Support Questions
Find answers, ask questions, and share your expertise
Announcements
Check out our newest addition to the community, the Cloudera Innovation Accelerator group hub.

Encryption OpenSSL certificate verification failing

Explorer

Hi Experts,

 

I am badly stuck with "SSLError: certificate verify failed" and not able to move forward. I am trying to setup a system for a POC. Please help.


I am using "Cloudera Enterprise Trial 6.3.1" on RedHat 7.2.

It is a single node and trying to enable encryption with self signed certificate.

OpenSSL 1.1.1g 21 Apr 2020

 

I have followed steps from these links:

https://docs.cloudera.com/documentation/enterprise/6/6.3/topics/how_to_configure_cm_tls.html

https://docs.cloudera.com/documentation/enterprise/latest/topics/sg_self_signed_tls.html

 

openssl s_client -connect $(grep "server_host" /etc/cloudera-scm-agent/config.ini | sed s/server_host=//):7182 </dev/null | openssl x509 -text -noout

 

Output of the above command contains below error

 

139717345220416:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:ssl/record/rec_layer_s3.c:1544:SSL alert number 42

 

Not sure, what I have missed. Any help highly appreciated.

 

Thanks,

Tulasi

1 REPLY 1

Explorer

Also followed https://community.cloudera.com/t5/Support-Questions/SSLError-certificate-verify-failed/td-p/92340/hi... still no luck. According to the solution mentioned in this link, including certificates of two openssl command. 

 

openssl s_client -connect $(grep "server_host" /etc/cloudera-scm-agent/config.ini | sed s/server_host=//):7182 </dev/null | openssl x509 -text -noout

depth=0 C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software
verify error:num=18:self signed certificate
verify return:1
depth=0 C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software
verify return:1
139717345220416:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:ssl/record/rec_layer_s3.c:1544:SSL alert number 42
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1521762547 (0x5ab440f3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software
Validity
Not Before: Oct 15 17:51:15 2020 GMT
Not After : Jan 13 17:51:15 2021 GMT
Subject: C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:b7:4d:34:67:0e:7f:48:03:5a:1f:cc:fd:d6:
5b:9b:8a:12:13:3c:03:2b:b8:87:63:de:66:e8:6d:
66:77:e5:8d:66:3b:db:a2:7d:8d:07:21:38:8d:fb:
12:b0:e2:1a:04:9a:50:64:b7:4c:10:7d:69:1c:ce:
7a:26:27:2f:7d:b1:3a:4e:ad:6b:30:33:9b:12:59:
53:b6:08:0a:9b:70:3b:1c:0c:96:42:0e:64:cf:12:
74:fd:3c:ee:a4:25:67:e8:f5:9b:2f:62:bf:97:08:
41:c8:c3:e0:34:2c:39:87:22:02:97:34:c3:a7:ad:
87:57:5b:4f:a4:af:3b:ab:cc:ed:5c:a1:d7:5a:75:
d0:0f:ce:4a:7a:2c:d2:2d:75:f5:46:36:e6:c8:72:
9f:15:6f:88:b9:ab:03:9e:4b:27:33:41:9e:1c:09:
52:04:a5:69:81:e5:49:4c:3e:c1:4a:5f:ef:34:0c:
c8:0e:8e:5e:94:69:32:c3:26:e6:44:6d:39:1f:1f:
07:8a:fa:6e:6d:4a:29:7e:b1:7d:45:6c:57:22:a3:
b6:4e:69:81:f4:1f:49:4a:28:a1:59:2f:e1:cf:5e:
9e:c0:0f:39:ea:4f:1d:7e:27:a4:ed:97:01:16:fe:
d9:29:a5:4f:43:9d:f2:8e:7e:6c:af:74:b0:be:a5:
c5:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:A9:1F:75:3D:C7:30:93:52:B2:89:C6:3B:08:0D:E4:2D:A8:19:D1
Signature Algorithm: sha256WithRSAEncryption
1b:c6:c4:e9:84:63:58:89:17:1f:2b:a5:29:bd:17:02:45:13:
5f:48:dc:81:e2:9b:92:fc:ad:84:84:a5:60:7b:48:80:c9:0a:
46:35:96:24:be:55:fc:ea:5f:e8:74:e3:82:d9:83:07:4b:95:
e6:b1:a1:20:8a:53:2e:32:25:51:d2:b5:00:b5:69:de:7f:2c:
3b:40:fe:eb:2b:76:e7:5d:2f:54:b2:c0:22:92:24:3a:ab:46:
fd:ce:08:91:4b:89:91:b1:c1:79:a2:f7:b9:d7:bf:ff:f3:47:
e7:b6:b2:25:b2:93:42:9a:fc:3f:6d:ca:79:f2:db:e0:59:73:
02:f1:09:8e:d3:f1:79:24:a2:f3:d7:3a:52:11:1c:54:25:e4:
c7:c2:ab:17:fa:b7:7c:3a:93:89:10:9a:f1:1f:e5:28:fb:7b:
03:36:21:18:2b:71:35:9b:6e:03:72:83:f1:8e:6c:80:2b:32:
f2:fc:81:7c:cd:4b:5a:3c:fa:8a:8d:1a:2b:0b:f5:4f:31:ab:
85:d1:0e:28:86:1e:e6:79:aa:6c:15:fb:e7:7f:41:98:30:1f:
86:54:0c:c8:ca:5a:3c:fa:88:2b:03:be:78:a9:8f:8f:0e:5d:
83:4d:84:71:d2:4b:db:10:07:01:00:0c:84:76:6e:2f:88:e9:
aa:8e:06:40

==================================================================================
[root@optim-rhel72-uppu cloudera-scm-agent]#
openssl s_client -connect $(grep -v '^#' /etc/cloudera-scm-agent/config.ini | grep "server_host=" | sed s/server_host=//):7182 -CAfile $(grep -v '^#' /etc/cloudera-scm-agent/config.ini | grep "verify_cert_file=" |sed s/verify_cert_file=//) -verify_hostname $(grep -v '^#' /etc/cloudera-scm-agent/config.ini | grep "server_host=" | sed s/server_host=//)</dev/null
CONNECTED(00000004)
depth=0 C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software
verify return:1
140654616340288:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:ssl/record/rec_layer_s3.c:1544:SSL alert number 42
---
Certificate chain
0 s:C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software
i:C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDvTCCAqWgAwIBAgIEWrRA8zANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC
SU4xEjAQBgNVBAgTCUthcm5hdGFrYTESMBAGA1UEBxMJQmFuZ2Fsb3JlMQ8wDQYD
VQQKEwZVTklDT00xDjAMBgNVBAsTBU9wdGltMTYwNAYDVQQDEy1vcHRpbS1yaGVs
NzItdXBwdS5kZXZlbG9wbWVudC51bmljb20uc29mdHdhcmUwHhcNMjAxMDE1MTc1
MTE1WhcNMjEwMTEzMTc1MTE1WjCBjjELMAkGA1UEBhMCSU4xEjAQBgNVBAgTCUth
cm5hdGFrYTESMBAGA1UEBxMJQmFuZ2Fsb3JlMQ8wDQYDVQQKEwZVTklDT00xDjAM
BgNVBAsTBU9wdGltMTYwNAYDVQQDEy1vcHRpbS1yaGVsNzItdXBwdS5kZXZlbG9w
bWVudC51bmljb20uc29mdHdhcmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCtt000Zw5/SANaH8z91lubihITPAMruIdj3mbobWZ35Y1mO9uifY0HITiN
+xKw4hoEmlBkt0wQfWkcznomJy99sTpOrWswM5sSWVO2CAqbcDscDJZCDmTPEnT9
PO6kJWfo9ZsvYr+XCEHIw+A0LDmHIgKXNMOnrYdXW0+krzurzO1coddaddAPzkp6
LNItdfVGNubIcp8Vb4i5qwOeSyczQZ4cCVIEpWmB5UlMPsFKX+80DMgOjl6UaTLD
JuZEbTkfHweK+m5tSil+sX1FbFcio7ZOaYH0H0lKKKFZL+HPXp7ADznqTx1+J6Tt
lwEW/tkppU9DnfKOfmyvdLC+pcWxAgMBAAGjITAfMB0GA1UdDgQWBBRnqR91Pccw
k1KyicY7CA3kLagZ0TANBgkqhkiG9w0BAQsFAAOCAQEAG8bE6YRjWIkXHyulKb0X
AkUTX0jcgeKbkvythISlYHtIgMkKRjWWJL5V/Opf6HTjgtmDB0uV5rGhIIpTLjIl
UdK1ALVp3n8sO0D+6yt2510vVLLAIpIkOqtG/c4IkUuJkbHBeaL3ude///NH57ay
JbKTQpr8P23KefLb4FlzAvEJjtPxeSSi89c6UhEcVCXkx8KrF/q3fDqTiRCa8R/l
KPt7AzYhGCtxNZtuA3KD8Y5sgCsy8vyBfM1LWjz6io0aKwv1TzGrhdEOKIYe5nmq
bBX7539BmDAfhlQMyMpaPPqIKwO+eKmPjw5dg02EcdJL2xAHAQAMhHZuL4jpqo4G
QA==
-----END CERTIFICATE-----
subject=C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software

issuer=C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software

---
Acceptable client certificate CA names
C = US, O = Equifax Secure Inc., CN = Equifax Secure Global eBusiness CA-1
C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - EC1
C = US, O = SecureTrust Corporation, CN = SecureTrust CA
C = JP, O = SECOM Trust.net, OU = Security Communication RootCA1
C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 2 G3
C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Trusted Root G4
C = US, O = GeoTrust Inc., CN = GeoTrust Primary Certification Authority
C = JP, O = "SECOM Trust Systems CO.,LTD.", OU = Security Communication RootCA2
C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority - G2, OU = "(c) 1998 VeriSign, Inc. - For authorized use only", OU = VeriSign Trust Network
C = TW, O = "Chunghwa Telecom Co., Ltd.", OU = ePKI Root Certification Authority
C = US, O = AffirmTrust, CN = AffirmTrust Commercial
C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA
C = US, OU = www.xrampsecurity.com, O = XRamp Security Services Inc, CN = XRamp Global Certification Authority
C = FI, O = Sonera, CN = Sonera Class2 CA
C = US, O = America Online Inc., CN = America Online Root Certification Authority 1
C = US, O = GeoTrust Inc., OU = (c) 2007 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G2
C = US, O = Equifax, OU = Equifax Secure Certificate Authority
C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Certification Authority
C = US, O = Internet Security Research Group, CN = ISRG Root X1
C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
C = US, O = GeoTrust Inc., CN = GeoTrust Universal CA
OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
C = ZA, ST = Western Cape, L = Durbanville, O = Thawte, OU = Thawte Certification, CN = Thawte Timestamping CA
C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority
C = EU, O = AC Camerfirma SA CIF A82743287, OU = http://www.chambersign.org, CN = Chambers of Commerce Root
C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Hardware
C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 1999 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G3
C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Object
C = US, O = AffirmTrust, CN = AffirmTrust Networking
C = US, O = AffirmTrust, CN = AffirmTrust Premium
C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Code Signing Root
C = US, O = America Online Inc., CN = America Online Root Certification Authority 2
C = LU, O = LuxTrust s.a., CN = LuxTrust Global Root
C = US, O = GeoTrust Inc., OU = (c) 2008 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G3
C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Chambers of Commerce Root - 2008
C = CH, O = SwissSign AG, CN = SwissSign Silver CA - G2
C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G2
C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root CA
C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software
C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 3
C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G3
C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Client Authentication and Email
C = FR, O = Certplus, CN = Class 2 Primary CA
C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
C = CH, O = SwissSign AG, CN = SwissSign Platinum CA - G2
OU = GlobalSign ECC Root CA - R5, O = GlobalSign, CN = GlobalSign
C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 1999 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 2 Public Primary Certification Authority - G3
C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Root Certificate Authority - G2
C = US, O = IdenTrust, CN = IdenTrust Public Sector Root CA 1
O = Entrust.net, OU = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Certification Authority (2048)
O = TeliaSonera, CN = TeliaSonera Root CA v1
C = US, O = "thawte, Inc.", OU = Certification Services Division, OU = "(c) 2006 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA
C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 1999 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 1 Public Primary Certification Authority - G3
C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2007 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G4
C = US, O = "Entrust, Inc.", OU = www.entrust.net/CPS is incorporated by reference, OU = "(c) 2006 Entrust, Inc.", CN = Entrust Root Certification Authority
C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root G2
C = PL, O = Unizeto Sp. z o.o., CN = Certum CA
C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Qualified CA Root
O = Digital Signature Trust Co., CN = DST Root CA X3
C = NO, O = Buypass AS-983163327, CN = Buypass Class 2 Root CA
C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 EV 2009
C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root G3
C = CH, O = SwissSign AG, CN = SwissSign Gold CA - G2
C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust ECC Certification Authority
C = US, O = IdenTrust, CN = IdenTrust Commercial Root CA 1
C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 2
C = DE, O = Deutsche Telekom AG, OU = T-TeleSec Trust Center, CN = Deutsche Telekom Root CA 2
C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 2009
C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 1 G3
C = US, O = "VeriSign, Inc.", OU = Class 1 Public Primary Certification Authority
C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
C = US, O = "VeriSign, Inc.", OU = Class 2 Public Primary Certification Authority - G2, OU = "(c) 1998 VeriSign, Inc. - For authorized use only", OU = VeriSign Trust Network
OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 3
C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
C = ch, O = Swisscom, OU = Digital Certificate Services, CN = Swisscom Root CA 2
C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 3 G3
C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA
C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
C = BM, O = QuoVadis Limited, OU = Root Certification Authority, CN = QuoVadis Root Certification Authority
C = FR, O = Certplus, CN = Class 3P Primary CA
C = NO, O = Buypass AS-983163327, CN = Buypass Class 3 Root CA
C = JP, O = "SECOM Trust Systems CO.,LTD.", OU = Security Communication EV RootCA1
C = US, O = Equifax Secure Inc., CN = Equifax Secure eBusiness CA-1
C = US, O = "thawte, Inc.", OU = "(c) 2007 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA - G2
C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2008 VeriSign, Inc. - For authorized use only", CN = VeriSign Universal Root Certification Authority
C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Class 1 CA Root
OU = GlobalSign ECC Root CA - R4, O = GlobalSign, CN = GlobalSign
C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Global Chambersign Root - 2008
C = US, O = "thawte, Inc.", OU = Certification Services Division, OU = "(c) 2008 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA - G3
C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
C = US, O = GTE Corporation, OU = "GTE CyberTrust Solutions, Inc.", CN = GTE CyberTrust Global Root
C = ZA, ST = Western Cape, L = Cape Town, O = Thawte Consulting cc, OU = Certification Services Division, CN = Thawte Premium Server CA, emailAddress = premium-server@thawte.com
C = US, O = AffirmTrust, CN = AffirmTrust Premium ECC
C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2
C = US, O = "VeriSign, Inc.", OU = Class 1 Public Primary Certification Authority - G2, OU = "(c) 1998 VeriSign, Inc. - For authorized use only", OU = VeriSign Trust Network
C = FR, O = KEYNECTIS, OU = ROOT, CN = KEYNECTIS ROOT CA
C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
Shared Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 13893 bytes and written 485 bytes
Verification: OK
Verified peername: optim-rhel72-uppu.development.unicom.software
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 5F9166CED3FCFA9FCB45E702D4D6F2431A88DE484A55569FE07F85A3875A4C10
Session-ID-ctx:
Master-Key: CF878F2D7C39306F3FD3F68E821AF532EAE002246903528EAC043A8B8BEBF4CB99DAADE2876BB71F14B330254DDDDEF8
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1603364558
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---