Re: SSL don't work
Posted by:
Blue Phaz
Date: February 19, 2014 07:28AM
I recreated the certs with no input, but it still won't work. The result of s_server and s_client:
s_server.bat:
openssl s_server -accept 442 -cert "C:/ProgramData/MySQL/MySQL Server 5.6/ssl/server-cert.pem" -key "C:/ProgramData/MySQL/MySQL Server 5.6/ssl/server-key.pem"
pause
s_client.bat:
openssl s_client -connect 127.0.0.1:442
pause
s_server console output:
C:\Users\Administrator\Desktop>openssl s_server -accept 442 -cert "C:/ProgramDat
a/MySQL/MySQL Server 5.6/ssl/server-cert.pem" -key "C:/ProgramData/MySQL/MySQL S
erver 5.6/ssl/server-key.pem"
Loading 'screen' into random state - done
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MFUCAQECAgMDBALAMAQABDAXRm+JCub6a9TlGnjEBv6YZn7dTTR/NiVYMKvrTF2m
yeZOh30UMCzcHLrGoU6/ADahBgIEUwSwO6IEAgIBLKQGBAQBAAAA
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-R
SA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES2
56-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384
:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-A
ES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECD
H-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH
-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA
CIPHER is ECDHE-RSA-AES256-GCM-SHA384
Secure Renegotiation IS supported
s_client console output:
C:\Users\Administrator\Desktop>openssl s_client -connect 127.0.0.1:442
Loading 'screen' into random state - done
CONNECTED(000000C8)
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify return:1
---
Certificate chain
0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC/jCCAeYCAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV
BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
ZDAeFw0xNDAyMTkxMzIwNDBaFw0xNTAyMTkxMzIwNDBaMEUxCzAJBgNVBAYTAkFV
MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz
IFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTD0aPAoAg
2iUsiRF27YvRWfi7IIPl24wTsv+bQxlhVTaHCvNJtbfSCpmAvEdcENUtbDgsgyho
aXGIDIQc/N7buCK33TuFGiIe2Kw17EERiF3tZqTLdf1rJ/84jDYj+sRrZzGjV+R+
96dIDks6KMhhtgBaMdxXk9TVR7bgOlDQeO9lbDyzImu9SeJNNZmnOq3OEm0ajmTU
IJX5/j0fyRSGccxtrv5Tddw18kHDsyRGpqXT724vtRkSzTEdedhKrx5xq7qNtjQS
w6M01RiIH+hIyziJlzMd24VkTwQm45Istj1UG/gbDi1j4haOiSIgq+BLszjmaM6h
ZI+C6Cx/lYnVAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAKlFsTirg13ZFJMxKruC
OfpCqCRd27/JG2paPPI01iRGr57j3AF7Rx+anTRdbixehh94ChQq/gTqyFHFsdF1
Uc4CJefBfh9Bgka0ycfxwucPae0/+1EIMBgp2qbiKMVS2j/nuVQers0e/mX+Ezq4
waEVdxO1SuzmVR6W75u9hZUK4h7cv0m4XARZuCXONMkLvyQxHip8cDs4DE7vI+5M
T5npvGghl5nftZRetSjo8QGf+PnAqCF5WNLVV57ooyj4M67XO4MC+RSzLEYxVKLH
Mv95Fqpt/kZNWRaEwpj6H7H2vYX/zGYcR3b+KsZLGbfGIFCB7nYqIuCbh2GTt/Lz
AsA=
-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
No client certificate CA names sent
---
SSL handshake has read 1429 bytes and written 445 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 12C5FD8BD7D85087698CE16A69F253B99AC0A2ADCD0591291741D38A7B598339
Session-ID-ctx:
Master-Key: 17466F890AE6FA6BD4E51A78C406FE98667EDD4D347F36255830ABEB4C5DA6C9
E64E877D14302CDC1CBAC6A14EBF0036
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 05 51 d2 d1 81 92 78 f7-3d c5 34 9a 58 6d ae 1d .Q....x.=.4.Xm..
0010 - 1e 85 ac 9d 9f f8 57 67-8c f5 fd 53 96 0c 7f 73 ......Wg...S...s
0020 - 57 cf ba e2 d5 ae 18 33-c8 f0 0a 4b 43 0d 30 d1 W......3...KC.0.
0030 - 10 19 3c f2 06 68 68 6b-04 80 43 98 53 1a 3b b6 ..<..hhk..C.S.;.
0040 - 0f e3 3f a5 dd 96 8a 31-ee 98 d9 7e a3 b3 d4 6f ..?....1...~...o
0050 - a2 c3 f1 54 50 ef e4 2d-ab 9b 80 23 71 4d 4e 39 ...TP..-...#qMN9
0060 - b5 0f 0b 77 e5 5e 25 ee-e3 30 dc dd c9 fb f4 b0 ...w.^%..0......
0070 - be 7c 7d f7 5b 1d 43 0c-e3 12 a5 e6 13 e4 59 88 .|}.[.C.......Y.
0080 - 37 ee af d9 18 3d 6d 40-2d 56 3c 4a 59 7c c3 a7 7....=m@-V<JY|..
0090 - 17 31 ad 34 c8 98 86 1a-6e 44 07 4f e3 00 bd d7 .1.4....nD.O....
Start Time: 1392816187
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
Edited 1 time(s). Last edit at 02/19/2014 07:29AM by Blue Phaz.
Subject
Views
Written By
Posted
5046
February 06, 2014 12:44PM
2253
February 07, 2014 08:23AM
2277
February 07, 2014 09:43AM
2148
February 07, 2014 10:07AM
2808
February 13, 2014 07:13AM
2252
February 13, 2014 07:47AM
2292
February 13, 2014 08:10AM
2237
February 13, 2014 08:33AM
2442
February 13, 2014 08:49AM
2123
February 13, 2014 09:08AM
2192
February 13, 2014 09:24AM
2157
February 14, 2014 02:16AM
Re: SSL don't work
2218
February 19, 2014 07:28AM
1955
February 19, 2014 08:15AM
2696
February 19, 2014 09:17AM
1960
February 19, 2014 09:32AM
3640
February 19, 2014 09:57AM
2213
February 19, 2014 10:00AM
2655
February 20, 2014 02:40AM
2200
February 20, 2014 02:57AM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.