀü È®ÀÎ
[zany@titan ~]$ openssl ciphers -v | awk '{print $2}' | sort | uniq
SSLv3
TLSv1.2
¡Ü Á¢¼ÓÇÏ°íÀÚ Çϴ ƯÁ¤ ¼¹ö°¡ ÇØ´ç ¾ÏÈ£È suite ·Î Á¢±ÙÀ» Çã¿ëÇÏ´ÂÁö È®ÀÎ
TLSv1
openssl s_client -connect www.google.com:443 -tls1
TLSv1_1
openssl s_client -connect www.google.com:443 -tls1_1
TLSv1_2
openssl s_client -connect www.google.com:443 -tls1_2
[zany@titan ~]$ openssl s_client -connect www.google.com:443 -tls1_2
CONNECTED(00000003)
depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = www.google.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google LLC/CN=www.google.com
i:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
1 s:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEijCCA3KgAwIBAgIQdCea9tmy/T6rK/dDD1isujANBgkqhkiG9w0BAQsFADBU
MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMSUw
IwYDVQQDExxHb29nbGUgSW50ZXJuZXQgQXV0aG9yaXR5IEczMB4XDTE5MDMwMTA5
MjYyNFoXDTE5MDUyNDA5MjQwMFowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNh
bGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2ds
ZSBMTEMxFzAVBgNVBAMMDnd3dy5nb29nbGUuY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAttbZFEIB/gbgVh08AoR4+KlJHioNp1ezSf3ZVahFUzJt
oxppi/d/sEcBplBWJEiSs2EqqgpK8WqsT/de7RfUc0ur2Cp+aPbWH3FnfASbXSj1
t+MbtdzekLwd/YfuFUARYX8FKlrA5J/sIDdd3bmyAWCYv147sRVeUoiA1YhJ0r/X
F86wiVKuxtrcZriSr5jlgDI8nCOYvf6HKFKgyhjlURNmDfn5JgWWIJ9Qv4cE5okm
QRBNl4zQxSQehi7DEXFYsMLrtyJLAbU59ZWgrAKfRrHwac0k8jk+4tl0plBZPgQG
KWGBxxgJLv57Z+QyhYncWsp8RGsgsCTEGt5jKHGA8QIDAQABo4IBQjCCAT4wEwYD
VR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYI
KwYBBQUHAQEEXDBaMC0GCCsGAQUFBzAChiFodHRwOi8vcGtpLmdvb2cvZ3NyMi9H
VFNHSUFHMy5jcnQwKQYIKwYBBQUHMAGGHWh0dHA6Ly9vY3NwLnBraS5nb29nL0dU
U0dJQUczMB0GA1UdDgQWBBSGwtmdiuyB73xdMZ49+W2kdLk1dzAMBgNVHRMBAf8E
AjAAMB8GA1UdIwQYMBaAFHfCuFCaZ3Z2sS3ChtCDoH6mfrpLMCEGA1UdIAQaMBgw
DAYKKwYBBAHWeQIFAzAIBgZngQwBAgIwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov
L2NybC5wa2kuZ29vZy9HVFNHSUFHMy5jcmwwDQYJKoZIhvcNAQELBQADggEBAHt3
u/9Uhlu3cLVRiC0+Q99X1GeGFFxE7Osi0W4Aqr+AQ9no9el7vZd68OQb9ezoadui
wtaIbo5XMnWPo+8qISM2DfmzVCmtDxdo/V4g4AtzR80xdlFhuquPj8YX549svbHe
4Q7kIuvb0+ma0QB5ZPRcwsYT9Q5WUahlXYYV6SUlXVjy1o3X14gJN544AlhVicHS
FBByZN17M0/tJb9Aww4KO88tF26O/Exljnw49q0ZIvMo1qNY0VNuKfzmeVr4JPhK
UxBMF3WNsPx94q85TFLw+hwsH4KJ2hGggUrzIWsOkwtrNuVXaNE/Ca1DlJA/Y3EY
XDqTMVxfvpnNAHaD9s0=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google LLC/CN=www.google.com
issuer=/C=US/O=Google Trust Services/CN=Google Internet Authority G3
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 2994 bytes and written 373 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 6499AF99CA7DB4CBE5196114F2E9DC8C7B31BA7E3DDCB2996A26E62F65D71D49
.... »ý·« ....
Start Time: 1552527679
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
read:errno=0
¡Ü Á¢¼ÓÇÏ°íÀÚ ÇÏ´Â ¼¹ö°¡ ÇØ´ç ¾ÏÈ£È suite ¸¦ Áö¿øÇÏÁö ¾ÊÀ¸¸é, ¿À·ù ¹ß»ý.
140735577543560:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22/libressl/ssl/s3_pkt.c:1133:SSL alert number 70
140735577543560:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22/libressl/ssl/s3_pkt.c:522:
¡Ü Java 7 ¿¡¼ TLSv1.2 Áö¿ø
https://www.baeldung.com/java-7-tls-v12
|
