-
-
Save tobias/bda9ce355887cbb1b88a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| prezto: one or more keys are non-bindable | |
| << ~ >> | |
| $ openssl s_client -verify_host -connect clojars-mirror.tcrawley.org:433 | |
| unknown option -verify_host | |
| usage: s_client args | |
| -host host - use -connect instead | |
| -port port - use -connect instead | |
| -connect host:port - who to connect to (default is localhost:4433) | |
| -verify arg - turn on peer certificate verification | |
| -verify_return_error - return verification errors | |
| -cert arg - certificate file to use, PEM format assumed | |
| -certform arg - certificate format (PEM or DER) PEM default | |
| -key arg - Private key file to use, in cert file if | |
| not specified but cert file is. | |
| -keyform arg - key format (PEM or DER) PEM default | |
| -pass arg - private key file pass phrase source | |
| -CApath arg - PEM format directory of CA's | |
| -CAfile arg - PEM format file of CA's | |
| -no_alt_chains - only ever use the first certificate chain found | |
| -trusted_first - Use trusted CA's first when building the trust chain | |
| -reconnect - Drop and re-make the connection with the same Session-ID | |
| -pause - sleep(1) after each read(2) and write(2) system call | |
| -prexit - print session information even on connection failure | |
| -showcerts - show all certificates in the chain | |
| -debug - extra output | |
| -msg - Show protocol messages | |
| -nbio_test - more ssl protocol testing | |
| -state - print the 'ssl' states | |
| -nbio - Run with non-blocking IO | |
| -crlf - convert LF from terminal into CRLF | |
| -quiet - no s_client output | |
| -ign_eof - ignore input eof (default when -quiet) | |
| -no_ign_eof - don't ignore input eof | |
| -psk_identity arg - PSK identity | |
| -psk arg - PSK in hex (without 0x) | |
| -ssl2 - just use SSLv2 | |
| -ssl3 - just use SSLv3 | |
| -tls1_2 - just use TLSv1.2 | |
| -tls1_1 - just use TLSv1.1 | |
| -tls1 - just use TLSv1 | |
| -dtls1 - just use DTLSv1 | |
| -fallback_scsv - send TLS_FALLBACK_SCSV | |
| -mtu - set the link layer MTU | |
| -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol | |
| -bugs - Switch on all SSL implementation bug workarounds | |
| -serverpref - Use server's cipher preferences (only SSLv2) | |
| -cipher - preferred cipher to use, use the 'openssl ciphers' | |
| command to see what is available | |
| -starttls prot - use the STARTTLS command before starting TLS | |
| for those protocols that support it, where | |
| 'prot' defines which one to assume. Currently, | |
| only "smtp", "pop3", "imap", "ftp" and "xmpp" | |
| are supported. | |
| -engine id - Initialise and use the specified engine | |
| -rand file:file:... | |
| -sess_out arg - file to write SSL session to | |
| -sess_in arg - file to read SSL session from | |
| -servername host - Set TLS extension servername in ClientHello | |
| -tlsextdebug - hex dump of all TLS extensions received | |
| -status - request certificate status from server | |
| -no_ticket - disable use of RFC4507bis session tickets | |
| -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list) | |
| -legacy_renegotiation - enable use of legacy renegotiation (dangerous) | |
| -use_srtp profiles - Offer SRTP key management with a colon-separated profile list | |
| -keymatexport label - Export keying material using label | |
| -keymatexportlen len - Export len bytes of keying material (default 20) | |
| << ~ >> | |
| $ openssl s_client -verify -connect clojars-mirror.tcrawley.org:433 | |
| verify depth is 0 | |
| unknown option clojars-mirror.tcrawley.org:433 | |
| usage: s_client args | |
| -host host - use -connect instead | |
| -port port - use -connect instead | |
| -connect host:port - who to connect to (default is localhost:4433) | |
| -verify arg - turn on peer certificate verification | |
| -verify_return_error - return verification errors | |
| -cert arg - certificate file to use, PEM format assumed | |
| -certform arg - certificate format (PEM or DER) PEM default | |
| -key arg - Private key file to use, in cert file if | |
| not specified but cert file is. | |
| -keyform arg - key format (PEM or DER) PEM default | |
| -pass arg - private key file pass phrase source | |
| -CApath arg - PEM format directory of CA's | |
| -CAfile arg - PEM format file of CA's | |
| -no_alt_chains - only ever use the first certificate chain found | |
| -trusted_first - Use trusted CA's first when building the trust chain | |
| -reconnect - Drop and re-make the connection with the same Session-ID | |
| -pause - sleep(1) after each read(2) and write(2) system call | |
| -prexit - print session information even on connection failure | |
| -showcerts - show all certificates in the chain | |
| -debug - extra output | |
| -msg - Show protocol messages | |
| -nbio_test - more ssl protocol testing | |
| -state - print the 'ssl' states | |
| -nbio - Run with non-blocking IO | |
| -crlf - convert LF from terminal into CRLF | |
| -quiet - no s_client output | |
| -ign_eof - ignore input eof (default when -quiet) | |
| -no_ign_eof - don't ignore input eof | |
| -psk_identity arg - PSK identity | |
| -psk arg - PSK in hex (without 0x) | |
| -ssl2 - just use SSLv2 | |
| -ssl3 - just use SSLv3 | |
| -tls1_2 - just use TLSv1.2 | |
| -tls1_1 - just use TLSv1.1 | |
| -tls1 - just use TLSv1 | |
| -dtls1 - just use DTLSv1 | |
| -fallback_scsv - send TLS_FALLBACK_SCSV | |
| -mtu - set the link layer MTU | |
| -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol | |
| -bugs - Switch on all SSL implementation bug workarounds | |
| -serverpref - Use server's cipher preferences (only SSLv2) | |
| -cipher - preferred cipher to use, use the 'openssl ciphers' | |
| command to see what is available | |
| -starttls prot - use the STARTTLS command before starting TLS | |
| for those protocols that support it, where | |
| 'prot' defines which one to assume. Currently, | |
| only "smtp", "pop3", "imap", "ftp" and "xmpp" | |
| are supported. | |
| -engine id - Initialise and use the specified engine | |
| -rand file:file:... | |
| -sess_out arg - file to write SSL session to | |
| -sess_in arg - file to read SSL session from | |
| -servername host - Set TLS extension servername in ClientHello | |
| -tlsextdebug - hex dump of all TLS extensions received | |
| -status - request certificate status from server | |
| -no_ticket - disable use of RFC4507bis session tickets | |
| -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list) | |
| -legacy_renegotiation - enable use of legacy renegotiation (dangerous) | |
| -use_srtp profiles - Offer SRTP key management with a colon-separated profile list | |
| -keymatexport label - Export keying material using label | |
| -keymatexportlen len - Export len bytes of keying material (default 20) | |
| << ~ >> | |
| $ openssl s_client -verify -connect clojars-mirror.tcrawley.org:433 | |
| verify depth is 0 | |
| unknown option clojars-mirror.tcrawley.org:433 | |
| usage: s_client args | |
| -host host - use -connect instead | |
| -port port - use -connect instead | |
| -connect host:port - who to connect to (default is localhost:4433) | |
| -verify arg - turn on peer certificate verification | |
| -verify_return_error - return verification errors | |
| -cert arg - certificate file to use, PEM format assumed | |
| -certform arg - certificate format (PEM or DER) PEM default | |
| -key arg - Private key file to use, in cert file if | |
| not specified but cert file is. | |
| -keyform arg - key format (PEM or DER) PEM default | |
| -pass arg - private key file pass phrase source | |
| -CApath arg - PEM format directory of CA's | |
| -CAfile arg - PEM format file of CA's | |
| -no_alt_chains - only ever use the first certificate chain found | |
| -trusted_first - Use trusted CA's first when building the trust chain | |
| -reconnect - Drop and re-make the connection with the same Session-ID | |
| -pause - sleep(1) after each read(2) and write(2) system call | |
| -prexit - print session information even on connection failure | |
| -showcerts - show all certificates in the chain | |
| -debug - extra output | |
| -msg - Show protocol messages | |
| -nbio_test - more ssl protocol testing | |
| -state - print the 'ssl' states | |
| -nbio - Run with non-blocking IO | |
| -crlf - convert LF from terminal into CRLF | |
| -quiet - no s_client output | |
| -ign_eof - ignore input eof (default when -quiet) | |
| -no_ign_eof - don't ignore input eof | |
| -psk_identity arg - PSK identity | |
| -psk arg - PSK in hex (without 0x) | |
| -ssl2 - just use SSLv2 | |
| -ssl3 - just use SSLv3 | |
| -tls1_2 - just use TLSv1.2 | |
| -tls1_1 - just use TLSv1.1 | |
| -tls1 - just use TLSv1 | |
| -dtls1 - just use DTLSv1 | |
| -fallback_scsv - send TLS_FALLBACK_SCSV | |
| -mtu - set the link layer MTU | |
| -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol | |
| -bugs - Switch on all SSL implementation bug workarounds | |
| -serverpref - Use server's cipher preferences (only SSLv2) | |
| -cipher - preferred cipher to use, use the 'openssl ciphers' | |
| command to see what is available | |
| -starttls prot - use the STARTTLS command before starting TLS | |
| for those protocols that support it, where | |
| 'prot' defines which one to assume. Currently, | |
| only "smtp", "pop3", "imap", "ftp" and "xmpp" | |
| are supported. | |
| -engine id - Initialise and use the specified engine | |
| -rand file:file:... | |
| -sess_out arg - file to write SSL session to | |
| -sess_in arg - file to read SSL session from | |
| -servername host - Set TLS extension servername in ClientHello | |
| -tlsextdebug - hex dump of all TLS extensions received | |
| -status - request certificate status from server | |
| -no_ticket - disable use of RFC4507bis session tickets | |
| -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list) | |
| -legacy_renegotiation - enable use of legacy renegotiation (dangerous) | |
| -use_srtp profiles - Offer SRTP key management with a colon-separated profile list | |
| -keymatexport label - Export keying material using label | |
| -keymatexportlen len - Export len bytes of keying material (default 20) | |
| << ~ >> | |
| $ openssl s_client -verify_host -connect clojars-mirror.tcrawley.org:433 | |
| unknown option -verify_host | |
| usage: s_client args | |
| -host host - use -connect instead | |
| -port port - use -connect instead | |
| -connect host:port - who to connect to (default is localhost:4433) | |
| -verify arg - turn on peer certificate verification | |
| -verify_return_error - return verification errors | |
| -cert arg - certificate file to use, PEM format assumed | |
| -certform arg - certificate format (PEM or DER) PEM default | |
| -key arg - Private key file to use, in cert file if | |
| not specified but cert file is. | |
| -keyform arg - key format (PEM or DER) PEM default | |
| -pass arg - private key file pass phrase source | |
| -CApath arg - PEM format directory of CA's | |
| -CAfile arg - PEM format file of CA's | |
| -no_alt_chains - only ever use the first certificate chain found | |
| -trusted_first - Use trusted CA's first when building the trust chain | |
| -reconnect - Drop and re-make the connection with the same Session-ID | |
| -pause - sleep(1) after each read(2) and write(2) system call | |
| -prexit - print session information even on connection failure | |
| -showcerts - show all certificates in the chain | |
| -debug - extra output | |
| -msg - Show protocol messages | |
| -nbio_test - more ssl protocol testing | |
| -state - print the 'ssl' states | |
| -nbio - Run with non-blocking IO | |
| -crlf - convert LF from terminal into CRLF | |
| -quiet - no s_client output | |
| -ign_eof - ignore input eof (default when -quiet) | |
| -no_ign_eof - don't ignore input eof | |
| -psk_identity arg - PSK identity | |
| -psk arg - PSK in hex (without 0x) | |
| -ssl2 - just use SSLv2 | |
| -ssl3 - just use SSLv3 | |
| -tls1_2 - just use TLSv1.2 | |
| -tls1_1 - just use TLSv1.1 | |
| -tls1 - just use TLSv1 | |
| -dtls1 - just use DTLSv1 | |
| -fallback_scsv - send TLS_FALLBACK_SCSV | |
| -mtu - set the link layer MTU | |
| -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol | |
| -bugs - Switch on all SSL implementation bug workarounds | |
| -serverpref - Use server's cipher preferences (only SSLv2) | |
| -cipher - preferred cipher to use, use the 'openssl ciphers' | |
| command to see what is available | |
| -starttls prot - use the STARTTLS command before starting TLS | |
| for those protocols that support it, where | |
| 'prot' defines which one to assume. Currently, | |
| only "smtp", "pop3", "imap", "ftp" and "xmpp" | |
| are supported. | |
| -engine id - Initialise and use the specified engine | |
| -rand file:file:... | |
| -sess_out arg - file to write SSL session to | |
| -sess_in arg - file to read SSL session from | |
| -servername host - Set TLS extension servername in ClientHello | |
| -tlsextdebug - hex dump of all TLS extensions received | |
| -status - request certificate status from server | |
| -no_ticket - disable use of RFC4507bis session tickets | |
| -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list) | |
| -legacy_renegotiation - enable use of legacy renegotiation (dangerous) | |
| -use_srtp profiles - Offer SRTP key management with a colon-separated profile list | |
| -keymatexport label - Export keying material using label | |
| -keymatexportlen len - Export len bytes of keying material (default 20) | |
| << ~ >> | |
| $ openssl s_client -verify_host -connect clojars-mirror.tcrawley.org:443 | |
| unknown option -verify_host | |
| usage: s_client args | |
| -host host - use -connect instead | |
| -port port - use -connect instead | |
| -connect host:port - who to connect to (default is localhost:4433) | |
| -verify arg - turn on peer certificate verification | |
| -verify_return_error - return verification errors | |
| -cert arg - certificate file to use, PEM format assumed | |
| -certform arg - certificate format (PEM or DER) PEM default | |
| -key arg - Private key file to use, in cert file if | |
| not specified but cert file is. | |
| -keyform arg - key format (PEM or DER) PEM default | |
| -pass arg - private key file pass phrase source | |
| -CApath arg - PEM format directory of CA's | |
| -CAfile arg - PEM format file of CA's | |
| -no_alt_chains - only ever use the first certificate chain found | |
| -trusted_first - Use trusted CA's first when building the trust chain | |
| -reconnect - Drop and re-make the connection with the same Session-ID | |
| -pause - sleep(1) after each read(2) and write(2) system call | |
| -prexit - print session information even on connection failure | |
| -showcerts - show all certificates in the chain | |
| -debug - extra output | |
| -msg - Show protocol messages | |
| -nbio_test - more ssl protocol testing | |
| -state - print the 'ssl' states | |
| -nbio - Run with non-blocking IO | |
| -crlf - convert LF from terminal into CRLF | |
| -quiet - no s_client output | |
| -ign_eof - ignore input eof (default when -quiet) | |
| -no_ign_eof - don't ignore input eof | |
| -psk_identity arg - PSK identity | |
| -psk arg - PSK in hex (without 0x) | |
| -ssl2 - just use SSLv2 | |
| -ssl3 - just use SSLv3 | |
| -tls1_2 - just use TLSv1.2 | |
| -tls1_1 - just use TLSv1.1 | |
| -tls1 - just use TLSv1 | |
| -dtls1 - just use DTLSv1 | |
| -fallback_scsv - send TLS_FALLBACK_SCSV | |
| -mtu - set the link layer MTU | |
| -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol | |
| -bugs - Switch on all SSL implementation bug workarounds | |
| -serverpref - Use server's cipher preferences (only SSLv2) | |
| -cipher - preferred cipher to use, use the 'openssl ciphers' | |
| command to see what is available | |
| -starttls prot - use the STARTTLS command before starting TLS | |
| for those protocols that support it, where | |
| 'prot' defines which one to assume. Currently, | |
| only "smtp", "pop3", "imap", "ftp" and "xmpp" | |
| are supported. | |
| -engine id - Initialise and use the specified engine | |
| -rand file:file:... | |
| -sess_out arg - file to write SSL session to | |
| -sess_in arg - file to read SSL session from | |
| -servername host - Set TLS extension servername in ClientHello | |
| -tlsextdebug - hex dump of all TLS extensions received | |
| -status - request certificate status from server | |
| -no_ticket - disable use of RFC4507bis session tickets | |
| -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list) | |
| -legacy_renegotiation - enable use of legacy renegotiation (dangerous) | |
| -use_srtp profiles - Offer SRTP key management with a colon-separated profile list | |
| -keymatexport label - Export keying material using label | |
| -keymatexportlen len - Export len bytes of keying material (default 20) | |
| << ~ >> | |
| $ openssl s_client -verify_host -connect "clojars-mirror.tcrawley.org:443" | |
| unknown option -verify_host | |
| usage: s_client args | |
| -host host - use -connect instead | |
| -port port - use -connect instead | |
| -connect host:port - who to connect to (default is localhost:4433) | |
| -verify arg - turn on peer certificate verification | |
| -verify_return_error - return verification errors | |
| -cert arg - certificate file to use, PEM format assumed | |
| -certform arg - certificate format (PEM or DER) PEM default | |
| -key arg - Private key file to use, in cert file if | |
| not specified but cert file is. | |
| -keyform arg - key format (PEM or DER) PEM default | |
| -pass arg - private key file pass phrase source | |
| -CApath arg - PEM format directory of CA's | |
| -CAfile arg - PEM format file of CA's | |
| -no_alt_chains - only ever use the first certificate chain found | |
| -trusted_first - Use trusted CA's first when building the trust chain | |
| -reconnect - Drop and re-make the connection with the same Session-ID | |
| -pause - sleep(1) after each read(2) and write(2) system call | |
| -prexit - print session information even on connection failure | |
| -showcerts - show all certificates in the chain | |
| -debug - extra output | |
| -msg - Show protocol messages | |
| -nbio_test - more ssl protocol testing | |
| -state - print the 'ssl' states | |
| -nbio - Run with non-blocking IO | |
| -crlf - convert LF from terminal into CRLF | |
| -quiet - no s_client output | |
| -ign_eof - ignore input eof (default when -quiet) | |
| -no_ign_eof - don't ignore input eof | |
| -psk_identity arg - PSK identity | |
| -psk arg - PSK in hex (without 0x) | |
| -ssl2 - just use SSLv2 | |
| -ssl3 - just use SSLv3 | |
| -tls1_2 - just use TLSv1.2 | |
| -tls1_1 - just use TLSv1.1 | |
| -tls1 - just use TLSv1 | |
| -dtls1 - just use DTLSv1 | |
| -fallback_scsv - send TLS_FALLBACK_SCSV | |
| -mtu - set the link layer MTU | |
| -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol | |
| -bugs - Switch on all SSL implementation bug workarounds | |
| -serverpref - Use server's cipher preferences (only SSLv2) | |
| -cipher - preferred cipher to use, use the 'openssl ciphers' | |
| command to see what is available | |
| -starttls prot - use the STARTTLS command before starting TLS | |
| for those protocols that support it, where | |
| 'prot' defines which one to assume. Currently, | |
| only "smtp", "pop3", "imap", "ftp" and "xmpp" | |
| are supported. | |
| -engine id - Initialise and use the specified engine | |
| -rand file:file:... | |
| -sess_out arg - file to write SSL session to | |
| -sess_in arg - file to read SSL session from | |
| -servername host - Set TLS extension servername in ClientHello | |
| -tlsextdebug - hex dump of all TLS extensions received | |
| -status - request certificate status from server | |
| -no_ticket - disable use of RFC4507bis session tickets | |
| -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list) | |
| -legacy_renegotiation - enable use of legacy renegotiation (dangerous) | |
| -use_srtp profiles - Offer SRTP key management with a colon-separated profile list | |
| -keymatexport label - Export keying material using label | |
| -keymatexportlen len - Export len bytes of keying material (default 20) | |
| << ~ >> | |
| $ | |
| << ~ >> | |
| $ openssl s_client -showcerts -connect "clojars-mirror.tcrawley.org:443" | |
| CONNECTED(00000003) | |
| depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 | |
| verify return:1 | |
| depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X1 | |
| verify return:1 | |
| depth=0 CN = clojars-mirror.tcrawley.org | |
| verify return:1 | |
| --- | |
| Certificate chain | |
| 0 s:/CN=clojars-mirror.tcrawley.org | |
| i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1 | |
| -----BEGIN CERTIFICATE----- | |
| MIIFGjCCBAKgAwIBAgISAfnfQawLsYaCtiDrfB/gBqgNMA0GCSqGSIb3DQEBCwUA | |
| MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD | |
| ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNjAxMDIxNDM4MDBaFw0x | |
| NjA0MDExNDM4MDBaMCYxJDAiBgNVBAMTG2Nsb2phcnMtbWlycm9yLnRjcmF3bGV5 | |
| Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM3kO1OKngms0ra4 | |
| X4z4GOuvXaxPNy6AVemgBF8v5q7chvMn/r8OMSJfofQ7fXgQU99dgnAzjLz/KjSH | |
| eXpj/BzHIUJL+ArCICdUaYQ+ISpwskgXBzoAHq1xNVJK05Ku21bEZhcTX5bHF1TE | |
| Z2C6bgA5+UT7NFUenefRjWDftZqp9DlWYWL5OPzFusbXXRteMilZ/9zkFeZlC9K6 | |
| klNdY2jkn2N63AIS+SVKYClyhFpjkyQ06BK/0UNkNPwbshn+6OG0ufsWRDxyPaQd | |
| yhwbWz+YtFzGY8SdQ0DVXHSmXQiqu4iYqg62Cx8Z/9BW5e7pndbwVvDah6AR8n06 | |
| kmIdiF8CAwEAAaOCAhwwggIYMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr | |
| BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUA9CFq+/y | |
| ykR1lZ1yUyPiE5mp76UwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEw | |
| cAYIKwYBBQUHAQEEZDBiMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5pbnQteDEu | |
| bGV0c2VuY3J5cHQub3JnLzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgx | |
| LmxldHNlbmNyeXB0Lm9yZy8wJgYDVR0RBB8wHYIbY2xvamFycy1taXJyb3IudGNy | |
| YXdsZXkub3JnMIH+BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEB | |
| ATCB1jAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasG | |
| CCsGAQUFBwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxp | |
| ZWQgdXBvbiBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5j | |
| ZSB3aXRoIHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9s | |
| ZXRzZW5jcnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBADlm | |
| f29/OdUxTRY/WuDCwZuP3yhWptelyIs2UcAB29yV81RCBfGufyToA0rBwqZPb2UR | |
| MIxI9WSPaMxfEL0Toy1W/X//OTzszvbCjKc2xFEHwDufyLjZaHSEjokanXnqJJgV | |
| dt0dAf40UcEu+rxH8FriGZSlbnO9+x+xPQ5Bh62lFi2Jismsbaz0hGexClfrTdxm | |
| 91KLQzpnQeghA80GPChOXyZ4Fr8pFbb23GyusLNa1JagVu1xO6S+GdG8kuUw/xWz | |
| qgvz3Cvh1Xa86O7KQCwSD+pSaeIzex9mkR+EqUFHJdU3TXe3HoQO+cNsfKIT3ne5 | |
| 32YvqkvVzvOBFYqNE94= | |
| -----END CERTIFICATE----- | |
| 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1 | |
| i:/O=Digital Signature Trust Co./CN=DST Root CA X3 | |
| -----BEGIN CERTIFICATE----- | |
| MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw | |
| PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD | |
| Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa | |
| MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD | |
| ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD | |
| ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB | |
| BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg | |
| PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG | |
| dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1 | |
| gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4 | |
| 4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud | |
| EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy | |
| BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j | |
| b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv | |
| ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ | |
| MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH | |
| AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw | |
| MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM | |
| LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3 | |
| pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd | |
| v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd | |
| ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW | |
| ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk | |
| 6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj | |
| f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk= | |
| -----END CERTIFICATE----- | |
| --- | |
| Server certificate | |
| subject=/CN=clojars-mirror.tcrawley.org | |
| issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1 | |
| --- | |
| No client certificate CA names sent | |
| Server Temp Key: ECDH, prime256v1, 256 bits | |
| --- | |
| SSL handshake has read 3184 bytes and written 333 bytes | |
| --- | |
| New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 | |
| Server public key is 2048 bit | |
| Secure Renegotiation IS supported | |
| Compression: NONE | |
| Expansion: NONE | |
| SSL-Session: | |
| Protocol : TLSv1.2 | |
| Cipher : ECDHE-RSA-AES256-GCM-SHA384 | |
| Session-ID: 6205F380D595937B7741180333F42BE979E9ADA430515B40A0882B876B66BD1B | |
| Session-ID-ctx: | |
| Master-Key: 47885058915E4D116E76BAC359E8B2C1B71EDCBD9B5A977EEBC64FD97F59CC771E4F6767FF9686171B564628AECC6260 | |
| Key-Arg : None | |
| Krb5 Principal: None | |
| PSK identity: None | |
| PSK identity hint: None | |
| TLS session ticket lifetime hint: 300 (seconds) | |
| TLS session ticket: | |
| 0000 - 5e 46 94 78 07 28 ce 6a-12 19 2c 90 d9 07 85 37 ^F.x.(.j..,....7 | |
| 0010 - 74 ea 01 ca 0e 93 78 39-ab ff b7 c8 69 92 73 25 t.....x9....i.s% | |
| 0020 - 3a 49 8f 01 7e ff a5 da-f3 77 7b d2 90 8e ef de :I..~....w{..... | |
| 0030 - 01 f1 b9 08 fc 0a 93 50-1d c1 e9 33 f5 1c 2c 4c .......P...3..,L | |
| 0040 - 9c ff 46 8b 13 1c 70 e1-14 93 42 a2 45 0b 6c e2 ..F...p...B.E.l. | |
| 0050 - 97 c2 af da 20 85 8b f3-74 c0 b5 ee dc b8 ad c3 .... ...t....... | |
| 0060 - 22 7a 75 43 e9 e2 b4 db-58 ab 70 33 df a4 ee dc "zuC....X.p3.... | |
| 0070 - 14 84 a0 d4 19 4e f4 8c-5c b9 d1 f5 8b e8 84 cc .....N..\....... | |
| 0080 - ca af fa 4c cf 4e fc 6c-f6 3b e1 fd 99 24 5c f9 ...L.N.l.;...$\. | |
| 0090 - c2 db 01 c9 44 e7 58 f6-1c ba 19 8c 47 bb 58 78 ....D.X.....G.Xx | |
| 00a0 - 66 3b 5d 47 ab 41 9d 76-21 f7 7a 86 16 fa a4 b2 f;]G.A.v!.z..... | |
| Start Time: 1451754129 | |
| Timeout : 300 (sec) | |
| Verify return code: 0 (ok) | |
| --- | |
| C-c C-c | |
| << ~ >> | |
| $ openssl s_client -verify -connect "clojars-mirror.tcrawley.org:443" | |
| verify depth is 0 | |
| unknown option clojars-mirror.tcrawley.org:443 | |
| usage: s_client args | |
| -host host - use -connect instead | |
| -port port - use -connect instead | |
| -connect host:port - who to connect to (default is localhost:4433) | |
| -verify arg - turn on peer certificate verification | |
| -verify_return_error - return verification errors | |
| -cert arg - certificate file to use, PEM format assumed | |
| -certform arg - certificate format (PEM or DER) PEM default | |
| -key arg - Private key file to use, in cert file if | |
| not specified but cert file is. | |
| -keyform arg - key format (PEM or DER) PEM default | |
| -pass arg - private key file pass phrase source | |
| -CApath arg - PEM format directory of CA's | |
| -CAfile arg - PEM format file of CA's | |
| -no_alt_chains - only ever use the first certificate chain found | |
| -trusted_first - Use trusted CA's first when building the trust chain | |
| -reconnect - Drop and re-make the connection with the same Session-ID | |
| -pause - sleep(1) after each read(2) and write(2) system call | |
| -prexit - print session information even on connection failure | |
| -showcerts - show all certificates in the chain | |
| -debug - extra output | |
| -msg - Show protocol messages | |
| -nbio_test - more ssl protocol testing | |
| -state - print the 'ssl' states | |
| -nbio - Run with non-blocking IO | |
| -crlf - convert LF from terminal into CRLF | |
| -quiet - no s_client output | |
| -ign_eof - ignore input eof (default when -quiet) | |
| -no_ign_eof - don't ignore input eof | |
| -psk_identity arg - PSK identity | |
| -psk arg - PSK in hex (without 0x) | |
| -ssl2 - just use SSLv2 | |
| -ssl3 - just use SSLv3 | |
| -tls1_2 - just use TLSv1.2 | |
| -tls1_1 - just use TLSv1.1 | |
| -tls1 - just use TLSv1 | |
| -dtls1 - just use DTLSv1 | |
| -fallback_scsv - send TLS_FALLBACK_SCSV | |
| -mtu - set the link layer MTU | |
| -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol | |
| -bugs - Switch on all SSL implementation bug workarounds | |
| -serverpref - Use server's cipher preferences (only SSLv2) | |
| -cipher - preferred cipher to use, use the 'openssl ciphers' | |
| command to see what is available | |
| -starttls prot - use the STARTTLS command before starting TLS | |
| for those protocols that support it, where | |
| 'prot' defines which one to assume. Currently, | |
| only "smtp", "pop3", "imap", "ftp" and "xmpp" | |
| are supported. | |
| -engine id - Initialise and use the specified engine | |
| -rand file:file:... | |
| -sess_out arg - file to write SSL session to | |
| -sess_in arg - file to read SSL session from | |
| -servername host - Set TLS extension servername in ClientHello | |
| -tlsextdebug - hex dump of all TLS extensions received | |
| -status - request certificate status from server | |
| -no_ticket - disable use of RFC4507bis session tickets | |
| -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list) | |
| -legacy_renegotiation - enable use of legacy renegotiation (dangerous) | |
| -use_srtp profiles - Offer SRTP key management with a colon-separated profile list | |
| -keymatexport label - Export keying material using label | |
| -keymatexportlen len - Export len bytes of keying material (default 20) | |
| << ~ >> | |
| $ openssl s_client -verify -connect clojars-mirror.tcrawley.org:443 | |
| verify depth is 0 | |
| unknown option clojars-mirror.tcrawley.org:443 | |
| usage: s_client args | |
| -host host - use -connect instead | |
| -port port - use -connect instead | |
| -connect host:port - who to connect to (default is localhost:4433) | |
| -verify arg - turn on peer certificate verification | |
| -verify_return_error - return verification errors | |
| -cert arg - certificate file to use, PEM format assumed | |
| -certform arg - certificate format (PEM or DER) PEM default | |
| -key arg - Private key file to use, in cert file if | |
| not specified but cert file is. | |
| -keyform arg - key format (PEM or DER) PEM default | |
| -pass arg - private key file pass phrase source | |
| -CApath arg - PEM format directory of CA's | |
| -CAfile arg - PEM format file of CA's | |
| -no_alt_chains - only ever use the first certificate chain found | |
| -trusted_first - Use trusted CA's first when building the trust chain | |
| -reconnect - Drop and re-make the connection with the same Session-ID | |
| -pause - sleep(1) after each read(2) and write(2) system call | |
| -prexit - print session information even on connection failure | |
| -showcerts - show all certificates in the chain | |
| -debug - extra output | |
| -msg - Show protocol messages | |
| -nbio_test - more ssl protocol testing | |
| -state - print the 'ssl' states | |
| -nbio - Run with non-blocking IO | |
| -crlf - convert LF from terminal into CRLF | |
| -quiet - no s_client output | |
| -ign_eof - ignore input eof (default when -quiet) | |
| -no_ign_eof - don't ignore input eof | |
| -psk_identity arg - PSK identity | |
| -psk arg - PSK in hex (without 0x) | |
| -ssl2 - just use SSLv2 | |
| -ssl3 - just use SSLv3 | |
| -tls1_2 - just use TLSv1.2 | |
| -tls1_1 - just use TLSv1.1 | |
| -tls1 - just use TLSv1 | |
| -dtls1 - just use DTLSv1 | |
| -fallback_scsv - send TLS_FALLBACK_SCSV | |
| -mtu - set the link layer MTU | |
| -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol | |
| -bugs - Switch on all SSL implementation bug workarounds | |
| -serverpref - Use server's cipher preferences (only SSLv2) | |
| -cipher - preferred cipher to use, use the 'openssl ciphers' | |
| command to see what is available | |
| -starttls prot - use the STARTTLS command before starting TLS | |
| for those protocols that support it, where | |
| 'prot' defines which one to assume. Currently, | |
| only "smtp", "pop3", "imap", "ftp" and "xmpp" | |
| are supported. | |
| -engine id - Initialise and use the specified engine | |
| -rand file:file:... | |
| -sess_out arg - file to write SSL session to | |
| -sess_in arg - file to read SSL session from | |
| -servername host - Set TLS extension servername in ClientHello | |
| -tlsextdebug - hex dump of all TLS extensions received | |
| -status - request certificate status from server | |
| -no_ticket - disable use of RFC4507bis session tickets | |
| -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list) | |
| -legacy_renegotiation - enable use of legacy renegotiation (dangerous) | |
| -use_srtp profiles - Offer SRTP key management with a colon-separated profile list | |
| -keymatexport label - Export keying material using label | |
| -keymatexportlen len - Export len bytes of keying material (default 20) | |
| << ~ >> | |
| $ openssl s_client -showcerts -connect clojars-mirror.tcrawley.org:443 | |
| CONNECTED(00000003) | |
| depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 | |
| verify return:1 | |
| depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X1 | |
| verify return:1 | |
| depth=0 CN = clojars-mirror.tcrawley.org | |
| verify return:1 | |
| --- | |
| Certificate chain | |
| 0 s:/CN=clojars-mirror.tcrawley.org | |
| i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1 | |
| -----BEGIN CERTIFICATE----- | |
| MIIFGjCCBAKgAwIBAgISAfnfQawLsYaCtiDrfB/gBqgNMA0GCSqGSIb3DQEBCwUA | |
| MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD | |
| ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNjAxMDIxNDM4MDBaFw0x | |
| NjA0MDExNDM4MDBaMCYxJDAiBgNVBAMTG2Nsb2phcnMtbWlycm9yLnRjcmF3bGV5 | |
| Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM3kO1OKngms0ra4 | |
| X4z4GOuvXaxPNy6AVemgBF8v5q7chvMn/r8OMSJfofQ7fXgQU99dgnAzjLz/KjSH | |
| eXpj/BzHIUJL+ArCICdUaYQ+ISpwskgXBzoAHq1xNVJK05Ku21bEZhcTX5bHF1TE | |
| Z2C6bgA5+UT7NFUenefRjWDftZqp9DlWYWL5OPzFusbXXRteMilZ/9zkFeZlC9K6 | |
| klNdY2jkn2N63AIS+SVKYClyhFpjkyQ06BK/0UNkNPwbshn+6OG0ufsWRDxyPaQd | |
| yhwbWz+YtFzGY8SdQ0DVXHSmXQiqu4iYqg62Cx8Z/9BW5e7pndbwVvDah6AR8n06 | |
| kmIdiF8CAwEAAaOCAhwwggIYMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr | |
| BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUA9CFq+/y | |
| ykR1lZ1yUyPiE5mp76UwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEw | |
| cAYIKwYBBQUHAQEEZDBiMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5pbnQteDEu | |
| bGV0c2VuY3J5cHQub3JnLzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgx | |
| LmxldHNlbmNyeXB0Lm9yZy8wJgYDVR0RBB8wHYIbY2xvamFycy1taXJyb3IudGNy | |
| YXdsZXkub3JnMIH+BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEB | |
| ATCB1jAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasG | |
| CCsGAQUFBwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxp | |
| ZWQgdXBvbiBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5j | |
| ZSB3aXRoIHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9s | |
| ZXRzZW5jcnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBADlm | |
| f29/OdUxTRY/WuDCwZuP3yhWptelyIs2UcAB29yV81RCBfGufyToA0rBwqZPb2UR | |
| MIxI9WSPaMxfEL0Toy1W/X//OTzszvbCjKc2xFEHwDufyLjZaHSEjokanXnqJJgV | |
| dt0dAf40UcEu+rxH8FriGZSlbnO9+x+xPQ5Bh62lFi2Jismsbaz0hGexClfrTdxm | |
| 91KLQzpnQeghA80GPChOXyZ4Fr8pFbb23GyusLNa1JagVu1xO6S+GdG8kuUw/xWz | |
| qgvz3Cvh1Xa86O7KQCwSD+pSaeIzex9mkR+EqUFHJdU3TXe3HoQO+cNsfKIT3ne5 | |
| 32YvqkvVzvOBFYqNE94= | |
| -----END CERTIFICATE----- | |
| 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1 | |
| i:/O=Digital Signature Trust Co./CN=DST Root CA X3 | |
| -----BEGIN CERTIFICATE----- | |
| MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw | |
| PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD | |
| Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa | |
| MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD | |
| ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD | |
| ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB | |
| BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg | |
| PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG | |
| dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1 | |
| gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4 | |
| 4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud | |
| EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy | |
| BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j | |
| b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv | |
| ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ | |
| MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH | |
| AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw | |
| MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM | |
| LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3 | |
| pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd | |
| v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd | |
| ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW | |
| ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk | |
| 6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj | |
| f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk= | |
| -----END CERTIFICATE----- | |
| --- | |
| Server certificate | |
| subject=/CN=clojars-mirror.tcrawley.org | |
| issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1 | |
| --- | |
| No client certificate CA names sent | |
| Server Temp Key: ECDH, prime256v1, 256 bits | |
| --- | |
| SSL handshake has read 3184 bytes and written 333 bytes | |
| --- | |
| New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 | |
| Server public key is 2048 bit | |
| Secure Renegotiation IS supported | |
| Compression: NONE | |
| Expansion: NONE | |
| SSL-Session: | |
| Protocol : TLSv1.2 | |
| Cipher : ECDHE-RSA-AES256-GCM-SHA384 | |
| Session-ID: B0C992AC142674DE71F3E7E84FEA27F12F345140615DDFCBCB21B0DE1877DF0E | |
| Session-ID-ctx: | |
| Master-Key: 67F161585DD95B81234B6F19EA4E6AD419E2EE158BC2F11B87E041E2A3D20B6092AA6FE809030A7D5B077F2B9B5F4B89 | |
| Key-Arg : None | |
| Krb5 Principal: None | |
| PSK identity: None | |
| PSK identity hint: None | |
| TLS session ticket lifetime hint: 300 (seconds) | |
| TLS session ticket: | |
| 0000 - 5e 46 94 78 07 28 ce 6a-12 19 2c 90 d9 07 85 37 ^F.x.(.j..,....7 | |
| 0010 - 34 92 97 94 a8 98 00 09-e9 5c 72 d7 03 b7 0e ff 4........\r..... | |
| 0020 - 24 48 75 50 1e 0f a2 cc-86 64 25 39 86 41 6b 03 $HuP.....d%9.Ak. | |
| 0030 - af 73 c8 39 44 cd 90 23-b3 6a 7f 61 c7 69 4c 3f .s.9D..#.j.a.iL? | |
| 0040 - 7c e3 ba e3 7d 4e 04 60-88 cf f8 2a f8 0c db bb |...}N.`...*.... | |
| 0050 - f8 f2 2e c1 b1 10 28 66-70 7a b4 d6 1f 59 7a cb ......(fpz...Yz. | |
| 0060 - bf 81 be 07 d8 ff 87 be-43 ed 37 1c 00 a5 c5 88 ........C.7..... | |
| 0070 - 24 43 1c 63 e2 3e af cd-ef b5 7b 6e 30 f7 28 29 $C.c.>....{n0.() | |
| 0080 - 9f 59 b6 f2 f3 db ba 24-1b df 71 51 51 66 db bb .Y.....$..qQQf.. | |
| 0090 - 56 f8 ad 57 8c 37 c2 81-84 8d 4b 2f b9 73 71 dd V..W.7....K/.sq. | |
| 00a0 - 88 0e 21 c6 d9 d7 ba c9-21 fb 94 f1 df d0 25 7f ..!.....!.....%. | |
| Start Time: 1451754173 | |
| Timeout : 300 (sec) | |
| Verify return code: 0 (ok) | |
| --- | |
| closed | |
| << ~ >> | |
| $ openssl s_client -showcerts -connect clojars-mirror.tcrawley.org:443 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment