服务器名称指示(Server Name Indication,缩写:SNI)是TLS的一个扩展协议,首次发布在openssl 0.9.8f版本。
在该协议下,在握手过程开始时客户端告诉它正在连接的服务器要连接的主机名称。这允许服务器在相同的IP地址和TCP端口号上呈现多个证书,并且因此允许在相同的IP地址上提供多个安全(HTTPS)网站(或其他任何基于TLS的服务),而不需要所有这些站点使用相同的证书。它与HTTP/1.1基于名称的虚拟主机的概念相同,但是用于HTTPS。所需的主机名未加密,因此窃听者可以查看请求的网站。
openssl测试环境的搭建参见:centos下搭建openssl测试环境。
以上的基础上,再创建一个服务器证书和服务器CA认证请求文件(指定Common Name,例如Bu2),并通过CA认证:req3.pem、sslservercert2.pem、sslserverkey2.pem。
指定servername为Bu2。
# openssl s_server -tlsextdebug -state -serverpref -cert sslservercert.pem -key sslserverkey.pem -servername Bu2 -cert2 sslservercert2.pem -key2 sslserverkey2.pem -CAfile cacert.pem
Enter pass phrase for sslserverkey.pem:
Enter pass phrase for sslserverkey2.pem:
Setting secondary ctx parameters
Using default temp DH parameters
ACCEPT
$ openssl s_client -tlsextdebug -state -CAfile cacert.pem
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
TLS server extension "renegotiation info" (id=65281), len=1
0001 - <SPACES/NULS>
TLS server extension "EC point formats" (id=11), len=4
0000 - 03 00 01 02 ....
TLS server extension "session ticket" (id=35), len=0
TLS server extension "heartbeat" (id=15), len=1
0000 - 01 .
SSL_connect:SSLv3 read server hello A
depth=1 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = CA
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = BUPT
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read server session ticket A
SSL_connect:SSLv3 read finished A
---
Certificate chain
0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=BUPT
i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=CA
1 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=CA
i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDIDCCAgigAwIBAgIJALw6A4esvB1yMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQxCzAJBgNVBAMMAkNBMB4XDTIwMDQwMTE1MjcwNFoXDTIx
MDQwMTE1MjcwNFowVDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwEQlVQ
VDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtgnZu6ho9B4KeQTPKfw8KuZ7
SPiIpvN7bDQb7yEH8lXdcw0NB+VB/iZuT/cwwAWlXJNW0qokAxFn6lt8QMtubnUs
vRjY31Tg7cTmcxArwP8kBXF4M4GGXqR9wEI9hvbTJfuwqRB5vkNfvSjBH0hdzgp9
YM7mUbcFNt5W0z+0CzUCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0E
HxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFK1ioXQA
hnLUJAM+8Z1RkHsRQwEAMB8GA1UdIwQYMBaAFOdla/T+Y5c4EQQqbXYITYFVIA1r
MA0GCSqGSIb3DQEBCwUAA4IBAQA7631/iAO/poTvnkNzUKxW/WOQoo6AavZoEN1s
MlYpIKp2dzHB/b/TFBEC0PIK5EpRifSXS4t+v1IGVZecqYExsy4yX0U/jPXcQbmO
NYwrgFvMG3k0/5qBuZNuYw7KYLtAIstl+V8/LcRK3c76znrAb29stU6g5hEgmVUY
/k7K7JG8AprC5fU1pRaourhykbFCx7LxFyMzv2cwNoNkYmaU45SZGo8QBa0WWZuy
tAHWCflq2RqEaccFu1i3PSrkCaOUCXTbOvoM0pqjLgraU1gS/6bsseYd4aiOpfhz
b9pdF+0n3FU1LG7LoQphpDXCH/mergr8+J5MF1PdqbdIki53
-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=BUPT
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=CA
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2229 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: DC99116895F8D855B735CABAB93FA657D17C28757622608E633F9E94D0283838
Session-ID-ctx:
Master-Key: 7D0E0914F93B4EB9253BC766EEC58156C207E26E855BF937185F0633A59F4C1A8F3CEEAC477FA1E07CCE9CD7B288A618
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 17 44 73 28 91 e6 50 a9-0b 35 fa e6 5d 16 cf 25 .Ds(..P..5..]..%
0010 - 15 8b 47 f3 ef 59 48 81-9a 80 65 92 6c c2 99 62 ..G..YH...e.l..b
0020 - de d0 f3 04 32 2b 1e b0-a9 64 86 2f 46 25 e3 9a ....2+...d./F%..
0030 - e9 4c 4a d7 3c b4 dd ea-04 c9 ef 46 a7 a6 de 7d .LJ.<......F...}
0040 - 38 b7 0f 19 e5 b5 fa 5e-6f 07 55 78 ea 21 74 6b 8......^o.Ux.!tk
0050 - 56 4e bc 7d 02 39 e4 02-e6 e3 e4 99 8e 5d a2 bd VN.}.9.......]..
0060 - 34 d4 c3 d1 98 58 87 ac-dc f9 e4 4d 77 f1 7e bd 4....X.....Mw.~.
0070 - 65 33 75 a8 68 93 31 eb-1d 3d 72 eb 76 85 7f 09 e3u.h.1..=r.v...
0080 - 2a a3 ca 37 07 0e fe 33-82 13 c3 9b db 63 86 3b *..7...3.....c.;
0090 - d9 94 e3 de 56 07 94 46-b3 5b 09 a6 05 5e 1d c9 ....V..F.[...^..
Start Time: 1585822450
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
如上,认证时服务器会使用默认的BUPT对应的证书。
服务器端打印如下:
SSL_accept:before/accept initialization
TLS client extension "EC point formats" (id=11), len=4
0000 - 03 00 01 02 ....
TLS client extension "elliptic curves" (id=10), len=10
0000 - 00 08 00 17 00 19 00 18-00 16 ..........
TLS client extension "session ticket" (id=35), len=0
TLS client extension "signature algorithms" (id=13), len=32
0000 - 00 1e 06 01 06 02 06 03-05 01 05 02 05 03 04 01 ................
0010 - 04 02 04 03 03 01 03 02-03 03 02 01 02 02 02 03 ................
TLS client extension "heartbeat" (id=15), len=1
0000 - 01 .
SSL_accept:SSLv3 read client hello A
SSL_accept:SSLv3 write server hello A
SSL_accept:SSLv3 write certificate A
SSL_accept:SSLv3 write key exchange A
SSL_accept:SSLv3 write server done A
SSL_accept:SSLv3 flush data
SSL_accept:SSLv3 read client certificate A
SSL_accept:SSLv3 read client key exchange A
SSL_accept:SSLv3 read certificate verify A
SSL_accept:SSLv3 read finished A
SSL_accept:SSLv3 write session ticket A
SSL_accept:SSLv3 write change cipher spec A
SSL_accept:SSLv3 write finished A
SSL_accept:SSLv3 flush data
-----BEGIN SSL SESSION PARAMETERS-----
MFUCAQECAgMDBALAMAQABDB9DgkU+TtOuSU7x2buxYFWwgfiboVb+TcYXwYzpZ9M
Go887qxHf6HgfM6c17KIphihBgIEXoW68qIEAgIBLKQGBAQBAAAA
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:IDEA-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5
Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
Supported Elliptic Curves: P-256:P-521:P-384:secp256k1
Shared Elliptic curves: P-256:P-521:P-384:secp256k1
CIPHER is ECDHE-RSA-AES256-GCM-SHA384
Secure Renegotiation IS supported
如下,多了SNI相关的打印:TLS server extension “server name” (id=0), len=0等等。
$ openssl s_client -tlsextdebug -state -servername Bu2 -CAfile cacert.pem
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
TLS server extension "server name" (id=0), len=0
TLS server extension "renegotiation info" (id=65281), len=1
0001 - <SPACES/NULS>
TLS server extension "EC point formats" (id=11), len=4
0000 - 03 00 01 02 ....
TLS server extension "session ticket" (id=35), len=0
TLS server extension "heartbeat" (id=15), len=1
0000 - 01 .
SSL_connect:SSLv3 read server hello A
depth=1 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = CA
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = Bu2
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read server session ticket A
SSL_connect:SSLv3 read finished A
---
Certificate chain
0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=Bu2
i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=CA
1 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=CA
i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDHzCCAgegAwIBAgIJALw6A4esvB10MA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQxCzAJBgNVBAMMAkNBMB4XDTIwMDQwMjA4MjIwNFoXDTIx
MDQwMjA4MjIwNFowUzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAwwDQnUy
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdhzCUvJ5VJT6iMT+zEkES7PXj
Myw5yEtjA0ttl9VwEBChYO5GckmFkQWJzzNX8GVpMNvTezj9diA/uScNJW1n0uGE
4E3kz3drZspb2oVymMh/swG6LqDhkJ9oChoIZRSKXJrjeg8SzeAQFteW5o5dsbV5
ZgKHYI+3w+iljDl76wIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQf
Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUfRmXVtsi
DruMhqb8WTMwnpGd2P8wHwYDVR0jBBgwFoAU52Vr9P5jlzgRBCptdghNgVUgDWsw
DQYJKoZIhvcNAQELBQADggEBAE6em9pbkNEEGvDfJlefyRk/tXY2U8781stJH0BM
MMI2W1zYqHQOw1pc40JEJ6+QUQd3/7rVfiAC/bop5kmT3kRhfLiPI9+TBqqhzk5a
9hnmz2KqOFUo/twCJSaQ7tFDOVns4LW7b3+OfXQkOe/4LVYoynpxaEbSEa4iOnX5
mEAyPg9peJvZRNFuPqyY36/8bcrFfyccklPN4O61xUKtmxY8uJWYgYT1yvwlMS1e
BcHVC/V/Vm/oFybqUGgRDJScLFgTnq0FaGZ1eAF4yd9E/G53fRknJRXFonH2rGs9
J6Pt5Kvry9fVgDqIpIpHKQMR3Ftc1cxIubeFrnQWIwxk0fY=
-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=Bu2
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=CA
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2232 bytes and written 427 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: F2F0A9795DB4574F5E135E5096514707614A6326CCA1F97142E20F6852EA1F69
Session-ID-ctx:
Master-Key: 531F61C9C7AD2066A2F2132E1F45600BF3A481289080A27991C5896662C2C0D563CB8BED5F51A6B0A0679598CF099537
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 17 44 73 28 91 e6 50 a9-0b 35 fa e6 5d 16 cf 25 .Ds(..P..5..]..%
0010 - 46 46 44 e8 54 12 8f 6e-5c ce f4 b7 de 91 8d 1f FFD.T..n\.......
0020 - db 5c 3a e1 ab c2 e9 07-f3 a5 dd 84 6c 4c 1f eb .\:.........lL..
0030 - 84 57 96 85 d0 8d 0b 62-5b d2 6c 40 b5 58 8d 1b .W.....b[[email protected]..
0040 - 08 a6 f7 ab 76 87 ea a7-6a 7e 72 74 b1 f8 d2 ba ....v...j~rt....
0050 - ac 93 61 8c ff a8 cd ca-f8 17 d6 20 84 32 37 f2 ..a........ .27.
0060 - 6f 42 64 ce 51 8f 1b 94-32 62 8b 98 ea e3 66 46 oBd.Q...2b....fF
0070 - f6 65 e7 dd 5d bf 85 05-ae 1d 32 be 13 c7 55 30 .e..].....2...U0
0080 - c8 73 86 c6 75 ff e2 97-29 64 77 ec f9 51 5e b2 .s..u...)dw..Q^.
0090 - 9f f0 ce 94 3e df 70 1b-af 01 70 23 cf da 54 a7 ....>.p...p#..T.
Start Time: 1585822684
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
如上,认证时服务器会使用Bu2对应的证书。
服务器端打印如下:
SSL_accept:before/accept initialization
TLS client extension "server name" (id=0), len=8
0000 - 00 06 00 00 03 42 75 32- .....Bu2
TLS client extension "EC point formats" (id=11), len=4
0000 - 03 00 01 02 ....
TLS client extension "elliptic curves" (id=10), len=10
0000 - 00 08 00 17 00 19 00 18-00 16 ..........
TLS client extension "session ticket" (id=35), len=0
TLS client extension "signature algorithms" (id=13), len=32
0000 - 00 1e 06 01 06 02 06 03-05 01 05 02 05 03 04 01 ................
0010 - 04 02 04 03 03 01 03 02-03 03 02 01 02 02 02 03 ................
TLS client extension "heartbeat" (id=15), len=1
0000 - 01 .
Hostname in TLS extension: "Bu2"
Switching server context.
SSL_accept:SSLv3 read client hello A
SSL_accept:SSLv3 write server hello A
SSL_accept:SSLv3 write certificate A
SSL_accept:SSLv3 write key exchange A
SSL_accept:SSLv3 write server done A
SSL_accept:SSLv3 flush data
SSL_accept:SSLv3 read client certificate A
SSL_accept:SSLv3 read client key exchange A
SSL_accept:SSLv3 read certificate verify A
SSL_accept:SSLv3 read finished A
SSL_accept:SSLv3 write session ticket A
SSL_accept:SSLv3 write change cipher spec A
SSL_accept:SSLv3 write finished A
SSL_accept:SSLv3 flush data
-----BEGIN SSL SESSION PARAMETERS-----
MFwCAQECAgMDBALAMAQABDBTH2HJx60gZqLyEy4fRWAL86SBKJCAonmRxYlmYsLA
1WPLi+1fUaawoGeVmM8JlTehBgIEXoW73KIEAgIBLKQGBAQBAAAApgUEA0J1Mg==
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:IDEA-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5
Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
Supported Elliptic Curves: P-256:P-521:P-384:secp256k1
Shared Elliptic curves: P-256:P-521:P-384:secp256k1
CIPHER is ECDHE-RSA-AES256-GCM-SHA384
Secure Renegotiation IS supported
当servername错误时,会有warning:SSL3 alert read⚠️unrecognized name。
# openssl s_client -tlsextdebug -state -servername Bu -CAfile cacert.pem
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL3 alert read:warning:unrecognized name
TLS server extension "server name" (id=0), len=0
TLS server extension "renegotiation info" (id=65281), len=1
0001 - <SPACES/NULS>
TLS server extension "EC point formats" (id=11), len=4
0000 - 03 00 01 02 ....
TLS server extension "session ticket" (id=35), len=0
TLS server extension "heartbeat" (id=15), len=1
0000 - 01 .
SSL_connect:SSLv3 read server hello A
depth=1 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = CA
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = BUPT
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read server session ticket A
SSL_connect:SSLv3 read finished A
---
Certificate chain
0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=BUPT
i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=CA
1 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=CA
i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDIDCCAgigAwIBAgIJALw6A4esvB1yMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQxCzAJBgNVBAMMAkNBMB4XDTIwMDQwMTE1MjcwNFoXDTIx
MDQwMTE1MjcwNFowVDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwEQlVQ
VDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtgnZu6ho9B4KeQTPKfw8KuZ7
SPiIpvN7bDQb7yEH8lXdcw0NB+VB/iZuT/cwwAWlXJNW0qokAxFn6lt8QMtubnUs
vRjY31Tg7cTmcxArwP8kBXF4M4GGXqR9wEI9hvbTJfuwqRB5vkNfvSjBH0hdzgp9
YM7mUbcFNt5W0z+0CzUCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0E
HxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFK1ioXQA
hnLUJAM+8Z1RkHsRQwEAMB8GA1UdIwQYMBaAFOdla/T+Y5c4EQQqbXYITYFVIA1r
MA0GCSqGSIb3DQEBCwUAA4IBAQA7631/iAO/poTvnkNzUKxW/WOQoo6AavZoEN1s
MlYpIKp2dzHB/b/TFBEC0PIK5EpRifSXS4t+v1IGVZecqYExsy4yX0U/jPXcQbmO
NYwrgFvMG3k0/5qBuZNuYw7KYLtAIstl+V8/LcRK3c76znrAb29stU6g5hEgmVUY
/k7K7JG8AprC5fU1pRaourhykbFCx7LxFyMzv2cwNoNkYmaU45SZGo8QBa0WWZuy
tAHWCflq2RqEaccFu1i3PSrkCaOUCXTbOvoM0pqjLgraU1gS/6bsseYd4aiOpfhz
b9pdF+0n3FU1LG7LoQphpDXCH/mergr8+J5MF1PdqbdIki53
-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=BUPT
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=CA
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2240 bytes and written 426 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 03E39D9FA4B1BC4C7F8E19ACBA540BABF6C8A3CB0537753520997FD71DF642D3
Session-ID-ctx:
Master-Key: 4ED8DB83857AF282498942BB775B5177E2D342025F2850ABDDD1A69FD9C22D3C818536A7604AE7EC91FA718C30F425B5
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 17 44 73 28 91 e6 50 a9-0b 35 fa e6 5d 16 cf 25 .Ds(..P..5..]..%
0010 - c7 8d c4 a0 1a 8a db 67-5a 7e ca 4a 33 d3 c3 12 .......gZ~.J3...
0020 - 27 f2 87 d9 53 a0 92 cd-9a 9b b1 ba 0e f4 01 5e '...S..........^
0030 - cb c8 29 9d 78 e8 ac 77-21 66 50 1e 0c 0b 80 3f ..).x..w!fP....?
0040 - 3f bd b5 aa 71 c7 66 68-e2 ee f8 44 4a 47 1b 2f ?...q.fh...DJG./
0050 - 5d da 38 54 5a c6 d4 f5-91 a7 85 8e fd 88 f8 41 ].8TZ..........A
0060 - f8 f1 0b df 74 f0 28 27-c0 b6 80 ff db 97 e0 6a ....t.('.......j
0070 - 88 10 76 37 a0 93 89 81-08 5f ff c8 83 00 3d 0b ..v7....._....=.
0080 - 34 1c 49 e6 72 e7 fe b0-ee 3f be b4 03 d3 e3 1b 4.I.r....?......
0090 - 38 65 c5 9f f8 eb 4b 54-94 d4 1b b5 0f 9f 63 80 8e....KT......c.
Start Time: 1585822998
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
如上,认证时服务器仍会使用默认的BUPT对应的证书。
服务器端打印如下:
SSL_accept:before/accept initialization
TLS client extension "server name" (id=0), len=7
0000 - 00 05 00 00 02 42 75 .....Bu
TLS client extension "EC point formats" (id=11), len=4
0000 - 03 00 01 02 ....
TLS client extension "elliptic curves" (id=10), len=10
0000 - 00 08 00 17 00 19 00 18-00 16 ..........
TLS client extension "session ticket" (id=35), len=0
TLS client extension "signature algorithms" (id=13), len=32
0000 - 00 1e 06 01 06 02 06 03-05 01 05 02 05 03 04 01 ................
0010 - 04 02 04 03 03 01 03 02-03 03 02 01 02 02 02 03 ................
TLS client extension "heartbeat" (id=15), len=1
0000 - 01 .
Hostname in TLS extension: "Bu"
SSL3 alert write:warning:unrecognized name
SSL_accept:SSLv3 read client hello A
SSL_accept:SSLv3 write server hello A
SSL_accept:SSLv3 write certificate A
SSL_accept:SSLv3 write key exchange A
SSL_accept:SSLv3 write server done A
SSL_accept:SSLv3 flush data
SSL_accept:SSLv3 read client certificate A
SSL_accept:SSLv3 read client key exchange A
SSL_accept:SSLv3 read certificate verify A
SSL_accept:SSLv3 read finished A
SSL_accept:SSLv3 write session ticket A
SSL_accept:SSLv3 write change cipher spec A
SSL_accept:SSLv3 write finished A
SSL_accept:SSLv3 flush data
-----BEGIN SSL SESSION PARAMETERS-----
MFsCAQECAgMDBALAMAQABDBO2NuDhXrygkmJQrt3W1F34tNCAl8oUKvd0aaf2cIt
PIGFNqdgSufskfpxjDD0JbWhBgIEXoW9FqIEAgIBLKQGBAQBAAAApgQEAkJ1
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:IDEA-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5
Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
Supported Elliptic Curves: P-256:P-521:P-384:secp256k1
Shared Elliptic curves: P-256:P-521:P-384:secp256k1
CIPHER is ECDHE-RSA-AES256-GCM-SHA384
Secure Renegotiation IS supported