Support Questions

Find answers, ask questions, and share your expertise

Encryption OpenSSL certificate verification failing

avatar
Explorer

Hi Experts,

 

I am badly stuck with "SSLError: certificate verify failed" and not able to move forward. I am trying to setup a system for a POC. Please help.


I am using "Cloudera Enterprise Trial 6.3.1" on RedHat 7.2.

It is a single node and trying to enable encryption with self signed certificate.

OpenSSL 1.1.1g 21 Apr 2020

 

I have followed steps from these links:

https://docs.cloudera.com/documentation/enterprise/6/6.3/topics/how_to_configure_cm_tls.html

https://docs.cloudera.com/documentation/enterprise/latest/topics/sg_self_signed_tls.html

 

openssl s_client -connect $(grep "server_host" /etc/cloudera-scm-agent/config.ini | sed s/server_host=//):7182 </dev/null | openssl x509 -text -noout

 

Output of the above command contains below error

 

139717345220416:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:ssl/record/rec_layer_s3.c:1544:SSL alert number 42

 

Not sure, what I have missed. Any help highly appreciated.

 

Thanks,

Tulasi

1 REPLY 1

avatar
Explorer

Also followed https://community.cloudera.com/t5/Support-Questions/SSLError-certificate-verify-failed/td-p/92340/hi... still no luck. According to the solution mentioned in this link, including certificates of two openssl command. 

 

openssl s_client -connect $(grep "server_host" /etc/cloudera-scm-agent/config.ini | sed s/server_host=//):7182 </dev/null | openssl x509 -text -noout

depth=0 C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software
verify error:num=18:self signed certificate
verify return:1
depth=0 C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software
verify return:1
139717345220416:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:ssl/record/rec_layer_s3.c:1544:SSL alert number 42
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1521762547 (0x5ab440f3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software
Validity
Not Before: Oct 15 17:51:15 2020 GMT
Not After : Jan 13 17:51:15 2021 GMT
Subject: C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:b7:4d:34:67:0e:7f:48:03:5a:1f:cc:fd:d6:
5b:9b:8a:12:13:3c:03:2b:b8:87:63:de:66:e8:6d:
66:77:e5:8d:66:3b:db:a2:7d:8d:07:21:38:8d:fb:
12:b0:e2:1a:04:9a:50:64:b7:4c:10:7d:69:1c:ce:
7a:26:27:2f:7d:b1:3a:4e:ad:6b:30:33:9b:12:59:
53:b6:08:0a:9b:70:3b:1c:0c:96:42:0e:64:cf:12:
74:fd:3c:ee:a4:25:67:e8:f5:9b:2f:62:bf:97:08:
41:c8:c3:e0:34:2c:39:87:22:02:97:34:c3:a7:ad:
87:57:5b:4f:a4:af:3b:ab:cc:ed:5c:a1:d7:5a:75:
d0:0f:ce:4a:7a:2c:d2:2d:75:f5:46:36:e6:c8:72:
9f:15:6f:88:b9:ab:03:9e:4b:27:33:41:9e:1c:09:
52:04:a5:69:81:e5:49:4c:3e:c1:4a:5f:ef:34:0c:
c8:0e:8e:5e:94:69:32:c3:26:e6:44:6d:39:1f:1f:
07:8a:fa:6e:6d:4a:29:7e:b1:7d:45:6c:57:22:a3:
b6:4e:69:81:f4:1f:49:4a:28:a1:59:2f:e1:cf:5e:
9e:c0:0f:39:ea:4f:1d:7e:27:a4:ed:97:01:16:fe:
d9:29:a5:4f:43:9d:f2:8e:7e:6c:af:74:b0:be:a5:
c5:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:A9:1F:75:3D:C7:30:93:52:B2:89:C6:3B:08:0D:E4:2D:A8:19:D1
Signature Algorithm: sha256WithRSAEncryption
1b:c6:c4:e9:84:63:58:89:17:1f:2b:a5:29:bd:17:02:45:13:
5f:48:dc:81:e2:9b:92:fc:ad:84:84:a5:60:7b:48:80:c9:0a:
46:35:96:24:be:55:fc:ea:5f:e8:74:e3:82:d9:83:07:4b:95:
e6:b1:a1:20:8a:53:2e:32:25:51:d2:b5:00:b5:69:de:7f:2c:
3b:40:fe:eb:2b:76:e7:5d:2f:54:b2:c0:22:92:24:3a:ab:46:
fd:ce:08:91:4b:89:91:b1:c1:79:a2:f7:b9:d7:bf:ff:f3:47:
e7:b6:b2:25:b2:93:42:9a:fc:3f:6d:ca:79:f2:db:e0:59:73:
02:f1:09:8e:d3:f1:79:24:a2:f3:d7:3a:52:11:1c:54:25:e4:
c7:c2:ab:17:fa:b7:7c:3a:93:89:10:9a:f1:1f:e5:28:fb:7b:
03:36:21:18:2b:71:35:9b:6e:03:72:83:f1:8e:6c:80:2b:32:
f2:fc:81:7c:cd:4b:5a:3c:fa:8a:8d:1a:2b:0b:f5:4f:31:ab:
85:d1:0e:28:86:1e:e6:79:aa:6c:15:fb:e7:7f:41:98:30:1f:
86:54:0c:c8:ca:5a:3c:fa:88:2b:03:be:78:a9:8f:8f:0e:5d:
83:4d:84:71:d2:4b:db:10:07:01:00:0c:84:76:6e:2f:88:e9:
aa:8e:06:40

==================================================================================
[root@optim-rhel72-uppu cloudera-scm-agent]#
openssl s_client -connect $(grep -v '^#' /etc/cloudera-scm-agent/config.ini | grep "server_host=" | sed s/server_host=//):7182 -CAfile $(grep -v '^#' /etc/cloudera-scm-agent/config.ini | grep "verify_cert_file=" |sed s/verify_cert_file=//) -verify_hostname $(grep -v '^#' /etc/cloudera-scm-agent/config.ini | grep "server_host=" | sed s/server_host=//)</dev/null
CONNECTED(00000004)
depth=0 C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software
verify return:1
140654616340288:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:ssl/record/rec_layer_s3.c:1544:SSL alert number 42
---
Certificate chain
0 s:C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software
i:C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDvTCCAqWgAwIBAgIEWrRA8zANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC
SU4xEjAQBgNVBAgTCUthcm5hdGFrYTESMBAGA1UEBxMJQmFuZ2Fsb3JlMQ8wDQYD
VQQKEwZVTklDT00xDjAMBgNVBAsTBU9wdGltMTYwNAYDVQQDEy1vcHRpbS1yaGVs
NzItdXBwdS5kZXZlbG9wbWVudC51bmljb20uc29mdHdhcmUwHhcNMjAxMDE1MTc1
MTE1WhcNMjEwMTEzMTc1MTE1WjCBjjELMAkGA1UEBhMCSU4xEjAQBgNVBAgTCUth
cm5hdGFrYTESMBAGA1UEBxMJQmFuZ2Fsb3JlMQ8wDQYDVQQKEwZVTklDT00xDjAM
BgNVBAsTBU9wdGltMTYwNAYDVQQDEy1vcHRpbS1yaGVsNzItdXBwdS5kZXZlbG9w
bWVudC51bmljb20uc29mdHdhcmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCtt000Zw5/SANaH8z91lubihITPAMruIdj3mbobWZ35Y1mO9uifY0HITiN
+xKw4hoEmlBkt0wQfWkcznomJy99sTpOrWswM5sSWVO2CAqbcDscDJZCDmTPEnT9
PO6kJWfo9ZsvYr+XCEHIw+A0LDmHIgKXNMOnrYdXW0+krzurzO1coddaddAPzkp6
LNItdfVGNubIcp8Vb4i5qwOeSyczQZ4cCVIEpWmB5UlMPsFKX+80DMgOjl6UaTLD
JuZEbTkfHweK+m5tSil+sX1FbFcio7ZOaYH0H0lKKKFZL+HPXp7ADznqTx1+J6Tt
lwEW/tkppU9DnfKOfmyvdLC+pcWxAgMBAAGjITAfMB0GA1UdDgQWBBRnqR91Pccw
k1KyicY7CA3kLagZ0TANBgkqhkiG9w0BAQsFAAOCAQEAG8bE6YRjWIkXHyulKb0X
AkUTX0jcgeKbkvythISlYHtIgMkKRjWWJL5V/Opf6HTjgtmDB0uV5rGhIIpTLjIl
UdK1ALVp3n8sO0D+6yt2510vVLLAIpIkOqtG/c4IkUuJkbHBeaL3ude///NH57ay
JbKTQpr8P23KefLb4FlzAvEJjtPxeSSi89c6UhEcVCXkx8KrF/q3fDqTiRCa8R/l
KPt7AzYhGCtxNZtuA3KD8Y5sgCsy8vyBfM1LWjz6io0aKwv1TzGrhdEOKIYe5nmq
bBX7539BmDAfhlQMyMpaPPqIKwO+eKmPjw5dg02EcdJL2xAHAQAMhHZuL4jpqo4G
QA==
-----END CERTIFICATE-----
subject=C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software

issuer=C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software

---
Acceptable client certificate CA names
C = US, O = Equifax Secure Inc., CN = Equifax Secure Global eBusiness CA-1
C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - EC1
C = US, O = SecureTrust Corporation, CN = SecureTrust CA
C = JP, O = SECOM Trust.net, OU = Security Communication RootCA1
C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 2 G3
C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Trusted Root G4
C = US, O = GeoTrust Inc., CN = GeoTrust Primary Certification Authority
C = JP, O = "SECOM Trust Systems CO.,LTD.", OU = Security Communication RootCA2
C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority - G2, OU = "(c) 1998 VeriSign, Inc. - For authorized use only", OU = VeriSign Trust Network
C = TW, O = "Chunghwa Telecom Co., Ltd.", OU = ePKI Root Certification Authority
C = US, O = AffirmTrust, CN = AffirmTrust Commercial
C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA
C = US, OU = www.xrampsecurity.com, O = XRamp Security Services Inc, CN = XRamp Global Certification Authority
C = FI, O = Sonera, CN = Sonera Class2 CA
C = US, O = America Online Inc., CN = America Online Root Certification Authority 1
C = US, O = GeoTrust Inc., OU = (c) 2007 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G2
C = US, O = Equifax, OU = Equifax Secure Certificate Authority
C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Certification Authority
C = US, O = Internet Security Research Group, CN = ISRG Root X1
C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
C = US, O = GeoTrust Inc., CN = GeoTrust Universal CA
OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
C = ZA, ST = Western Cape, L = Durbanville, O = Thawte, OU = Thawte Certification, CN = Thawte Timestamping CA
C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority
C = EU, O = AC Camerfirma SA CIF A82743287, OU = http://www.chambersign.org, CN = Chambers of Commerce Root
C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Hardware
C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 1999 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G3
C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Object
C = US, O = AffirmTrust, CN = AffirmTrust Networking
C = US, O = AffirmTrust, CN = AffirmTrust Premium
C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Code Signing Root
C = US, O = America Online Inc., CN = America Online Root Certification Authority 2
C = LU, O = LuxTrust s.a., CN = LuxTrust Global Root
C = US, O = GeoTrust Inc., OU = (c) 2008 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G3
C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Chambers of Commerce Root - 2008
C = CH, O = SwissSign AG, CN = SwissSign Silver CA - G2
C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G2
C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root CA
C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software
C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 3
C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G3
C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Client Authentication and Email
C = FR, O = Certplus, CN = Class 2 Primary CA
C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
C = CH, O = SwissSign AG, CN = SwissSign Platinum CA - G2
OU = GlobalSign ECC Root CA - R5, O = GlobalSign, CN = GlobalSign
C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 1999 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 2 Public Primary Certification Authority - G3
C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Root Certificate Authority - G2
C = US, O = IdenTrust, CN = IdenTrust Public Sector Root CA 1
O = Entrust.net, OU = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Certification Authority (2048)
O = TeliaSonera, CN = TeliaSonera Root CA v1
C = US, O = "thawte, Inc.", OU = Certification Services Division, OU = "(c) 2006 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA
C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 1999 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 1 Public Primary Certification Authority - G3
C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2007 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G4
C = US, O = "Entrust, Inc.", OU = www.entrust.net/CPS is incorporated by reference, OU = "(c) 2006 Entrust, Inc.", CN = Entrust Root Certification Authority
C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root G2
C = PL, O = Unizeto Sp. z o.o., CN = Certum CA
C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Qualified CA Root
O = Digital Signature Trust Co., CN = DST Root CA X3
C = NO, O = Buypass AS-983163327, CN = Buypass Class 2 Root CA
C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 EV 2009
C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root G3
C = CH, O = SwissSign AG, CN = SwissSign Gold CA - G2
C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust ECC Certification Authority
C = US, O = IdenTrust, CN = IdenTrust Commercial Root CA 1
C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 2
C = DE, O = Deutsche Telekom AG, OU = T-TeleSec Trust Center, CN = Deutsche Telekom Root CA 2
C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 2009
C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 1 G3
C = US, O = "VeriSign, Inc.", OU = Class 1 Public Primary Certification Authority
C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
C = US, O = "VeriSign, Inc.", OU = Class 2 Public Primary Certification Authority - G2, OU = "(c) 1998 VeriSign, Inc. - For authorized use only", OU = VeriSign Trust Network
OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 3
C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
C = ch, O = Swisscom, OU = Digital Certificate Services, CN = Swisscom Root CA 2
C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 3 G3
C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA
C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
C = BM, O = QuoVadis Limited, OU = Root Certification Authority, CN = QuoVadis Root Certification Authority
C = FR, O = Certplus, CN = Class 3P Primary CA
C = NO, O = Buypass AS-983163327, CN = Buypass Class 3 Root CA
C = JP, O = "SECOM Trust Systems CO.,LTD.", OU = Security Communication EV RootCA1
C = US, O = Equifax Secure Inc., CN = Equifax Secure eBusiness CA-1
C = US, O = "thawte, Inc.", OU = "(c) 2007 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA - G2
C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2008 VeriSign, Inc. - For authorized use only", CN = VeriSign Universal Root Certification Authority
C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Class 1 CA Root
OU = GlobalSign ECC Root CA - R4, O = GlobalSign, CN = GlobalSign
C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Global Chambersign Root - 2008
C = US, O = "thawte, Inc.", OU = Certification Services Division, OU = "(c) 2008 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA - G3
C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
C = US, O = GTE Corporation, OU = "GTE CyberTrust Solutions, Inc.", CN = GTE CyberTrust Global Root
C = ZA, ST = Western Cape, L = Cape Town, O = Thawte Consulting cc, OU = Certification Services Division, CN = Thawte Premium Server CA, emailAddress = premium-server@thawte.com
C = US, O = AffirmTrust, CN = AffirmTrust Premium ECC
C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2
C = US, O = "VeriSign, Inc.", OU = Class 1 Public Primary Certification Authority - G2, OU = "(c) 1998 VeriSign, Inc. - For authorized use only", OU = VeriSign Trust Network
C = FR, O = KEYNECTIS, OU = ROOT, CN = KEYNECTIS ROOT CA
C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
Shared Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 13893 bytes and written 485 bytes
Verification: OK
Verified peername: optim-rhel72-uppu.development.unicom.software
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 5F9166CED3FCFA9FCB45E702D4D6F2431A88DE484A55569FE07F85A3875A4C10
Session-ID-ctx:
Master-Key: CF878F2D7C39306F3FD3F68E821AF532EAE002246903528EAC043A8B8BEBF4CB99DAADE2876BB71F14B330254DDDDEF8
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1603364558
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---