12.6. s_server / s_client

12.6.1. SSL POP3 / SMTP / IMAP

SSL POP3 / SMTP / IMAP 端口号

POP3 995

SMTP 465

IMAP 993
openssl s_client -connect localhost:110 -starttls pop3

如果提示 CONNECTED(00000003) 侧省去 -starttls pop3 选项

openssl s_client -connect pop.163.com:995
openssl s_client -connect smtp.163.com:465
openssl s_client -connect imap.163.com:993

12.6.2. server / client 文件传输

生成证书

$ openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes

在一个终端运行以下命令

openssl s_server -accept 2009 -key server.pem -cert server.pem

在另外一个终端运行命令如下

openssl s_client -connect localhost:2009

Example 12.1. 加密传输文件

现在我们来尝试使用使用 openssl 加密传输文件

传输 /etc/passwd 文件

$ cat /etc/passwd | openssl s_server -accept 2009 -key server.pem -cert server.pem

输出类似

$ cat /etc/passwd | openssl s_server -accept 2009 -key server.pem -cert server.pem

Using default temp DH parameters

Using default temp ECDH parameters

ACCEPT

bad gethostbyaddr

DONE

shutdown accept socket

shutting down SSL

CONNECTION CLOSED

   0 items in the session cache

   0 client connects (SSL_connect())

   0 client renegotiates (SSL_connect())

   0 client connects that finished

   1 server accepts (SSL_accept())

   0 server renegotiates (SSL_accept())

   1 server accepts that finished

   0 session cache hits

   0 session cache misses

   0 session cache timeouts

   0 callback cache hits

   0 cache full overflows (128 allowed)

另一个服务器上运行

openssl s_client -connect 192.168.6.2:2009

输出类似

# openssl s_client -connect 192.168.6.2:2009

CONNECTED(00000003)

depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd

verify error:num=18:self signed certificate

verify return:1

depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd

verify error:num=9:certificate is not yet valid

notBefore=Sep  2 06:59:06 2013 GMT

verify return:1

depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd

notBefore=Sep  2 06:59:06 2013 GMT

verify return:1

---

Certificate chain

 0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd

   i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd

---

Server certificate

-----BEGIN CERTIFICATE-----

MIIDXTCCAkWgAwIBAgIJAM1t1q1Hl5eUMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV

BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX

aWRnaXRzIFB0eSBMdGQwHhcNMTMwOTAyMDY1OTA2WhcNMTQwOTAyMDY1OTA2WjBF

MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50

ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB

CgKCAQEAvGWRExTsfte2ys8LYELMpznAEsc11CwPBgE81DgQNxswCyIY2EzhlvX6

gnv4x+JttexdU1hXTSBY+eZwQmAP9RpJnX+dIxTOPdpgsJQd4SYn2uI1OWWhs0HO

108DPsxx7WvlCIsLY6sJCGkJYnX0P4DIGNYU0KZSPY9dSSa6QPB2TKLaWwiRXWJq

m++1N4DF+LAbQb7gPwwacbBKMv8U4ZY4bmLxgQdPa2WahlSTMnwrntQv7+gkLL7R

snILrXhoEalP1EaOr5awM0CdxT5SaIQwgKGv+5Vssw8KgnzNAtKaHw6uc/jgPGt9

j6Qpo8+io+yMjypyi7FwEje4Rzl3SQIDAQABo1AwTjAdBgNVHQ4EFgQUFRScMNSC

tHb8KbDilgijJ2mz2BAwHwYDVR0jBBgwFoAUFRScMNSCtHb8KbDilgijJ2mz2BAw

DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAQANVwx4rMFPBtlHiWSOU

wBt2XZvnSfarBpb/A2hWexzXQey9urKH8/8egKgxOCFhI42E2fH6RFhtI7x3CU6i

1QQwKis9ZIiEEcn9inM0ZJOnaOx2gr/fcXnzKPWZFibAQP6gyGV/EQBCJ0j395cQ

rHEfpfdKBPb5YN+NxXK1wHIIFV01lcZH2GDwDNDPtRNas/JNbS8X1iA8ti1VZnDp

pSm8eZrzdJWsIQ/YFRNI/1mklSJr44NuvrbE7ivulBFpeIitc9ppkVa3xzhxM0xl

cWz6l/jr3Dil5qWcCKsEZ0Hd0sZHuXm5eNJwwTO0XXT+vxJDM8Gf5fMqwx5VdUWZ

uA==

-----END CERTIFICATE-----

subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd

issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd

---

No client certificate CA names sent

---

SSL handshake has read 1583 bytes and written 246 bytes

---

New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

SSL-Session:

    Protocol  : TLSv1

    Cipher    : DHE-RSA-AES256-SHA

    Session-ID: 7CA47FFBFC896FC90F7E9E5F3147BC9621C07E10882A7C7831BFA7D61AD24EEF

    Session-ID-ctx:

    Master-Key: 5CB630D741EA2D209E0DC882A2E5C16E2009138A7DB7920ABEFD1E9CC5D6973F7DC7228295B5AC75F5E7CD1726DC3E5F

    Key-Arg   : None

    Krb5 Principal: None

    PSK identity: None

    PSK identity hint: None

    TLS session ticket lifetime hint: 300 (seconds)

    TLS session ticket:

    0000 - 7d 76 b1 eb bb 9d 63 49-fe 9f 18 c0 78 82 66 bd   }v....cI....x.f.

    0010 - 65 69 ac 27 11 63 05 8a-57 8d 13 23 d8 85 3c fa   ei.'.c..W..#..<.

    0020 - 6b 54 4c 39 92 c4 53 22-16 e3 73 98 a0 fe 15 67   kTL9..S"..s....g

    0030 - c1 5f 47 66 f9 42 50 f5-67 be 91 a8 70 fa ef eb   ._Gf.BP.g...p...

    0040 - 1c 51 c2 94 62 ff b0 97-1b 7b de ac 3a c8 39 52   .Q..b....{..:.9R

    0050 - 85 d6 51 02 33 48 2c 39-fc db f8 55 87 c5 1b 58   ..Q.3H,9...U...X

    0060 - 81 e7 00 0b 9d ae e3 fd-04 dc 0d dd 26 20 3c b2   ............& <.

    0070 - b2 0f 56 e1 7c be d2 89-2a 64 42 b4 9f eb b3 e2   ..V.|...*dB.....

    0080 - ee 3d 51 ac 3f 9e 14 49-52 f4 b6 d7 9f 59 0b c8   .=Q.?..IR....Y..

    0090 - fa f2 74 38 e0 c8 12 1a-b3 81 e8 2f 13 cf 44 44   ..t8......./..DD

    Start Time: 1378104227

    Timeout   : 300 (sec)

    Verify return code: 9 (certificate is not yet valid)

---

root:x:0:0:root:/root:/bin/bash

daemon:x:1:1:daemon:/usr/sbin:/bin/sh

bin:x:2:2:bin:/bin:/bin/sh

sys:x:3:3:sys:/dev:/bin/sh

sync:x:4:65534:sync:/bin:/bin/sync

games:x:5:60:games:/usr/games:/bin/sh

man:x:6:12:man:/var/cache/man:/bin/sh

lp:x:7:7:lp:/var/spool/lpd:/bin/sh

mail:x:8:8:mail:/var/mail:/bin/sh

news:x:9:9:news:/var/spool/news:/bin/sh

uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh

proxy:x:13:13:proxy:/bin:/bin/sh

www-data:x:33:33:www-data:/var/www:/bin/sh

backup:x:34:34:backup:/var/backups:/bin/sh

list:x:38:38:Mailing List Manager:/var/list:/bin/sh

irc:x:39:39:ircd:/var/run/ircd:/bin/sh

gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh

nobody:x:65534:65534:nobody:/nonexistent:/bin/sh

libuuid:x:100:101::/var/lib/libuuid:/bin/sh

syslog:x:101:103::/home/syslog:/bin/false

messagebus:x:102:105::/var/run/dbus:/bin/false

whoopsie:x:103:106::/nonexistent:/bin/false

landscape:x:104:109::/var/lib/landscape:/bin/false

sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin

neo:x:1000:1000:neo,,,:/home/neo:/bin/bash

ntop:x:106:114::/var/lib/ntop:/bin/false

redis:x:107:116:redis server,,,:/var/lib/redis:/bin/false

postgres:x:108:117:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash

colord:x:109:120:colord colour management daemon,,,:/var/lib/colord:/bin/false

mysql:x:110:121:MySQL Server,,,:/nonexistent:/bin/false

zookeeper:x:111:122:ZooKeeper,,,:/var/lib/zookeeper:/bin/false

read:errno=0

http://my.oschina.net/neochen/blog/158631#OSC_h2_1

OpenSSL s_server / s_client 应用实例的更多相关文章

  1. Openssl s_server命令

    一.简介 s_server是openssl提供的一个SSL服务程序.使用此程序前,需要生成各种证书.本命令可以用来测试ssl客户端,比如各种浏览器的https协议支持 二.语法 openssl s_s ...

  2. OpenSSL命令---s_client

    http://blog.csdn.net/as3luyuan123/article/details/16812071 用途: s_client为一个SSL/TLS客户端程序,与s_server对应,它 ...

  3. OpenSSL aes加解密实例+base64编解码

    OpenSSL aes加解密简单实例+base64编解码 #include <stdio.h> #include <string.h> #include <memory. ...

  4. RSA加解密 私钥加密公钥解密 私加公解 && C++ 调用openssl库 的代码实例

    前提:秘钥长度=1024 ============================================== 对一片(117字节)明文加密  私加 ===================== ...

  5. RSA加解密 公钥加密私钥解密 公加私解 && C++ 调用openssl库 的代码实例

    前提:秘钥长度=1024 ============================================== 对一片(117字节)明文加密 ========================= ...

  6. openssl 证书操作命令

    生成Self Signed证书 # 生成一个key,你的私钥,openssl会提示你输入一个密码,可以输入,也可以不输, # 输入的话,以后每次使用这个key的时候都要输入密码,安全起见,还是应该有一 ...

  7. OpenSSL Command-Line HOWTO

    OpenSSL Command-Line HOWTO The openssl application that ships with the OpenSSL libraries can perform ...

  8. 使用openssl演练数字签名

    以下代码摘自网上,设置一个server和client,client代码如下: package main import (    "fmt"    "io/ioutil&q ...

  9. Openssl源代码整理学习---含P7/P10/P12说明

    声明:建议结合Openssl源代码学习: 一.基础知识 1.Openssl 简史 OpenSSL项目是加拿大人Eric A.Yang 和Tim J.Hudson开发,现在有Openssl项目小组负责改 ...

随机推荐

  1. 11. CTF综合靶机渗透(四)

    运行环境 Virtualbox (二选一) Vnware Workstation player 通关提示 Enumeration is key Try Harder Look in front of ...

  2. win10外接显示器时有些应用和里面的字体显示比较模糊

    打开系统设置 - 选择显示 - 选中外接的显示器 - 点击 "高级缩放设置" 进去后将 "允许 Windows  尝试修改应用,使其不模糊"打开,然后关闭应用再 ...

  3. Dedecms本地上传缩略图无法自动添加水印的解决方法

    客户遇到一个问题,DEDECMS(V5.7)后台添加文档时,本地上传缩略图无法自动添加水印(系统设置里的图片水印设置没有问题),找了半天,终于找到了解决方法,留个记号: 打开dede/archives ...

  4. 记一次工作中的小BUG

    今天在调试代码的时候总是遇到一个bug,百思不得其解!先上bug图 我用的webapi 集成的swagger,错误提示是路由名称冲突,可我仔细检查了下并没有冲突的路由地址啊!于是上网查找资料,有位网友 ...

  5. 事务隔离实现并发控制:MySQL系列之十

    一.并发访问控制 实现的并发访问的控制技术是基于锁: 锁分为表级锁和行级锁,MyISAM存储引擎不支持行级锁:InnoDB支持表级锁和行级锁: 锁的分类有读锁和写锁,读锁也被称为共享锁,加读锁的时候其 ...

  6. Task :rn-splash-screen:verifyReleaseResources FAILED

    Execution failed for task ':rn-splash-screen:verifyReleaseResources'. > java.util.concurrent.Exec ...

  7. k8s yaml文件详解

    1.yaml格式的Pod配置文件内容及注解 深入Pod之前,首先我们来了解下Pod的yaml整体文件内容及功能注解. 如下: # yaml格式的pod定义文件完整内容: apiVersion: v1 ...

  8. Unity 行为树-基础

    .前言 Unity里面的行为树又名BehaviorTree,最常用在NPC的敌人逻辑中. 二.基础说明(转载) 1.行为树的调用时间为每帧: 2.每个节点的状态只能下面3个中的其一:成功Success ...

  9. 常见的web性能优化方法

    前言:关于优化问题,随着项目经验不断累积,多方查找资料进行拼接合并,形成如下文章,之后遇到类似好的方法,会不断补充完善. 前端是庞大的,包括 HTML. CSS. Javascript.Image . ...

  10. jquery uploadify在IE上传报406HttpError

    前端使用uploadify的flash上传控件,后端使用spring MVC,使用IE上传时报406,用Chrome没有问题. 检查发现IE上传时的请求头中,Accept: text/* 而Chrom ...