Возникла спонтанная проблема openssl с определенного сервера - PullRequest
Новая
       16

Возникла спонтанная проблема openssl с определенного сервера

0 голосов
/ 22 сентября 2019

При открытии соединения openssl с целевым хостом с разных серверов некоторые работают, некоторые - нет.

Я пытался использовать openssl с 3 разных серверов.На моей стороне нет проблем с брандмауэром, ничего не работает.Это работало в течение года, и теперь внезапно просто перестало работать на «Серверной Альфе». Я ничего не изменил и не обновил, как вы можете видеть, это очень запутанно.

Серверная Альфа 

root@debian:# openssl s_client -connect email-smtp.us-east-1.amazonaws.com:465

CONNECTED(00000003) # No response after connection

Сервер Bravo 

root@guest:~# openssl s_client -connect email-smtp.us-east- 
1.amazonaws.com:465
CONNECTED(00000003) # as you can see below it is successful 
depth=2 C = US, O = Amazon, CN = Amazon Root CA 1
verify return:1
depth=1 C = US, O = Amazon, OU = Server CA 1B, CN = Amazon
verify return:1
depth=0 CN = email-smtp.us-east-1.amazonaws.com
verify return:1
---
Certificate chain
0 s:/CN=email-smtp.us-east-1.amazonaws.com
i:/C=US/O=Amazon/OU=Server CA 1B/CN=Amazon
1 s:/C=US/O=Amazon/OU=Server CA 1B/CN=Amazon
i:/C=US/O=Amazon/CN=Amazon Root CA 1
2 s:/C=US/O=Amazon/CN=Amazon Root CA 1
i:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies,     
Inc./CN=Starfield Services Root Certificate Authority - G2
3 s:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, 
Inc./CN=Starfield Services Root Certificate Authority - G2
i:/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 
Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgIQDtg7xYx21Sf1iQ0aJ5ZcpDANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0xOTA2MTgwMDAwMDBaFw0yMDA3MTgx
MjAwMDBaMC0xKzApBgNVBAMTImVtYWlsLXNtdHAudXMtZWFzdC0xLmFtYXpvbmF3
cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZfkMCJShIKm+o
zLn+aXLC8fmz+2CatW4EegPOZ7nlWh7eOkTRomXAzaZrCGglQXRPTqx+deE4C3fw
P7effh7z97wpugWK9dhJwxfnBNpcuFj0yS4Cstrjxrxb244HP2ppEDDKFwyw0Ili
WcJuxGkoxB5APS1grKgE77I/RufOoLU+g0xC7K1zlKN/SELpbiQt0Y42/vCjDdIp
mRUlZ+B5ItRwl38nWomHIGUxhLIO37VkA+9UmynOmhIWI/kkWjlrmveiAjoo4GM2
sW9iRXtzp9TVFPZk9MG0NBcLIizTkSVx/Ve+rJTbWq4yzMAjj7X4Q0iNQQVlAdK0
+hGK24A/AgMBAAGjggKOMIICijAfBgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0
W/k90DAdBgNVHQ4EFgQUnzZQhf6Nm7C/x5VQ6GZ5yEW0MHUwLQYDVR0RBCYwJIIi
ZW1haWwtc210cC51cy1lYXN0LTEuYW1hem9uYXdzLmNvbTAOBgNVHQ8BAf8EBAMC
BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAu
oCyGKmh0dHA6Ly9jcmwuc2NhMWIuYW1hem9udHJ1c3QuY29tL3NjYTFiLmNybDAg
BgNVHSAEGTAXMAsGCWCGSAGG/WwBAjAIBgZngQwBAgEwdQYIKwYBBQUHAQEEaTBn
MC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5zY2ExYi5hbWF6b250cnVzdC5jb20w
NgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQuc2NhMWIuYW1hem9udHJ1c3QuY29tL3Nj
YTFiLmNydDAMBgNVHRMBAf8EAjAAMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYA
7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFra5dYLgAABAMARzBF
AiEAxd5DeQZ93Lnk5GA/Vz+8fWQHR6dV2nHrhbGLNG4H1gQCIEEEuALoGmSy89y5
aI827wW1EEEv5U2vTWjJhGPV7ip3AHYAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVg
wbTq/16ggw8AAAFra5dYygAABAMARzBFAiEAx+Eo/0e0oxeeS7Ijl0sHzbc1nPfn
sryoxqqm88h4waICIG/5Js8BEpyID2lfWLL/8FLtAKaxh4Zc1l9y8m+0k672MA0G
CSqGSIb3DQEBCwUAA4IBAQB2Ny91Se1I8GZw0Nln9S2XRqF4CSBGfl/0DSFIL88l
XDPdGkbOUlizkwxFCLxo9ovu13MUAml9edrXvDcd2f31mbkC+66ezx6CTpvTubWL
g2NM/4QN7/+DMEz/eX93K4dRSpu+t2FukcJ5HrU0bYwYAacRViLgwwOg2G7e85ZJ
lv+jfB5W1wEzfhCW1z6Zyqjat7hDg3jj8fuCeLJuXAL0xmz43Ho2QxA1EJ10Yb2K
rLZiMpHFVWEKSt/7Vtj5+BBMXDX4Dq1D0IPcoERW1IRoyYIk/NFvgDSShEAIrd5M
0INRREHIIgjlDa3KIVFRDi23wh0KISu5AXR46ggijzPH
-----END CERTIFICATE-----
subject=/CN=email-smtp.us-east-1.amazonaws.com
issuer=/C=US/O=Amazon/OU=Server CA 1B/CN=Amazon
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5361 bytes and written 302 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID:

DCE5695E3DADBCA17EFB39BED0B81454DC16BC2708B2D72FF71A627600517BF1 Session-ID-ctx: Мастер-ключ: ... ... 1011 *

Мои ожидаемые результаты совпадают с откликом сервера как Bravo.Успех.

...