zoukankan      html  css  js  c++  java

  • [openssl][nginx] 使用openssl模拟ssl/tls客户端测试nginx stream

    一 server的配置

    nginx

    # cat conf/nginx.conf
daemon off;
events {
        debug_connection 0.0.0.0/0;
}
stream {
        upstream test {
                server 127.0.0.1:50001;
        }
        server {
                listen 444 ssl;
                ssl_certificate /data/sni/sni_test1.cer;
                ssl_certificate_key /data/sni/sni_test1.key;
                proxy_pass test;
        }
}

    backend 服务

    [root@T9 ~]# nc -l 127.0.0.1 50001

    二 client

    客户端是openssl模拟链接

    ┬─[tong@T7:~/Src/thirdparty/nginx.git]─[10:48:40 AM]
╰─>$ openssl s_client -connect t9:444 -CAfile ~/Keys/https/root/root.cer
CONNECTED(00000003)
Can't use SSL_get_servername
depth=1 C = CN, ST = BeiJing, L = BeiJing, O = Tartaglia, CN = TTTrust, emailAddress = ca@tartaglia.org
verify return:1
depth=0 C = CN, ST = BeiJing, L = BeiJing, O = tong.com, OU = tong, CN = caotong_test1, emailAddress = tong@local
verify return:1
---
Certificate chain
 0 s:C = CN, ST = BeiJing, L = BeiJing, O = tong.com, OU = tong, CN = caotong_test1, emailAddress = tong@local
   i:C = CN, ST = BeiJing, L = BeiJing, O = Tartaglia, CN = TTTrust, emailAddress = ca@tartaglia.org
---
Server certificate
-----BEGIN CERTIFICATE-----
wPPQSnUlyNwsbAJLpynb
-----END CERTIFICATE-----
subject=C = CN, ST = BeiJing, L = BeiJing, O = tong.com, OU = tong, CN = caotong_test1, emailAddress = tong@local

issuer=C = CN, ST = BeiJing, L = BeiJing, O = Tartaglia, CN = TTTrust, emailAddress = ca@tartaglia.org

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1630 bytes and written 419 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: AD51CAE512036C290A3BA8E5F6CE1EA37F7C15B9735B66B832E1708AF34C50B4
    Session-ID-ctx: 
    Master-Key: 3CCECD6ABCA047228626ED57CFE77AB2C1BAFB106FAB44B7C7AE71E0A918F43412359A2EAAEA367694E617B7BF7191A0
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
。。。
    Start Time: 1569379721
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---

    三 总结

    客户端到nginx是tls,nginx到nc是tcp。

    [author: classic_tong, date: 20190925]
  • 相关阅读:
    Head first javascript(七)
    Python Fundamental for Django
    Head first javascript(六)
    Head first javascript(五)
    Head first javascript(四)
    Head first javascript(三)
    Head first javascript(二)
    Head first javascript(一)
    Sicily 1090. Highways 解题报告
    Python GUI programming(tkinter)
  • 原文地址:https://www.cnblogs.com/hugetong/p/11582970.html
Copyright © 2011-2022 走看看