背景
由于最近openssl的心脏问题,更换了1.0.1g的ssl库,工作上需要使用这个库连接服务器,但是发现更换库之后,对于某些域名的ssl握手就会出现失败的情况。为了找出失败的原因,最后在openssl自带的工具发现可以跟踪握手情况
跟踪网站的ssl端口
1.跟踪不带任何协议参数握手情况
openssl s_client -connect gmail.com:443
CONNECTED(00000003)
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mail.google.com
i:/C=US/O=Google Inc/CN=Google Internet Authority G2
1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEeDCCA2CgAwIBAgIILdHLb3yg3v8wDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNTIyMTEyNjU3WhcNMTQwODIwMDAwMDAw
WjBpMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEYMBYGA1UEAwwPbWFp
bC5nb29nbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7il
DvSrk0jlEY0HSNv+7V1LUhUD9r7RUHsFHpkYo5Z+9vD9PJvYuHVbkUPHXMC0XLid
7R5esEf7l1Cn29nBO8swVCgOcd2bn2rVG6N/N0YfBL5Hk11NNrl4BtX9E6TpD1Xp
pUQumwL10Zqk4MF4zhj7VQMeg9eeS4FBWPz7LShcdJt6jfgC2yQ9dk3M/2OVztPt
oOwkGDpmSxzXrFBglJmwjnOKER9GiZHmbp4OjcQQ+0vdoRbOTSrgyIfS22idWLei
1ZLwfqHlcNn+OhLBzT4pTAjFOZBw5ez2+QqxiufY8qiuzT+KOIlKXQn/Nj/YFk2p
TYvJEBolZ6pEVnwm5QIDAQABo4IBQjCCAT4wHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMBoGA1UdEQQTMBGCD21haWwuZ29vZ2xlLmNvbTBoBggrBgEFBQcB
AQRcMFowKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5j
cnQwKwYIKwYBBQUHMAGGH2h0dHA6Ly9jbGllbnRzMS5nb29nbGUuY29tL29jc3Aw
HQYDVR0OBBYEFJ+aSQdtCR/3p4hwPsDDYjPn6HJTMAwGA1UdEwEB/wQCMAAwHwYD
VR0jBBgwFoAUSt0GFhu89mi1dvWBtrtiGrpagS8wFwYDVR0gBBAwDjAMBgorBgEE
AdZ5AgUBMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9H
SUFHMi5jcmwwDQYJKoZIhvcNAQEFBQADggEBAF5N1Dj+Y9k4MjADPH0qEebzd/8+
b2SlsYjGJAn3gsdrkIB+HFwQJ4XjsS6FL8lsJhIqMWO4uw5Kt+hwLc8b6uuWTcx8
Mx6O56YLivdFJ62ki0vxAwpDemjP7ktXwsW4vnjAyUYgO1CGxUlSy0PWYK5lmYJ8
qXwfVKLBRZIXc/6cFYX5QiNZExQeFXzHogGgHtKwRU+yQSnd6mUSBmbCuEydR0hI
ESmCgnYHK48QRxYKOlenuXPeJoMAsuks0dqtAzYFZa0H/jwXSByNQAkwyRmOP62j
s1JIVXxc8V+zEf5Kp655M2VOZ6ihv89XAI5ADDNXFttfbfBVTvDYceb3nyQ=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mail.google.com
issuer