Hecho, ya respondí!
Esta sección te permite ver todos los mensajes escritos por este usuario. Ten en cuenta que sólo puedes ver los mensajes escritos en zonas a las que tienes acceso en este momento.
Mostrar Mensajes MenúSSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
Citar# Disable SSLv3 Support for POODLE Attacks and insecure methods.
# SSLProtocol all -SSLv3 -SSLv2
# SSLHonorCipherOrder on
# SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
Cita de: 54My000 en 16 Mayo 2016, 18:27 PM
Hola me interesaria saber si puedo poner un servidor FTP en una maquina virtual
[root@xxx ~]# ssldump -k /etc/letsencrypt/live/xxx/privkey.pem -i eth0 -d -P port 443
New TCP connection #1: 199.15.233.162(51212) <-> xxx(443)
1 1 0.0387 (0.0387) C>S Handshake
ClientHello
Version 3.3
cipher suites
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_DHE_DSS_WITH_SEED_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
compression methods
NULL
1 2 0.0459 (0.0072) S>C Handshake
ServerHello
Version 3.3
session_id[0]=
cipherSuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
compressionMethod NULL
1 3 0.0459 (0.0000) S>C Handshake
Certificate
1 4 0.0459 (0.0000) S>C Handshake
ServerKeyExchange
Not enough data. Found 327 bytes (expecting 32767)
1 5 0.0459 (0.0000) S>C Handshake
ServerHelloDone
1 6 0.0877 (0.0417) C>S Handshake
ClientKeyExchange
Not enough data. Found 64 bytes (expecting 16384)
1 7 0.0877 (0.0000) C>S ChangeCipherSpec
1 8 0.0877 (0.0000) C>S Handshake
1 9 0.0885 (0.0007) S>C Handshake
1 10 0.0885 (0.0000) S>C ChangeCipherSpec
1 11 0.0885 (0.0000) S>C Handshake
1 12 0.1272 (0.0387) C>S application_data
1 13 0.2662 (0.1390) S>C application_data
1 14 0.2663 (0.0000) S>C application_data
1 15 0.2663 (0.0000) S>C application_data
1 16 0.3049 (0.0385) S>C application_data
1 17 0.3049 (0.0000) S>C application_data
1 18 0.3050 (0.0001) S>C application_data
New TCP connection #2: 181-23-73-114.speedy.com.ar(42350) <-> xxx(443)
Citartshark -i eth0 -f 'tcp port 443' -Y 'http.request' -T fields -E separator="|" -e http.host -e ip.src -e http.request.method -e http.request.uri -e http.user_agent -o 'ssl.desegment_ssl_records: TRUE' -o 'ssl.desegment_ssl_application_data: TRUE' -o 'ssl.keys_list: zzz,443,http,/etc/letsencrypt/live/xxx/privkey.pem'
[root@xxx ~]# cat /var/log/https-post.log
Wireshark SSL debug log
Private key imported: KeyID 22:2a:73:...
ssl_load_key: swapping p and q parameters and recomputing u
ssl_init IPv4 addr 'zzz' (zzz) port '443' filename '/etc/letsencrypt/live/xxx/privkey.pem' password(only for p12 file) ''
ssl_init private key file /etc/letsencrypt/live/xxx/privkey.pem successfully loaded.
association_add TCP port 443 protocol http handle 0x7f0d0ed95bb0
dissect_ssl enter frame #1 (first time)
ssl_session_init: initializing ptr 0x7f0d01269410 size 696
conversation = 0x7f0d012690e8, ssl_session = 0x7f0d01269410
record: offset = 0, reported_length_remaining = 2840
dissect_ssl3_record found version 0x0303(TLS 1.2) -> state 0x10
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 704, ssl state 0x10
association_find: TCP port 443 found 0x7f0d0f88b200
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 0x7f0d0f88b200
record: offset = 709, reported_length_remaining = 2131
need_desegmentation: offset = 709, reported_length_remaining = 2131
dissect_ssl enter frame #3 (first time)
conversation = 0x7f0d012690e8, ssl_session = 0x7f0d01269410
record: offset = 0, reported_length_remaining = 6917
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 6912, ssl state 0x10
association_find: TCP port 443 found 0x7f0d0f88b200
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 0x7f0d0f88b200
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
[root@xxx ~]# openssl x509 -noout -modulus -in /etc/letsencrypt/live/xxx/cert.pem | openssl md5
(stdin)= bbbbbb
[root@xxx ~]# openssl rsa -noout -modulus -in /etc/letsencrypt/live/xxx/privkey.pem | openssl md5
(stdin)= bbbbbb
# ssldump -k /etc/letsencrypt/live/site/privkey.pem -i eth0 -d -P port 443
# ll
total 4
lrwxrwxrwx 1 root root 48 abr 28 14:21 cert.pem
lrwxrwxrwx 1 root root 49 abr 28 14:21 chain.pem
lrwxrwxrwx 1 root root 53 abr 28 14:21 fullchain.pem
lrwxrwxrwx 1 root root 51 abr 28 14:21 privkey.pem