如何在特定域上提取有关SSL加密的信息

时间:2014-01-16 04:44:41

标签: security http ssl

当我进入任何https网站时,我可以查看有关它的证书及其使用的加密套件的信息。例如,如果我去google,我会得到这样的结果:enter image description here

有没有办法获得这些信息(它可以使用AES Galois计数器模式和椭圆曲线Diffie Hellman短暂)?

2 个答案:

答案 0 :(得分:2)

大多数SSL库都会为您提供信息,例如在Perl

use IO::Socket::SSL;
my $sock = IO::Socket::SSL->new( .. ); # connect + ssl upgrade
print $sock->get_cipher; # smthg like RC4-SHA, ECDHE-RSA-RC4-SHA...
当然,商定的密码取决于客户端本身提供给服务器的密码套件,浏览器/操作系统和SSL库之间的密码不同。

答案 1 :(得分:2)

你的意思是SSL Server Test还是cli openssl,如下所示? (请注意:openssl-output通常取决于本地使用的版本;旧版本会导致错误的结果)

$ openssl s_client -connect www.google.com:443

CONNECTED(00000004)
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
   i:/C=US/O=Google Inc/CN=Google Internet Authority G2
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEdjCCA16gAwIBAgIICRt+KuhvpPowDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTMxMjExMTIwMjU4WhcNMTQwNDEwMDAwMDAw
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3
Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBv0qV
B+FWci5FaHqPPbFlKLUicjF1aW5rPVFTlKa5n4vP6bqUa+/8/fWqo2Zsq9d714N6
ndG07F5ilGI9eZjZTWMWtDPEvRbHGs2ADETNG9I5LkGw63JafvlkZKvykNUI0YlD
GrYZOPOECqR6wh63yhbcVUjHiB9tDYG+I6tuYfn4lYLrj8kaUtxK5EOSQqE3HT3l
jOm2cyjVYtv0i66u83c2ACHuZ5du/BXyY/EZEFlZxTkQxDYhGroO1BA8aNQ8/pZ6
DjF2ywIh8Dx9+blHOeNHY32CrpJE81TVa23n5krUD8hUezQ9exWcI/ZbJYgV124f
tZeNq0f1866Rha6BAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYBBQUHAQEE
XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0
MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G
A1UdDgQWBBSDFrFXSYnwthhPi7CPBj/i6EOgYDAMBgNVHRMBAf8EAjAAMB8GA1Ud
IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYKKwYBBAHW
eQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB
RzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQAuLdYTO9K7P2lNdT4fd0rziMhAi4x7
FeSgCKeZC1zDWcvtDzoVCbcUDb61ZQFiIqnzK+UgCmw2ms+W6ISwlu7TtEQvYosX
voz0fVhfJszEJrfnM+H7NXYJbk0qy5sKZ8FfEiqXDztHuEpS8HBKtyV+ENsRhvge
Zmzo+HM2c82vkwX77km8o7C0COXnE2LIwpqvn4LHMf2vT8taDZsrqnBvg8XPBJ4o
wLU1Pb410PrnVRw7c/smSjjK43NwR+Y1gb34ScCuY/v+XWQJf5WUMt6s436HGZi3
JLXcNG+r5BcyDDa2WxA1eHtuB14av3xrSnvGY9pu+lfbzfYImlh7/lcM
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
---
No client certificate CA names sent
---
SSL handshake has read 3728 bytes and written 446 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: DB556CAAB8C35CEC6645BD7EE94F93942DBB1BA7D8605436508F6E41ECC23AD4
    Session-ID-ctx: 
    Master-Key: 5EBFF88F2B23F077342C40A1FCF5C2576E113411019CB8A010F70DA55C8FE54F5FEFBFB1C7B2738E20341A4C3E17A3AA
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 100800 (seconds)