Test de services ssl et tls : imaps, https etc...

tips jpg

Un petit tips qui peut s'avérer utile !

Pour tester, vérifier, ou visualiser le fonctionnement d'un socket en SSL ou TLS :

Par exemple sur un service imaps dovecot :

openssl s_client -connect 127.0.0.1:993

Cette commande vous affichera de précieuses informations :

Les protocoles, leurs versions, le certificat utilisé, etc...

CONNECTED(00000003)
depth=0 /C=FR/ST=France/L=Lyon/O=System Linux/CN=system-linux/emailAddress=adminATsystem-linux.eu
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=FR/ST=France/L=Lyon/O=System Linux/CN=system-linux/emailAddress=adminATsystem-linux.eu
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=FR/ST=France/L=Lyon/O=System Linux/CN=system-linux/emailAddress=adminATsystem-linux.eu
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/C=FR/ST=France/L=Lyon/O=System Linux/CN=system-linux/emailAddress=adminATsystem-linux.eu
   i:/C=FR/ST=France/L=Lyon/O=System Linux/CN=system-linux.eu/emailAddress=adminATsystem-linux.eu
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDlzCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQQADCBhDELMAkGA1UEBhMCRlIx
zANBgNVBAgTBkZyYW5jZTENMAsGA1UEBxMETHlbjEVMBMGA1UEChMMU3lzdGVt
ExpbnV4MRgwFgYDVQQDEw9zeXN0ZW0tbGludXguXUxJDAiBgkqhkiG9w0BCQEW
WFkbWluQHN5c3RlbS1saW51eC5ldTAeFw0wODEyMDYyMTMzMjRaFw0xODEyMDQy
TMzMjRaMIGBMQswCQYDVQQGEwJGUjEPMA0GA1UEBMGRnJhbmNlMQ0wCwYDVQQH
wRMeW9uMRUwEwYDVQQKEwxTeXN0ZW0gTGludXgxFTATBgNVBAMTDHN5c3RlbS1s
aW51eDEkMCIGCSqGSIb3DQEJARYVYWRtaW5Ac3lzdGVtWxpbnV4LmV1MIGfMA0G
CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAgJtwwYsK0hrnbHBzSlDNDK97qs+lmdn4
jVj2flsKSHnWrll3/JQud5JXbwexpd75894s419tyLyTSPEHrLCoMOVGonQ3tIO0
nAP/JDwQmD/fdkEQoNYqEJt7eUhd/MTEaxp5zt/Q0dwBbwt46HLijl9oxmc085u
Xxg4zhARZwIDAQABo4IBGDCCARQwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd
T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFDjI5YJAzbI+
EaPGRT1CMUMySVfcMIG5BgNVHSMEgbEwga6AFH7rk0gSb8aF2aUTlWswEtXx6inT
oYGKpIGHMIGEMQswCQYDVQQGEwJGUjEPMA0GA1UECBMRnJhbmNlMQ0wCwYDVQQH
EwRMeW9uMRUwEwYDVQQKEwxTeXN0ZW0gTGludXgxGDAWBgNVBAMTD3N5c3RlbS1s
aW51eC5ldTEkMCIGCSqGSIb3DQEJARYVYWRtaW5Ac3lzdGVLWxpbnV4LmV1ggkA
oauWikJuNgowDQYJKoZIhvcNAQEEBQADgYEAdl5zVk4eC4mAr1J0fDj5QWubwOlF
Fn8hsoj0oVeAPA1LyZY/XpHpD7CTiXfBmtdKOVqwRs1FsHtGpodz2Mhzhbt0Z4
ry0uoluXBPb3nWe9LVBgJ/cFXbH52V5xcaRPXIqnWTUk7Hn91Si0blNgLs1q9Mf
7uqktKEDEaUKyPk=
-----END CERTIFICATE-----
subject=/C=FR/ST=France/L=Lyon/O=System Linux/CN=system-linux/emailAddress=adminATsystem-linux.eu
issuer=/C=FR/ST=France/L=Lyon/O=System Linux/CN=system-linux.eu/emailAddress=adminATsystem-linux.eu
---
Acceptable client certificate CA names
/C=FR/ST=France/L=Lyon/O=System Linux/CN=system-linux/emailAddress=adminATsystem-linux.eu
---
SSL handshake has read 1439 bytes and written 321 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 174E9FBDA61AC405EBF42137F701CFA3FEAEFE34EE2AC241F3273D33976
    Session-ID-ctx:
    Master-Key: CDC4BE76E137A454DDA4FFEAD5945D373215E682A6650E4D73AF5A09D88F24003DA17A0B63F2A921F6D9A2DBA9D
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1287132043
    Timeout   : 200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
* OK [CAPABILITY IMAP4rev2 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=TLS AUTH=LOGIN] Dovecot ready.

Si vous avez des petites astuces comme celle-ci n'hésitez pas à les partager dans les commentaires, merci.

Vus : 565
Publié par System Linux : 211