ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5

BSD-241-llb-client#

BSD-241-llb-client# openssl s_client -state -connect 99.1.1.95:443 -tls1_2 -cipher RC4-MD5

用-cipher带一堆算法测试client带一堆算法

BSD-141-client# openssl s_client -state -connect 99.1.1.95:443 -cipher RC4-MD5:RC4-SHA:DES-CBC3-SHA:AES128-SHA:AES256-SHA:AES128-SHA256:AES256-SHA256

CONNECTED(00000003)

SSL_connect:before/connect initialization

SSL_connect:SSLv2/v3 write client hello A

SSL_connect:SSLv3 read server hello A

depth=0 C = CN, ST = BJ, L = BJ, O = array, OU = APV-HW, CN = APV105-RH-2048

verify error:num=20:unable to get local issuer certificate

verify return:1

depth=0 C = CN, ST = BJ, L = BJ, O = array, OU = APV-HW, CN = APV105-RH-2048

verify error:num=27:certificate not trusted

verify return:1

depth=0 C = CN, ST = BJ, L = BJ, O = array, OU = APV-HW, CN = APV105-RH-2048

verify error:num=21:unable to verify the first certificate

verify return:1

SSL_connect:SSLv3 read server certificate A

SSL_connect:SSLv3 read server done A

SSL_connect:SSLv3 write client key exchange A

SSL_connect:SSLv3 write change cipher spec A

SSL_connect:SSLv3 write finished A

SSL_connect:SSLv3 flush data

SSL_connect:SSLv3 read finished A

---

Certificate chain

0

s:/C=CN/ST=BJ/L=BJ/O=array/OU=APV-HW/CN=APV105-RH-2048

i:/C=CN/ST=BJ/L=BJ/O=array/OU=APV-HW/CN=CA-APV-HW-2048

---

Server certificate

-----BEGIN CERTIFICATE-----

MIIDNjCCAh4CARcwDQYJKoZIhvcNAQEFBQAwYTELMAkGA1UEBhMCQ04xCzAJBgNV

BAgTAkJKMQswCQYDVQQHEwJCSjEOMAwGA1UEChMFYXJyYXkxDzANBgNVBAsTBkFQ

Vi1IVzEXMBUGA1UEAxMOQ0EtQVBWLUhXLTIwNDgwHhcNMTMwMzEyMDAwMzI4WhcN

MjMwMzEwMDAwMzI4WjBhMQswCQYDVQQGEwJDTjELMAkGA1UECBMCQkoxCzAJBgNV

BAcTAkJKMQ4wDAYDVQQKEwVhcnJheTEPMA0GA1UECxMGQVBWLUhXMRcwFQYDVQQD

Ew5BUFYxMDUtUkgtMjA0ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB

ANcPDPhvVBB54ExKsRFj50YBtF4qYe7M+tlh5DC02szs92zcXyFxqxVzq3+BLIAd

Ls+G+/jJ5sDtBQPKCCCrGUssulpGa3ANmCoWAqvj6wiOVS9SAwYkLw1Tl1Vv8xye

kHxtJsxh5zhPIDevqAxiYns8G/ZEKnGGpsLXpcGSnMNckm1ih80dhwjb5iiOsOwc

EHS9EJ1TgjrnHcDXQAzCG0Nl6GLo55ggyXZYPnDULyO1C/BqfVuDMAqA8iVHyTwF

Qj238OobcW4YuKskycW6Cn42sA9RMbdLizeZb0HObmDgqkx06iDs+NXMxc3HXfWu

VgWe+VCJHPrn2hyTQPNaMicCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAtGQRHe76

o29eXWxApT/zXVmd3dvW2n8jjoxs4PR5YJenZFQHEOs4hr33+UO+BfNdvxVxRE

SZBqwrMcieo+JUW9bvOzepyHYYI61rXqV2CRqabAm06eKUWffhHZmrck5BGgnvRP

ihEjKiBeYDfP1Q67n8ZELR9RNO5sVfId3nJN7rXEeeByJEzS9iytBghJANWA8SGB

9FNYVZC47YfPv7tKRzn6PQLCXRyDx4QFRLb946oJm8dGsHUvyTtjhM5YnWVlEcbh

fmUgtwwRbcZpRl69deD7lTH79wg/8Hr9M+2kmW3LwCPOLc2GCA+hJLJnOzUx+TYU

7q/IsF5RPApb3A==

-----END CERTIFICATE-----

subject=/C=CN/ST=BJ/L=BJ/O=array/OU=APV-HW/CN=APV105-RH-2048

issuer=/C=CN/ST=BJ/L=BJ/O=array/OU=APV-HW/CN=CA-APV-HW-2048

---

No client certificate CA names sent

---

SSL handshake has read 976 bytes and written 384 bytes

---

New, TLSv1/SSLv3, Cipher is RC4-SHA

Server public key is 2048 bit

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

SSL-Session:

Protocol : TLSv1.2

Cipher : RC4-SHA

Session-ID: F788B6E0EDE88A1AC76A166BA988BD7C8EFAC7A193EFAABFD5026CB468FC606A

Session-ID-ctx:

Master-Key: 99938515F93EA62ACDDA9517232B9441834B33335FAE62E49E2FC2008A2988B653E61FF62FAC41FB87B100B8FDA71167

Key-Arg : None

PSK identity: None

PSK identity hint: None

SRP username: None

Start Time: 14170164

Timeout : 300 (sec)

Verify return code: 21 (unable to verify the first certificate)

---

GET / HTTP/1.1

Host: 99.1.1.95

HTTP/1.1 200 OK

Date: Wed, 26 Nov 2014 06:50:06 GMT

Server: Apache/2.4.1 (Unix)

Last-Modified: Fri, 03 May 2013 01:04:32 GMT

ETag: "68-4dbc5ef058800"

Accept-Ranges: bytes

Content-Length: 104

Content-Type: text/html

Connection: Keep-alive

Via: 1.1 ID-0002262014560614 uproxy-2

112 It works!

CGI