[squid-users] Squid not allowing SSL handshake
Yuri Voinov
yvoinov at gmail.com
Thu Mar 17 17:25:01 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
root @ cthulhu / # openssl s_client -connect api.twilio.com:443
CONNECTED(00000003)
depth=3 C = ZA, ST = Western Cape, L = Cape Town, O = Thawte Consulting
cc, OU = Certification Services Division, CN = Thawte Premium Server CA,
emailAddress = premium-server at thawte.com
verify return:1
depth=2 C = US, O = "thawte, Inc.", OU = Certification Services
Division, OU = "(c) 2006 thawte, Inc. - For authorized use only", CN =
thawte Primary Root CA
verify return:1
depth=1 C = US, O = "thawte, Inc.", CN = thawte SSL CA - G2
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "Twilio, Inc.",
OU = api, CN = *.twilio.com
verify return:1
- ---
Certificate chain
0 s:/C=US/ST=California/L=San Francisco/O=Twilio,
Inc./OU=api/CN=*.twilio.com
i:/C=US/O=thawte, Inc./CN=thawte SSL CA - G2
1 s:/C=US/O=thawte, Inc./CN=thawte SSL CA - G2
i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006
thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
2 s:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006
thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Premium Server
CA/emailAddress=premium-server at thawte.com
- ---
Server certificate
- -----BEGIN CERTIFICATE-----
MIIFvTCCBKWgAwIBAgIQKBylVBf65NqvZJKMbeWFUDANBgkqhkiG9w0BAQsFADBB
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMRswGQYDVQQDExJ0
aGF3dGUgU1NMIENBIC0gRzIwHhcNMTUwODMxMDAwMDAwWhcNMTYwOTE2MjM1OTU5
WjB2MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
U2FuIEZyYW5jaXNjbzEVMBMGA1UECgwMVHdpbGlvLCBJbmMuMQwwCgYDVQQLDANh
cGkxFTATBgNVBAMMDCoudHdpbGlvLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
ADCCAgoCggIBAPM8qs7DYvYK7IATIhmD0L9zU2H0SxbmsswkMm0nXpE/ELOTvGD3
qz5SdnQLGDsrI4S09hnbaPkyz35GJiIkk1mm40xsigwzuBp6P158d1t7x4SExInH
0aaxI0jD0Zf8bsFH1XrOFTyhFC7BcZy6UEiuhbu9mLZbHteopx/t2jBML4bAIR6q
mqy3MEgLbf6ZwQij9v/ZKJCvXawpHnlr7jaViNefNprHaXE+bnRWRdpZlJpFjLnJ
Pre1+jqgomDlm3d9r1z7hTXooGAyJ0xwNiz6EGzwXJfsF4gKuIzQmNJ3Ja1+F5Bb
Mm8EWg4KhLyolWfrGbW3oRanBFUAnfaAUXQ4L9Lt7ERnurAa1T1YCpUnlMx2Mto8
1jSGB+va7Eb+TuldEaPrNIK9WC2P0y3M5cpjBYjRV2lPPcvSCmrf8pmMxh2dKQAK
122PtiI68OkGWB2ZRKC4vKS/n9V9adL0//1RnlPBAjJsUOR0ilaN+apTsMRh+GBJ
ZUO0ZSu0110UTLBvP+s8RKVFvt1LPSLRZfVDQ+eiphsCytAJbvfYF1FuTn0rW+9y
eRjmBwPih6DbVfEBYRhGBlUlO2iNd8stS97K1KYUALNgJb0gDbXItYz8od9zISHe
+5BYsULB9m+AuAGpQYe8tSHmMON7Xa1rNDOkVGmMlZ8gzSPEWaIofg83AgMBAAGj
ggF6MIIBdjAjBgNVHREEHDAaggwqLnR3aWxpby5jb22CCnR3aWxpby5jb20wCQYD
VR0TBAIwADBuBgNVHSAEZzBlMGMGBmeBDAECAjBZMCYGCCsGAQUFBwIBFhpodHRw
czovL3d3dy50aGF3dGUuY29tL2NwczAvBggrBgEFBQcCAjAjDCFodHRwczovL3d3
dy50aGF3dGUuY29tL3JlcG9zaXRvcnkwDgYDVR0PAQH/BAQDAgWgMB8GA1UdIwQY
MBaAFMJPSFf80U+awF04fQ4F29kutVJgMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6
Ly90ai5zeW1jYi5jb20vdGouY3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly90ai5zeW1j
ZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly90ai5zeW1jYi5jb20vdGouY3J0MA0G
CSqGSIb3DQEBCwUAA4IBAQAb12A6VDnivPyI/n8nheYwo5XLlqV8ez5uZr5LixC4
gHtWxE/lr6k6iGQjpwOb32b+8VMhqN2EmIGmvuZVETKKvXnYOsFasK+NswPBDCmH
gtHtDuwY3Npctgx/oa4SIKapxfIEwj7bKczPPW9+c/HeaKeeIXYXAn6RvdAn04me
rrpyvdZoo609+EY3rC4EMQTYNWRtgtP+nWkK0ha5WP9o1LKQ7OmDMT8tREH5ErXs
ndvExP3fzWbEBizZC7Q78AlbbalQL3zZRM8oN+l+5TjnljmdZ7eF54p0xogdyCUA
MuQ+1rSyJy3Hfv0jvBfzrtpO4lURAFMBVSniqQd4XDuf
- -----END CERTIFICATE-----
subject=/C=US/ST=California/L=San Francisco/O=Twilio,
Inc./OU=api/CN=*.twilio.com
issuer=/C=US/O=thawte, Inc./CN=thawte SSL CA - G2
- ---
No client certificate CA names sent
- ---
SSL handshake has read 4692 bytes and written 417 bytes
- ---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID:
144CC4E47BAB138188CAF726ACBA9CCFB9733AF1349D4531ACDDAD7FDFA77CF1
Session-ID-ctx:
Master-Key:
929C7C7AB8A381CAAFA8458833DE885FBBFE545DF381B0036193BA7981856FA5B814EB8D67A704CA423FEF8C0795684C
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 6c 17 d7 b7 96 a2 1b c6-dd 11 50 32 c6 d8 b6 c7
l.........P2....
0010 - 7d b5 54 c1 5d b5 62 e6-35 04 42 0c 12 b2 e2 67
}.T.].b.5.B....g
0020 - 8c 54 ef c9 2b 99 7d cf-26 2f 8e 02 f2 70 20 40
.T..+.}.&/...p @
0030 - 14 f7 e7 f6 cc e4 31 ab-de 43 5f f1 55 26 cf cc
......1..C_.U&..
0040 - 6a 0b b6 77 4d 10 98 f3-00 f5 5e 4c fc e9 6c 76
j..wM.....^L..lv
0050 - 20 00 34 98 67 42 4e 80-7e b2 fa 58 86 c7 56 5e
.4.gBN.~..X..V^
0060 - 16 71 9f fd 7d 48 a3 3b-d0 2f 3d 6e 17 e5 34 ce
.q..}H.;./=n..4.
0070 - a2 8a 11 61 cd 65 39 e5-9a 99 e5 d3 3c 3d 04 f5
...a.e9.....<=..
0080 - f2 e5 06 3e 40 c4 c8 68-b7 c9 06 a8 bb 9d d7 f2
...>@..h........
0090 - 44 1d 2d 44 2b 1a b5 34-0b da ec a0 39 b9 d0 31
D.-D+..4....9..1
Start Time: 1458235340
Timeout : 300 (sec)
Verify return code: 0 (ok)
- ---
Where you see problem?
17.03.16 22:23, Nick Walke пишет:
> openssl s_client -connect api.twilio.com:443 <http://api.twilio.com:443>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJW6uhtAAoJENNXIZxhPexGhnUH/354Qrv29c+dL2q1nnHR5sN2
kVBdFyDJUkU2gTem5h0bnAggZENMALOuZuxeyiy7mhFjODZFP00TP3gZdmKxXOdI
awRU9+ANGXDB4PTdagOJtdfcZuXRVR9IUX5ktTTJUSPmYaI08cTVcbY/QV3CJCp2
v1FDHq/1Ja6ASbKpoX2PqbDZtRU5tTuMLyGb/w/Z/OsqMTvHzC+W32WcFwTn7OJP
QpXnt3n21X5XQD5ItqxlTaGoD28BxKRq2v0nsPLe2XG/gINs7K8lvmv/2p9PNBPb
ZbWauE0OU46Pb+HWZV4yW+1Kj1a6g3UsLpKcyl8DJdAvqeTRPW48M6FC4z8kE9E=
=uh8V
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160317/bec43a5e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160317/bec43a5e/attachment-0001.key>
More information about the squid-users
mailing list