curl falha no handshake TLS ... às vezes

1

Estou tentando baixar o Python 3.6.5 usando o curl como parte do script pyenv para criar ambientes virtuais.

Às vezes funciona, às vezes não funciona. Eu identifiquei o comando no qual ele falha:

curl -q -o "Python-3.6.5.tar.xz" -sSLf "https://www.python.org/ftp/python/3.6.5/Python-3.6.5.tar.xz"

Como a saída ainda era medíocre para eu depurar qualquer coisa, removi o -s (silencioso), -S (usado somente com -s ) e -f (falha silenciosamente), mantendo -L ( faz com que o local fique curvo se o servidor informar que mudou de local) e adicionando -v (para saída mais detalhada).

Executando o comando diretamente na CLI, este é o resultado quando ele falha (80% do tempo, mais ou menos):

pi@raspberrypi:~ $ curl -q -v -o "Python-3.6.5.tar.xz" -L "https://www.python.org/ftp/python/3.6.5/Python-3.6.5.tar.xz"
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 2a04:4e42:9::223...
* TCP_NODELAY set
* Connected to www.python.org (2a04:4e42:9::223) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [102 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [3266 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* Unknown SSL protocol error in connection to www.python.org:443
* Curl_http_done: called premature == 1
* stopped the pause stream!
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to www.python.org:443

E este é o resultado quando é bem sucedido:

pi@raspberrypi:~ $ curl -q -v -o "test_download.tar.xz" "https://www.python.org/ftp/python/3.6.5/Python-3.6.5.tar.xz"
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 2a04:4e42:9::223...
* TCP_NODELAY set
* Connected to www.python.org (2a04:4e42:9::223) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [102 bytes data]
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [3266 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: businessCategory=Private Organization; jurisdictionC=US; jurisdictionST=Delaware; serialNumber=3359300; C=US; ST=New Hampshire; L=Wolfeboro; O=Python Software Foundation; CN=www.python.org
*  start date: Mar 28 00:00:00 2018 GMT
*  expire date: Sep 27 12:00:00 2018 GMT
*  subjectAltName: host "www.python.org" matched cert's "www.python.org"
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Extended Validation Server CA
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0xe5ee38)
} [5 bytes data]
> GET /ftp/python/3.6.5/Python-3.6.5.tar.xz HTTP/1.1
> Host: www.python.org
> User-Agent: curl/7.52.1
> Accept: */*
>
{ [5 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
} [5 bytes data]
< HTTP/2 200
< server: nginx
< content-type: application/octet-stream
< last-modified: Wed, 28 Mar 2018 10:25:17 GMT
< etag: "5abb6d8d-1042938"
< x-clacks-overhead: GNU Terry Pratchett
< via: 1.1 varnish
< accept-ranges: bytes
< date: Mon, 16 Apr 2018 07:19:46 GMT
< via: 1.1 varnish
< x-served-by: cache-iad2136-IAD, cache-ams4428-AMS
< x-cache: HIT, HIT
< x-cache-hits: 0, 0
< x-timer: S1523863187.771707,VS0,VE4
< strict-transport-security: max-age=63072000; includeSubDomains
< content-length: 17049912
<
{ [2470 bytes data]
  5 16.2M    5  959k    0     0   427k      0  0:00:38  0:00:02  0:00:36  427k^C

Minha conexão com a Internet não é muito boa, no máximo 6-7Mbps, tenho a sensação de que poderia ser o culpado por trás disso, mas eu não sou bem versado em TLS e SSL para depurar este log.

EDITAR:

Depois de executar

pi@raspberrypi:~ $ echo | openssl s_client -connect www.python.org:443

Esta foi a saída:

pi@raspberrypi:~ $ echo | openssl s_client -connect www.python.org:443
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 Extended Validation Server CA
verify return:1
depth=0 businessCategory = Private Organization, jurisdictionC = US, jurisdictionST = Delaware, serialNumber = 3359300, C = US, ST = New Hampshire, L = Wolfeboro, O = Python Software Foundation, CN = www.python.org
verify return:1
write:errno=104
---
Certificate chain
 0 s:/businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Delaware/serialNumber=3359300/C=US/ST=New Hampshire/L=Wolfeboro/O=Python Software Foundation/CN=www.python.org
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIH9zCCBt+gAwIBAgIQDEqEI45zRFWbuE0eDzGIgzANBgkqhkiG9w0BAQsFADB1
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk
IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE4MDMyODAwMDAwMFoXDTE4MDkyNzEy
MDAwMFowgdgxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYB
BAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQF
EwczMzU5MzAwMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTmV3IEhhbXBzaGlyZTES
MBAGA1UEBxMJV29sZmVib3JvMSMwIQYDVQQKExpQeXRob24gU29mdHdhcmUgRm91
bmRhdGlvbjEXMBUGA1UEAxMOd3d3LnB5dGhvbi5vcmcwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDB1LZG1YgdWTuFFzVTgBk8HYSupyva2VqB9E3NbGBC
Ys5UPHzAl+aoiV6+by9kTEyFuV6GWOm3Lmtm9MRgCbEyKOC8du4nys2iA7Po24XR
BgZT0dGoLR8b7+DUFwYTaFGFfCsJu+t02buVfeDmfh3DVRtmYvhkSff2/mZLQUDf
bB+AyDauW5jKNpTK3HEAz6VapUxNfFJ5b4dEDS3KwUw28nl7UKny2T92nge9pOtc
HVr1biJEZualZKrdRdf96soss93l2o43Ve3qnS4Bu5obPNq+Sxbr6mlTF2zpZ3Wq
n7NjODIclJIanv6R6JXUP1xYYbzm5NF3K/DcBORuW9fhAgMBAAGjggQdMIIEGTAf
BgNVHSMEGDAWgBQ901Cl1qCt7vNKYApl0yHU+PjWDzAdBgNVHQ4EFgQUaQEj0/XI
KYyyrLVN9NnYEA2n5ZAwggFCBgNVHREEggE5MIIBNYIOd3d3LnB5dGhvbi5vcmeC
D2RvY3MucHl0aG9uLm9yZ4IPYnVncy5weXRob24ub3Jngg93aWtpLnB5dGhvbi5v
cmeCDWhnLnB5dGhvbi5vcmeCD21haWwucHl0aG9uLm9yZ4IPcHlwaS5weXRob24u
b3JnghRwYWNrYWdpbmcucHl0aG9uLm9yZ4IQbG9naW4ucHl0aG9uLm9yZ4ISZGlz
Y3Vzcy5weXRob24ub3Jnggx1cy5weWNvbi5vcmeCB3B5cGkuaW+CDGRvY3MucHlw
aS5pb4IIcHlwaS5vcmeCDWRvY3MucHlwaS5vcmeCD2RvbmF0ZS5weXBpLm9yZ4IT
ZGV2Z3VpZGUucHl0aG9uLm9yZ4ITd3d3LmJ1Z3MucHl0aG9uLm9yZ4IKcHl0aG9u
Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9z
aGEyLWV2LXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0
LmNvbS9zaGEyLWV2LXNlcnZlci1nMi5jcmwwSwYDVR0gBEQwQjA3BglghkgBhv1s
AgEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
BgVngQwBATCBiAYIKwYBBQUHAQEEfDB6MCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz
cC5kaWdpY2VydC5jb20wUgYIKwYBBQUHMAKGRmh0dHA6Ly9jYWNlcnRzLmRpZ2lj
ZXJ0LmNvbS9EaWdpQ2VydFNIQTJFeHRlbmRlZFZhbGlkYXRpb25TZXJ2ZXJDQS5j
cnQwDAYDVR0TAQH/BAIwADCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2ALvZ37wf
inG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABYm2XOKQAAAQDAEcwRQIhAP8A
JukLZLaIMulwFxQHFGoreXVLx397sDgl+XPt8y6oAiBBnYbAzjXczq6hoBuqSkes
YCJ/h5uuNw/tu8OU8csbbQB1AFYUBpov18Ls0/XhvUSyPsdGdrm8mRFcwO+UmFXW
idDdAAABYm2XOKEAAAQDAEYwRAIgJXNv6y7sMRPITc3/ntSX5VIY7RPtq9y1tZhM
adthbjgCICLiyFxrsiRqUUeeBGNvte7YB4VJLhbEnahdkzkmKXBRMA0GCSqGSIb3
DQEBCwUAA4IBAQBawAzb80VNpXwfSiUqxN1QxrV5/dNfrrdnyOHGNwyucSI8k2pK
5VPkSvdCvKn+nSQ3dfpLy8w4kdDW8H4uuO5XwoIBhKyPQSypVe+Rfy7VhNhdwYX/
fhSkmQZCyCRmvkEStJ/gFr0C66INZNXmN+89nsDr+Omqd5U7JPbaJ1xOFFv2uF37
KR/9v04l7k0Ob4KkUj58Ya3Up9risok7hkCcyOtEM9mA9XQ14zhmqOXk+yPL98kB
rgypeNHNsPRv1woG60+M5kRN+yUAuYRS+6EJvvmL74+ZRFjZ1Ww9z/nqopcUpG+3
OVtSWCKzwcEQkezlB5p9dzKIQ/1oiZSAZo39
-----END CERTIFICATE-----
subject=/businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Delaware/serialNumber=3359300/C=US/ST=New Hampshire/L=Wolfeboro/O=Python Software Foundation/CN=www.python.org
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3655 bytes and written 269 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID:
    Session-ID-ctx:
    Master-Key: A764ADBD7183F8912AD3B66A345C6B25398054CC167AE505D3BF9A85E67A9DC41E333BD4A1F0CA280D214588AB21445B
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1523871129
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---

Quando eu corro pela segunda vez, a saída é ligeiramente diferente perto do fim:

pi@raspberrypi:~ $ echo | openssl s_client -connect www.python.org:443
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 Extended Validation Server CA
verify return:1
depth=0 businessCategory = Private Organization, jurisdictionC = US, jurisdictionST = Delaware, serialNumber = 3359300, C = US, ST = New Hampshire, L = Wolfeboro, O = Python Software Foundation, CN = www.python.org
verify return:1
---
Certificate chain
 0 s:/businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Delaware/serialNumber=3359300/C=US/ST=New Hampshire/L=Wolfeboro/O=Python Software Foundation/CN=www.python.org
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIH9zCCBt+gAwIBAgIQDEqEI45zRFWbuE0eDzGIgzANBgkqhkiG9w0BAQsFADB1
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk
IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE4MDMyODAwMDAwMFoXDTE4MDkyNzEy
MDAwMFowgdgxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYB
BAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQF
EwczMzU5MzAwMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTmV3IEhhbXBzaGlyZTES
MBAGA1UEBxMJV29sZmVib3JvMSMwIQYDVQQKExpQeXRob24gU29mdHdhcmUgRm91
bmRhdGlvbjEXMBUGA1UEAxMOd3d3LnB5dGhvbi5vcmcwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDB1LZG1YgdWTuFFzVTgBk8HYSupyva2VqB9E3NbGBC
Ys5UPHzAl+aoiV6+by9kTEyFuV6GWOm3Lmtm9MRgCbEyKOC8du4nys2iA7Po24XR
BgZT0dGoLR8b7+DUFwYTaFGFfCsJu+t02buVfeDmfh3DVRtmYvhkSff2/mZLQUDf
bB+AyDauW5jKNpTK3HEAz6VapUxNfFJ5b4dEDS3KwUw28nl7UKny2T92nge9pOtc
HVr1biJEZualZKrdRdf96soss93l2o43Ve3qnS4Bu5obPNq+Sxbr6mlTF2zpZ3Wq
n7NjODIclJIanv6R6JXUP1xYYbzm5NF3K/DcBORuW9fhAgMBAAGjggQdMIIEGTAf
BgNVHSMEGDAWgBQ901Cl1qCt7vNKYApl0yHU+PjWDzAdBgNVHQ4EFgQUaQEj0/XI
KYyyrLVN9NnYEA2n5ZAwggFCBgNVHREEggE5MIIBNYIOd3d3LnB5dGhvbi5vcmeC
D2RvY3MucHl0aG9uLm9yZ4IPYnVncy5weXRob24ub3Jngg93aWtpLnB5dGhvbi5v
cmeCDWhnLnB5dGhvbi5vcmeCD21haWwucHl0aG9uLm9yZ4IPcHlwaS5weXRob24u
b3JnghRwYWNrYWdpbmcucHl0aG9uLm9yZ4IQbG9naW4ucHl0aG9uLm9yZ4ISZGlz
Y3Vzcy5weXRob24ub3Jnggx1cy5weWNvbi5vcmeCB3B5cGkuaW+CDGRvY3MucHlw
aS5pb4IIcHlwaS5vcmeCDWRvY3MucHlwaS5vcmeCD2RvbmF0ZS5weXBpLm9yZ4IT
ZGV2Z3VpZGUucHl0aG9uLm9yZ4ITd3d3LmJ1Z3MucHl0aG9uLm9yZ4IKcHl0aG9u
Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9z
aGEyLWV2LXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0
LmNvbS9zaGEyLWV2LXNlcnZlci1nMi5jcmwwSwYDVR0gBEQwQjA3BglghkgBhv1s
AgEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAH
BgVngQwBATCBiAYIKwYBBQUHAQEEfDB6MCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz
cC5kaWdpY2VydC5jb20wUgYIKwYBBQUHMAKGRmh0dHA6Ly9jYWNlcnRzLmRpZ2lj
ZXJ0LmNvbS9EaWdpQ2VydFNIQTJFeHRlbmRlZFZhbGlkYXRpb25TZXJ2ZXJDQS5j
cnQwDAYDVR0TAQH/BAIwADCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2ALvZ37wf
inG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABYm2XOKQAAAQDAEcwRQIhAP8A
JukLZLaIMulwFxQHFGoreXVLx397sDgl+XPt8y6oAiBBnYbAzjXczq6hoBuqSkes
YCJ/h5uuNw/tu8OU8csbbQB1AFYUBpov18Ls0/XhvUSyPsdGdrm8mRFcwO+UmFXW
idDdAAABYm2XOKEAAAQDAEYwRAIgJXNv6y7sMRPITc3/ntSX5VIY7RPtq9y1tZhM
adthbjgCICLiyFxrsiRqUUeeBGNvte7YB4VJLhbEnahdkzkmKXBRMA0GCSqGSIb3
DQEBCwUAA4IBAQBawAzb80VNpXwfSiUqxN1QxrV5/dNfrrdnyOHGNwyucSI8k2pK
5VPkSvdCvKn+nSQ3dfpLy8w4kdDW8H4uuO5XwoIBhKyPQSypVe+Rfy7VhNhdwYX/
fhSkmQZCyCRmvkEStJ/gFr0C66INZNXmN+89nsDr+Omqd5U7JPbaJ1xOFFv2uF37
KR/9v04l7k0Ob4KkUj58Ya3Up9risok7hkCcyOtEM9mA9XQ14zhmqOXk+yPL98kB
rgypeNHNsPRv1woG60+M5kRN+yUAuYRS+6EJvvmL74+ZRFjZ1Ww9z/nqopcUpG+3
OVtSWCKzwcEQkezlB5p9dzKIQ/1oiZSAZo39
-----END CERTIFICATE-----
subject=/businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Delaware/serialNumber=3359300/C=US/ST=New Hampshire/L=Wolfeboro/O=Python Software Foundation/CN=www.python.org
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3881 bytes and written 269 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: C64538246CB0B38EBA9A3E9E05D34110CA5A32AE168E6C875989B6FDCFBFA103
    Session-ID-ctx:
    Master-Key: 9D31A94F4E3C2A6FCE02973428F9EB07C38F50A17793760484A97FF89819EE5AE7D859CE06062D63CE8F0C4DBD41B635
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 21 52 ed 0b a1 2a c0 8e-5e 50 a4 07 78 85 ea 05   !R...*..^P..x...
    0010 - 52 6e de 9e cf 11 ac 33-a5 65 03 c7 ad 3f 7e 8f   Rn.....3.e...?~.
    0020 - 09 ca e2 65 3c af 51 41-22 31 07 bd 0e b8 9d 41   ...e<.QA"1.....A
    0030 - 1b be 92 8d fa fd f3 a8-9b 59 73 ea 7c 5e 7e a3   .........Ys.|^~.
    0040 - f0 7d d5 42 7b 34 cc c3-7a 49 fc 08 d7 32 41 69   .}.B{4..zI...2Ai
    0050 - f6 87 b9 dc 7e 7b 66 19-f3 9a d8 2c e5 88 de 95   ....~{f....,....
    0060 - 24 9e 3f 5a 61 4f 5d c5-eb 81 34 80 91 93 bb 45   $.?ZaO]...4....E
    0070 - ad 4a 99 46 de 89 a8 2f-4d 13 a1 89 5c 0c 76 14   .J.F.../M...\.v.
    0080 - 8c 58 5f d2 25 cb ea 84-6a 52 dd 37 70 19 1e c0   .X_.%...jR.7p...
    0090 - d0 b7 40 cf 30 f4 19 a1-74 4d 03 c6 a2 e1 12 85   [email protected]......

    Start Time: 1523871744
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---
DONE

Pelo que eu vi, a primeira diferença notável foi aqui, na primeira e segunda vez que eu executei o comando, respectivamente:

SSL handshake has read 3655 bytes and written 269 bytes
SSL handshake has read 3881 bytes and written 269 bytes
    
por rmarques 16.04.2018 / 09:52

0 respostas

Tags