編集履歴

回答編集履歴

確認方法を追記

2018/09/19 06:22

投稿

スコア25171

test CHANGED Viewed

@@ -1 +1,189 @@
 TLS 1.2 が、サポートされたのは、OpenSSL version 1.0.1 からだと思うのですが、お使いの環境の OpenSSL のバージョンは、いくつでしょうか？
+確認方法：
+```
+openssl s_client -connect www.google.com:443 -tls1_2
+```
+対応している場合
+```
+CONNECTED(00000003)
+depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
+verify return:1
+depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
+verify return:1
+depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = www.google.com
+verify return:1
+---
+Certificate chain
+ 0 s:/C=US/ST=California/L=Mountain View/O=Google LLC/CN=www.google.com
+   i:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
+ 1 s:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
+   i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
+---
+Server certificate
+-----BEGIN CERTIFICATE-----
+(省略)
+-----END CERTIFICATE-----
+subject=/C=US/ST=California/L=Mountain View/O=Google LLC/CN=www.google.com
+issuer=/C=US/O=Google Trust Services/CN=Google Internet Authority G3
+---
+No client certificate CA names sent
+Peer signing digest: SHA256
+Server Temp Key: ECDH, P-256, 256 bits
+---
+SSL handshake has read 2986 bytes and written 415 bytes
+---
+New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
+Server public key is 2048 bit
+Secure Renegotiation IS supported
+Compression: NONE
+Expansion: NONE
+No ALPN negotiated
+SSL-Session:
+    Protocol  : TLSv1.2
+    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
+    Session-ID: 9279A0635D520A443EB6E4F8B49571E05E678212FDB4E2FEF21498BAEED9A042
+    Session-ID-ctx:
+    Master-Key: B0E2902118E3182E9ADEBEB731C0FF080580986DFC9F90242EA64DF5C9A37408862B28EE0AC285E17EDDE711D2006B8A
+    Key-Arg   : None
+    Krb5 Principal: None
+    PSK identity: None
+    PSK identity hint: None
+    TLS session ticket lifetime hint: 100800 (seconds)
+    TLS session ticket:
+    0000 - 00 03 c1 16 a8 05 68 cb-be 36 04 0d 94 4a 5e e1   ......h..6...J^.
+    0010 - f7 94 06 7f 69 62 8c 3b-26 df 36 c1 fc 94 2a 7b   ....ib.;&.6...*{
+    0020 - db 52 9e 7d 5c 9a 00 99-00 c8 2d 6b eb 0d c2 1f   .R.}.....-k....
+    0030 - af 0d 7a 4f d3 5b 5c c2-b3 5b c7 64 52 d0 e0 2f   ..zO.[..[.dR../
+    0040 - 19 5e ac d9 62 db 18 11-19 af 4d 26 89 79 20 48   .^..b.....M&.y H
+    0050 - 2f ae 8a 56 d7 0e 51 11-48 6c 59 26 73 48 c9 a0   /..V..Q.HlY&sH..
+    0060 - 79 38 de 19 ec 0a 67 8a-40 f9 ed 16 9f 90 0b dd   y8....g.@.......
+    0070 - b9 3b c2 b7 26 e6 7d d2-9b d5 2b b1 53 ed 9f f7   .;..&.}...+.S...
+    0080 - ef 77 d5 2b 7a 03 05 4d-43 c9 6d 42 51 47 d3 ac   .w.+z..MC.mBQG..
+    0090 - 62 28 f8 35 d0 e0 be 09-56 bc c9 fe 98 83 c1 cc   b(.5....V.......
+    00a0 - b3 af 04 7e 67 fb ca 7e-7e b3 0f 80 5d 8f 01 18   ...~g..~~...]...
+    00b0 - 93 50 10 b1 5b 8d ae 95-2e 67 8b 30 72 a1 d8 af   .P..[....g.0r...
+    00c0 - 93 25 43 90 df 8d e5 a6-7e 57 96 85 6f 24 c0 1e   .%C.....~W..o$..
+    00d0 - 6b 86 ee 9d 9c                                    k....
+    Start Time: 1537337921
+    Timeout   : 7200 (sec)
+    Verify return code: 0 (ok)
+---
+(以下略)
+```
+のような結果で、
+```
+SSL-Session:
+    Protocol  : TLSv1.2
+    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
+    Session-ID: 9279A0635D520A443EB6E4F8B49571E05E678212FDB4E2FEF21498BAEED9A042
+    Session-ID-ctx:
+```
+とあります。
+対応していない場合
+```
+$ openssl s_client -connect www.google.com:443 -tls1_2
+unknown option -tls1_2
+usage: s_client args
+```
+オプションのエラーになります。