12.6. s_server / s_client

12.6.1. SSL POP3 / SMTP / IMAP

SSL POP3 / SMTP / IMAP 端口号

POP3 995

SMTP 465

IMAP 993
openssl s_client -connect localhost:110 -starttls pop3

如果提示 CONNECTED(00000003) 侧省去 -starttls pop3 选项

openssl s_client -connect pop.163.com:995
openssl s_client -connect smtp.163.com:465
openssl s_client -connect imap.163.com:993

12.6.2. server / client 文件传输

生成证书

$ openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes

在一个终端运行以下命令

openssl s_server -accept 2009 -key server.pem -cert server.pem

在另外一个终端运行命令如下

openssl s_client -connect localhost:2009

Example 12.1. 加密传输文件

现在我们来尝试使用使用 openssl 加密传输文件

传输 /etc/passwd 文件

$ cat /etc/passwd | openssl s_server -accept 2009 -key server.pem -cert server.pem

输出类似

$ cat /etc/passwd | openssl s_server -accept 2009 -key server.pem -cert server.pem

Using default temp DH parameters

Using default temp ECDH parameters

ACCEPT

bad gethostbyaddr

DONE

shutdown accept socket

shutting down SSL

CONNECTION CLOSED

   0 items in the session cache

   0 client connects (SSL_connect())

   0 client renegotiates (SSL_connect())

   0 client connects that finished

   1 server accepts (SSL_accept())

   0 server renegotiates (SSL_accept())

   1 server accepts that finished

   0 session cache hits

   0 session cache misses

   0 session cache timeouts

   0 callback cache hits

   0 cache full overflows (128 allowed)

另一个服务器上运行

openssl s_client -connect 192.168.6.2:2009

输出类似

# openssl s_client -connect 192.168.6.2:2009

CONNECTED(00000003)

depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd

verify error:num=18:self signed certificate

verify return:1

depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd

verify error:num=9:certificate is not yet valid

notBefore=Sep  2 06:59:06 2013 GMT

verify return:1

depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd

notBefore=Sep  2 06:59:06 2013 GMT

verify return:1

---

Certificate chain

 0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd

   i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd

---

Server certificate

-----BEGIN CERTIFICATE-----

MIIDXTCCAkWgAwIBAgIJAM1t1q1Hl5eUMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV

BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX

aWRnaXRzIFB0eSBMdGQwHhcNMTMwOTAyMDY1OTA2WhcNMTQwOTAyMDY1OTA2WjBF

MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50

ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB

CgKCAQEAvGWRExTsfte2ys8LYELMpznAEsc11CwPBgE81DgQNxswCyIY2EzhlvX6

gnv4x+JttexdU1hXTSBY+eZwQmAP9RpJnX+dIxTOPdpgsJQd4SYn2uI1OWWhs0HO

108DPsxx7WvlCIsLY6sJCGkJYnX0P4DIGNYU0KZSPY9dSSa6QPB2TKLaWwiRXWJq

m++1N4DF+LAbQb7gPwwacbBKMv8U4ZY4bmLxgQdPa2WahlSTMnwrntQv7+gkLL7R

snILrXhoEalP1EaOr5awM0CdxT5SaIQwgKGv+5Vssw8KgnzNAtKaHw6uc/jgPGt9

j6Qpo8+io+yMjypyi7FwEje4Rzl3SQIDAQABo1AwTjAdBgNVHQ4EFgQUFRScMNSC

tHb8KbDilgijJ2mz2BAwHwYDVR0jBBgwFoAUFRScMNSCtHb8KbDilgijJ2mz2BAw

DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAQANVwx4rMFPBtlHiWSOU

wBt2XZvnSfarBpb/A2hWexzXQey9urKH8/8egKgxOCFhI42E2fH6RFhtI7x3CU6i

1QQwKis9ZIiEEcn9inM0ZJOnaOx2gr/fcXnzKPWZFibAQP6gyGV/EQBCJ0j395cQ

rHEfpfdKBPb5YN+NxXK1wHIIFV01lcZH2GDwDNDPtRNas/JNbS8X1iA8ti1VZnDp

pSm8eZrzdJWsIQ/YFRNI/1mklSJr44NuvrbE7ivulBFpeIitc9ppkVa3xzhxM0xl

cWz6l/jr3Dil5qWcCKsEZ0Hd0sZHuXm5eNJwwTO0XXT+vxJDM8Gf5fMqwx5VdUWZ

uA==

-----END CERTIFICATE-----

subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd

issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd

---

No client certificate CA names sent

---

SSL handshake has read 1583 bytes and written 246 bytes

---

New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

SSL-Session:

    Protocol  : TLSv1

    Cipher    : DHE-RSA-AES256-SHA

    Session-ID: 7CA47FFBFC896FC90F7E9E5F3147BC9621C07E10882A7C7831BFA7D61AD24EEF

    Session-ID-ctx:

    Master-Key: 5CB630D741EA2D209E0DC882A2E5C16E2009138A7DB7920ABEFD1E9CC5D6973F7DC7228295B5AC75F5E7CD1726DC3E5F

    Key-Arg   : None

    Krb5 Principal: None

    PSK identity: None

    PSK identity hint: None

    TLS session ticket lifetime hint: 300 (seconds)

    TLS session ticket:

    0000 - 7d 76 b1 eb bb 9d 63 49-fe 9f 18 c0 78 82 66 bd   }v....cI....x.f.

    0010 - 65 69 ac 27 11 63 05 8a-57 8d 13 23 d8 85 3c fa   ei.'.c..W..#..<.

    0020 - 6b 54 4c 39 92 c4 53 22-16 e3 73 98 a0 fe 15 67   kTL9..S"..s....g

    0030 - c1 5f 47 66 f9 42 50 f5-67 be 91 a8 70 fa ef eb   ._Gf.BP.g...p...

    0040 - 1c 51 c2 94 62 ff b0 97-1b 7b de ac 3a c8 39 52   .Q..b....{..:.9R

    0050 - 85 d6 51 02 33 48 2c 39-fc db f8 55 87 c5 1b 58   ..Q.3H,9...U...X

    0060 - 81 e7 00 0b 9d ae e3 fd-04 dc 0d dd 26 20 3c b2   ............& <.

    0070 - b2 0f 56 e1 7c be d2 89-2a 64 42 b4 9f eb b3 e2   ..V.|...*dB.....

    0080 - ee 3d 51 ac 3f 9e 14 49-52 f4 b6 d7 9f 59 0b c8   .=Q.?..IR....Y..

    0090 - fa f2 74 38 e0 c8 12 1a-b3 81 e8 2f 13 cf 44 44   ..t8......./..DD

    Start Time: 1378104227

    Timeout   : 300 (sec)

    Verify return code: 9 (certificate is not yet valid)

---

root:x:0:0:root:/root:/bin/bash

daemon:x:1:1:daemon:/usr/sbin:/bin/sh

bin:x:2:2:bin:/bin:/bin/sh

sys:x:3:3:sys:/dev:/bin/sh

sync:x:4:65534:sync:/bin:/bin/sync

games:x:5:60:games:/usr/games:/bin/sh

man:x:6:12:man:/var/cache/man:/bin/sh

lp:x:7:7:lp:/var/spool/lpd:/bin/sh

mail:x:8:8:mail:/var/mail:/bin/sh

news:x:9:9:news:/var/spool/news:/bin/sh

uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh

proxy:x:13:13:proxy:/bin:/bin/sh

www-data:x:33:33:www-data:/var/www:/bin/sh

backup:x:34:34:backup:/var/backups:/bin/sh

list:x:38:38:Mailing List Manager:/var/list:/bin/sh

irc:x:39:39:ircd:/var/run/ircd:/bin/sh

gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh

nobody:x:65534:65534:nobody:/nonexistent:/bin/sh

libuuid:x:100:101::/var/lib/libuuid:/bin/sh

syslog:x:101:103::/home/syslog:/bin/false

messagebus:x:102:105::/var/run/dbus:/bin/false

whoopsie:x:103:106::/nonexistent:/bin/false

landscape:x:104:109::/var/lib/landscape:/bin/false

sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin

neo:x:1000:1000:neo,,,:/home/neo:/bin/bash

ntop:x:106:114::/var/lib/ntop:/bin/false

redis:x:107:116:redis server,,,:/var/lib/redis:/bin/false

postgres:x:108:117:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash

colord:x:109:120:colord colour management daemon,,,:/var/lib/colord:/bin/false

mysql:x:110:121:MySQL Server,,,:/nonexistent:/bin/false

zookeeper:x:111:122:ZooKeeper,,,:/var/lib/zookeeper:/bin/false

read:errno=0

http://my.oschina.net/neochen/blog/158631#OSC_h2_1

OpenSSL s_server / s_client 应用实例的更多相关文章

  1. Openssl s_server命令

    一.简介 s_server是openssl提供的一个SSL服务程序.使用此程序前,需要生成各种证书.本命令可以用来测试ssl客户端,比如各种浏览器的https协议支持 二.语法 openssl s_s ...

  2. OpenSSL命令---s_client

    http://blog.csdn.net/as3luyuan123/article/details/16812071 用途: s_client为一个SSL/TLS客户端程序,与s_server对应,它 ...

  3. OpenSSL aes加解密实例+base64编解码

    OpenSSL aes加解密简单实例+base64编解码 #include <stdio.h> #include <string.h> #include <memory. ...

  4. RSA加解密 私钥加密公钥解密 私加公解 && C++ 调用openssl库 的代码实例

    前提:秘钥长度=1024 ============================================== 对一片(117字节)明文加密  私加 ===================== ...

  5. RSA加解密 公钥加密私钥解密 公加私解 && C++ 调用openssl库 的代码实例

    前提:秘钥长度=1024 ============================================== 对一片(117字节)明文加密 ========================= ...

  6. openssl 证书操作命令

    生成Self Signed证书 # 生成一个key,你的私钥,openssl会提示你输入一个密码,可以输入,也可以不输, # 输入的话,以后每次使用这个key的时候都要输入密码,安全起见,还是应该有一 ...

  7. OpenSSL Command-Line HOWTO

    OpenSSL Command-Line HOWTO The openssl application that ships with the OpenSSL libraries can perform ...

  8. 使用openssl演练数字签名

    以下代码摘自网上,设置一个server和client,client代码如下: package main import (    "fmt"    "io/ioutil&q ...

  9. Openssl源代码整理学习---含P7/P10/P12说明

    声明:建议结合Openssl源代码学习: 一.基础知识 1.Openssl 简史 OpenSSL项目是加拿大人Eric A.Yang 和Tim J.Hudson开发,现在有Openssl项目小组负责改 ...

随机推荐

  1. HDU 5236 Article (概率DP+贪心)

    题意:要求输入一篇N个字符的文章,对所有非负整数i:每到第i+0.1秒时可以输入一个文章字符,每到第i+0.9秒时有P的概率崩溃(回到开头或者上一个存盘点) 每到第i秒有一次机会可以选择按下X个键存盘 ...

  2. C#识别图中二维码

    1.在NuGet中添加 ZXing.Net 2.实例代码 /// <summary> /// 识别图中二维码 /// </summary> /// <param name ...

  3. 业务、数据记录——ThreadPool.QueueUserWorkItem及Redis的实现

    业务描述 当用户执行完业务操作,或者数据操作后,讲业务记录/数据追踪插入到Redis中.ThreadPool.QueueUserWorkItem定时检查队列并将上述数据插入到数据库中持久化. 实现流程 ...

  4. Java之Spring Boot详解(非原创)

    文章大纲 一.Spring Boot 概述二.Spring Boot 入门案例三.Spring Boot核心功能代码实战四.项目源码与资料下载五.参考文章   一.Spring Boot 概述 1. ...

  5. Redis源码分析-底层数据结构盘点

    前段时间翻看了Redis的源代码(C语言版本,Git地址:https://github.com/antirez/redis), 过了一遍Redis数据结构,包括SDS.ADList.dict.ints ...

  6. Java实例练习——java实现自动生成长度为10以内的随机字符串(可用于生成随机密码)

    package sorttest; import java.util.ArrayList; import java.util.Collections; import java.util.List; i ...

  7. kylin cube 构建过程

    本文是对 http://kylin.apache.org/docs20/howto/howto_optimize_build.html的翻译,以便阅读. 1.  创建 Hive 中间表(Create ...

  8. 自动化运维工具之Cobbler

    一.anaconda anaconda负责安装系统向导,默认为GUI界面,如果我们使用ks自动应答安装的话建议使用TUI界面来安装 在安装启动界面我们可以按esc键来自己手动指定安装启动选项 anac ...

  9. 简述raid0,raid1,raid5,raid10 的工作原理及特点

    RAID 0 支持1块盘到多块盘,容量是所有盘之和 RAID1 只支持2块盘,容量损失一块盘 RAID 5最少三块盘,不管硬盘数量多少,只损失一块容量 RAID 10最少4块盘,必须偶数硬盘,不管硬盘 ...

  10. spring动态线程池(实质还是用了java的线程池)

    <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.sp ...