uy
что такое DV?
Size: a a a
2021 March 05
a6
domain validation
a6
uy
a6
uy
у меня на мыльном сервере есть сертификаты для cucomm.com и mail.cucomm.com. используется cucomm.com. сертификат заэкспайрился. я делаю certbot renew и он почему-то только про mail.cucomm.com пишет, что его мол ещё рано обновлять, а про cucomm.com ничего не пишет
a6
потому что надо было 1 сертификат выпустить для 2 доменов, altname
uy
потому что надо было 1 сертификат выпустить для 2 доменов, altname
а можно просто скопировать сертификат cucomm.com с сервера с сайтом?
a6
не прокатит, CN не будет бится с FQDN поэтому сертификат будет считатся invalid
ST
народ, а есть аналог fuse (https://github.com/s3fs-fuse/s3fs-fuse) под апачевской или митовской лицензиями?
ST
или он такой один :)
uy
не прокатит, CN не будет бится с FQDN поэтому сертификат будет считатся invalid
я в dovecot в 10-ssl.conf прописал mail.cucomm.com сертификат вместо cucomm.com, рестартанул dovecot, но
openssl s_client -showcerts -servername mail.cucomm.com -connect mail.cucomm.com:993
в CN почему-то всё равно показывает старый сертификат. не подскажешь почему?a6
народ, а есть аналог fuse (https://github.com/s3fs-fuse/s3fs-fuse) под апачевской или митовской лицензиями?
autofs ещё есть, но аналогов именно s3fs нет потому что никому это не надо, ведь уже есть Object Storage маунтилка под фусей, зачем ещё придумывать?
ST
напрягает лицензия
a6
я в dovecot в 10-ssl.conf прописал mail.cucomm.com сертификат вместо cucomm.com, рестартанул dovecot, но
openssl s_client -showcerts -servername mail.cucomm.com -connect mail.cucomm.com:993
в CN почему-то всё равно показывает старый сертификат. не подскажешь почему?полный вывод скинь
openssl s_client -connect -servername mail.cucomm.com -connect mail.cucomm.com:993
openssl s_client -connect -servername mail.cucomm.com -connect mail.cucomm.com:993
a6
(на пастебин)
uy
так ты же у себя можешь выполнить эту команду
a6
ну хз, я же не знаю что там за aclи
uy
ну хз, я же не знаю что там за aclи
openssl s_client -showcerts -servername mail.cucomm.com -connect mail.cucomm.com:993
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = cucomm.com
verify error:num=10:certificate has expired
notAfter=Mar 2 23:34:22 2021 GMT
verify return:1
depth=0 CN = cucomm.com
notAfter=Mar 2 23:34:22 2021 GMT
verify return:1
---
Certificate chain
0 s:CN = cucomm.com
i:C = US, O = Let's Encrypt, CN = R3
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISA850RFaK/ILD1/vUp3Fdrm4zMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMDEyMDIyMzM0MjJaFw0yMTAzMDIyMzM0MjJaMBUxEzARBgNVBAMT
CmN1Y29tbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD45lHm
L/SAycpqkMWKMQPbBmUk9BAOILEtx4WCLG1kTcPg0MBEWDLtFy9EuHPZGiQcrjv7
dBbEIsRZO9IIrLGJtETWqxHD/CGigGuKD3vmjCBYmX0himoBnSRqIPC+mNtTAbx7
VPiddjtQ462budID5brU9nzKeSTfIB1AasPTs5M8tt1S912AEjW1F9XPSaIFbQbF
x350Kxxfdd6135lWI9OSAXulJQMXB4VK7HeLSyqYciecGTpON2n16tzG+Nd4hwPO
AUf97gUrQyz2DSyaVpFagMPr5Jcg0vzecja+8y6jD2181bdZJsxKZR6NecvJT4ky
ukBNoSKtwrpaW0KzAgMBAAGjggJUMIICUDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
FFoG36/cmGKYyEjc/1Xw2PzZ4SwZMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYf
r52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8u
bGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCUG
A1UdEQQeMByCCmN1Y29tbS5jb22CDnd3dy5jdWNvbW0uY29tMEwGA1UdIARFMEMw
CAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j
cHMubGV0c2VuY3J5cHQub3JnMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHYAXNxD
kv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAF2JgV+SAAABAMARzBFAiB5
0ST/38ErjV0+0Gv5OgCoYI7x49EXWqcKzLbxvUwllgIhAInKlLJ03fLigc58rUPc
44/b7wLwsOOwz06+8nlTU6xhAHUA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyAL
zE7xZOMAAAF2JgV+QwAABAMARjBEAiAWXwAcvPnJWG1ko0AVvfI92MxeDg8vq5mu
wkV1LjTJnQIgByUZAxN7ZWW8gWiGp8hsSG/HLmTX7bqdZSIHgZzRbHowDQYJKoZI
hvcNAQELBQADggEBACXMG6jvklbxuNuNbi5pXLjvJfef9Ujk4KFIrT5y7r3WYzEQ
X5RAZ+jLilfiFCFRO02aTGfS+eYWiqWqyjRPTXz4ti3zU4g+7Gwh+Jhi/s28sS+t
cwaahxmfRwumsiJDEq4P5INZYGu08M3AD3H0c0OGiUgjO5iNOmuzL1V08X9qYspF
zGCkLzU/B8+ed1pknNP+kMxxjCOGdrCGhIE/tML/cpAupXbS7sOSIoy+8aPFChRN
tMKPIsIKqxlglZYd1xsqY1rXKs8gsKjw+nUlWXmR22NyYRm0PXuP+LYLd6cJNhS9
qZ7N3nSxiW22KK/JEB1iubiVnI0otgnq1kMGrjE=
-----END CERTIFICATE-----
1 s:C = US, O = Let's Encrypt, CN = R3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
-----BEGIN CERTIFICATE-----
MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFow
MjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMT
AlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLs
jVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKp
Tm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnB
U840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7
gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel
/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1R
oYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
BAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5p
ZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTE
p7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEE
AYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2Vu
Y3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0
LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYf
r52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
AQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kH
ejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8
S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfL
qjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9p
O5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2Tw
UdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==
-----END CERTIFICATE-----
---
Server certificate
subject=CN = cucomm.com
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = cucomm.com
verify error:num=10:certificate has expired
notAfter=Mar 2 23:34:22 2021 GMT
verify return:1
depth=0 CN = cucomm.com
notAfter=Mar 2 23:34:22 2021 GMT
verify return:1
---
Certificate chain
0 s:CN = cucomm.com
i:C = US, O = Let's Encrypt, CN = R3
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISA850RFaK/ILD1/vUp3Fdrm4zMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMDEyMDIyMzM0MjJaFw0yMTAzMDIyMzM0MjJaMBUxEzARBgNVBAMT
CmN1Y29tbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD45lHm
L/SAycpqkMWKMQPbBmUk9BAOILEtx4WCLG1kTcPg0MBEWDLtFy9EuHPZGiQcrjv7
dBbEIsRZO9IIrLGJtETWqxHD/CGigGuKD3vmjCBYmX0himoBnSRqIPC+mNtTAbx7
VPiddjtQ462budID5brU9nzKeSTfIB1AasPTs5M8tt1S912AEjW1F9XPSaIFbQbF
x350Kxxfdd6135lWI9OSAXulJQMXB4VK7HeLSyqYciecGTpON2n16tzG+Nd4hwPO
AUf97gUrQyz2DSyaVpFagMPr5Jcg0vzecja+8y6jD2181bdZJsxKZR6NecvJT4ky
ukBNoSKtwrpaW0KzAgMBAAGjggJUMIICUDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
FFoG36/cmGKYyEjc/1Xw2PzZ4SwZMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYf
r52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8u
bGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCUG
A1UdEQQeMByCCmN1Y29tbS5jb22CDnd3dy5jdWNvbW0uY29tMEwGA1UdIARFMEMw
CAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j
cHMubGV0c2VuY3J5cHQub3JnMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHYAXNxD
kv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAF2JgV+SAAABAMARzBFAiB5
0ST/38ErjV0+0Gv5OgCoYI7x49EXWqcKzLbxvUwllgIhAInKlLJ03fLigc58rUPc
44/b7wLwsOOwz06+8nlTU6xhAHUA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyAL
zE7xZOMAAAF2JgV+QwAABAMARjBEAiAWXwAcvPnJWG1ko0AVvfI92MxeDg8vq5mu
wkV1LjTJnQIgByUZAxN7ZWW8gWiGp8hsSG/HLmTX7bqdZSIHgZzRbHowDQYJKoZI
hvcNAQELBQADggEBACXMG6jvklbxuNuNbi5pXLjvJfef9Ujk4KFIrT5y7r3WYzEQ
X5RAZ+jLilfiFCFRO02aTGfS+eYWiqWqyjRPTXz4ti3zU4g+7Gwh+Jhi/s28sS+t
cwaahxmfRwumsiJDEq4P5INZYGu08M3AD3H0c0OGiUgjO5iNOmuzL1V08X9qYspF
zGCkLzU/B8+ed1pknNP+kMxxjCOGdrCGhIE/tML/cpAupXbS7sOSIoy+8aPFChRN
tMKPIsIKqxlglZYd1xsqY1rXKs8gsKjw+nUlWXmR22NyYRm0PXuP+LYLd6cJNhS9
qZ7N3nSxiW22KK/JEB1iubiVnI0otgnq1kMGrjE=
-----END CERTIFICATE-----
1 s:C = US, O = Let's Encrypt, CN = R3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
-----BEGIN CERTIFICATE-----
MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFow
MjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMT
AlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLs
jVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKp
Tm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnB
U840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7
gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel
/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1R
oYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
BAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5p
ZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTE
p7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEE
AYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2Vu
Y3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0
LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYf
r52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
AQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kH
ejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8
S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfL
qjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9p
O5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2Tw
UdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==
-----END CERTIFICATE-----
---
Server certificate
subject=CN = cucomm.com
uy
ну хз, я же не знаю что там за aclи
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3019 bytes and written 387 bytes
Verification error: certificate has expired
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 10 (certificate has expired)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: AA1C9047ACA0D4CCD55D44E037266F439812029AFECE66E59C66B88168DF6C26
Session-ID-ctx:
Resumption PSK: A45668879C2F7B22DD94BB10FDA012D27BE1E63E13C978FDDBE710E85F93E16FF00D95346C3DA9F9DE0EC5F3615EC82E
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 8f 47 78 1b 1e 6b 31 f7-4d f5 d2 ec dd db f1 30 .Gx..k1.M......0
0010 - 6f fd 03 13 55 29 3c e6-36 c9 cc bd 7b ba 72 79 o...U)<.6...{.ry
0020 - 3c 4c b0 43 f6 82 2f d6-6a c7 d6 52 84 cd e2 54 <L.C../.j..R...T
0030 - ae 90 42 74 b7 a3 43 48-8b a1 a7 dc b8 47 19 da ..Bt..CH.....G..
0040 - 16 dc ae fc 06 c9 e0 37-20 a3 1a e3 b6 16 74 59 .......7 .....tY
0050 - 45 6b 99 cf df af 72 f8-c5 9a 96 d7 7c 52 6a 84 Ek....r.....|Rj.
0060 - c3 19 ae 7a c3 7f 82 cf-9c 42 54 54 df 8c 70 f5 ...z.....BTT..p.
0070 - d6 92 88 9a 24 d9 b3 88-25 8b 8a 96 17 98 fa f3 ....$...%.......
0080 - 30 b1 8c 8d f0 18 11 79-4b 0a 0d 9b 1b 5c a0 9e 0......yK....\..
0090 - c0 d3 88 47 a0 e6 0e 2b-27 6c a3 c0 83 e0 9a 10 ...G...+'l......
00a0 - 8b 58 b7 ed 14 82 54 5e-12 27 23 15 08 19 ab 23 .X....T^.'#....#
00b0 - 7f ac c8 0d 2d 24 10 43-c1 71 d1 0e f4 f9 25 7d ....-$.C.q....%}
00c0 - 12 3b 1e 5b 9b 31 c5 ba-25 18 25 bd 78 2c d4 c8 .;.[.1..%.%.x,..
Start Time: 1614948735
Timeout : 7200 (sec)
Verify return code: 10 (certificate has expired)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 7C10DCCDC89B7256AE42F6449327CB2F0BDD63C4E5CB04CE7C7F59BE4936F8E2
Session-ID-ctx:
Resumption PSK: 375DF9D85770B382ECDC006E9B62462B1028A992C4F0B3C0E83D2AFC983DC75D34E1975ABE0E3DBFEA985CE0A3D9B273
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 8f 47 78 1b 1e 6b 31 f7-4d f5 d2 ec dd db f1 30 .Gx..k1.M......0
0010 - 6a 3a f3 a1 2e 82 de 75-1b 0e be a2 bf 37 73 83 j:.....u.....7s.
0020 - b3 2d 3f 14 39 53 55 ae-ff 40 48 83 4d 93 fc fb .-?.9SU..@H.M...
0030 - 4d 17 f7 ff 33 13 d5 36-8b 0e 9e 97 d8 0c 9f d3 M...3..6........
0040 - f8 46 9a 98 ce d2 c9 bd-6f 70 f3 b3 cd b0 56 80 .F......op....V.
0050 - 4f 42 5f cb d2 e9 75 82-8a 07 8a 98 05 eb 20 17 OB_...u....... .
0060 - 60 dd be 2c 5c 2c 50 8c-ee 84 c2 71 10 7a ae 83 `..,\,P....q.z..
0070 - e8 ae f9 75 0f c7 e5 d7-10 e9 2b bb 8a a8 29 fb ...u......+...).
0080 - d1 9c b8 41 0b d3 60 1d-21 36 b8 8b 4c bd 30 84 ...A..`.!6..L.0.
0090 - 84 e3 f3 82 16 c2 7b bf-f4 2c 3d 83 5b ac 2a e7 ......{..,=.[.*.
00a0 - 97 7f 73 f7 11 17 36 c2-50 c7 22 55 df c2 f2 41 ..s...6.P."U...A
00b0 - b6 e9 cc b8 8f 2f 4d b4-dd 28 c9 57 72 15 28 c7 ...../M..(.Wr.(.
00c0 - c1 ef 28 8e fc 7d fa 15-86 60 c9 19 4b 67 81 a8 ..(..}...`..Kg..
00d0 - 8b 48 d3 9f 97 f4 5a 9c-f9 b2 89 8f 33 b9 92 85 .H....Z.....3...
Start Time: 1614948735
Timeout : 7200 (sec)
Verify return code: 10 (certificate has expired)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] Dovecot (Ubuntu) ready.
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3019 bytes and written 387 bytes
Verification error: certificate has expired
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 10 (certificate has expired)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: AA1C9047ACA0D4CCD55D44E037266F439812029AFECE66E59C66B88168DF6C26
Session-ID-ctx:
Resumption PSK: A45668879C2F7B22DD94BB10FDA012D27BE1E63E13C978FDDBE710E85F93E16FF00D95346C3DA9F9DE0EC5F3615EC82E
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 8f 47 78 1b 1e 6b 31 f7-4d f5 d2 ec dd db f1 30 .Gx..k1.M......0
0010 - 6f fd 03 13 55 29 3c e6-36 c9 cc bd 7b ba 72 79 o...U)<.6...{.ry
0020 - 3c 4c b0 43 f6 82 2f d6-6a c7 d6 52 84 cd e2 54 <L.C../.j..R...T
0030 - ae 90 42 74 b7 a3 43 48-8b a1 a7 dc b8 47 19 da ..Bt..CH.....G..
0040 - 16 dc ae fc 06 c9 e0 37-20 a3 1a e3 b6 16 74 59 .......7 .....tY
0050 - 45 6b 99 cf df af 72 f8-c5 9a 96 d7 7c 52 6a 84 Ek....r.....|Rj.
0060 - c3 19 ae 7a c3 7f 82 cf-9c 42 54 54 df 8c 70 f5 ...z.....BTT..p.
0070 - d6 92 88 9a 24 d9 b3 88-25 8b 8a 96 17 98 fa f3 ....$...%.......
0080 - 30 b1 8c 8d f0 18 11 79-4b 0a 0d 9b 1b 5c a0 9e 0......yK....\..
0090 - c0 d3 88 47 a0 e6 0e 2b-27 6c a3 c0 83 e0 9a 10 ...G...+'l......
00a0 - 8b 58 b7 ed 14 82 54 5e-12 27 23 15 08 19 ab 23 .X....T^.'#....#
00b0 - 7f ac c8 0d 2d 24 10 43-c1 71 d1 0e f4 f9 25 7d ....-$.C.q....%}
00c0 - 12 3b 1e 5b 9b 31 c5 ba-25 18 25 bd 78 2c d4 c8 .;.[.1..%.%.x,..
Start Time: 1614948735
Timeout : 7200 (sec)
Verify return code: 10 (certificate has expired)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 7C10DCCDC89B7256AE42F6449327CB2F0BDD63C4E5CB04CE7C7F59BE4936F8E2
Session-ID-ctx:
Resumption PSK: 375DF9D85770B382ECDC006E9B62462B1028A992C4F0B3C0E83D2AFC983DC75D34E1975ABE0E3DBFEA985CE0A3D9B273
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 8f 47 78 1b 1e 6b 31 f7-4d f5 d2 ec dd db f1 30 .Gx..k1.M......0
0010 - 6a 3a f3 a1 2e 82 de 75-1b 0e be a2 bf 37 73 83 j:.....u.....7s.
0020 - b3 2d 3f 14 39 53 55 ae-ff 40 48 83 4d 93 fc fb .-?.9SU..@H.M...
0030 - 4d 17 f7 ff 33 13 d5 36-8b 0e 9e 97 d8 0c 9f d3 M...3..6........
0040 - f8 46 9a 98 ce d2 c9 bd-6f 70 f3 b3 cd b0 56 80 .F......op....V.
0050 - 4f 42 5f cb d2 e9 75 82-8a 07 8a 98 05 eb 20 17 OB_...u....... .
0060 - 60 dd be 2c 5c 2c 50 8c-ee 84 c2 71 10 7a ae 83 `..,\,P....q.z..
0070 - e8 ae f9 75 0f c7 e5 d7-10 e9 2b bb 8a a8 29 fb ...u......+...).
0080 - d1 9c b8 41 0b d3 60 1d-21 36 b8 8b 4c bd 30 84 ...A..`.!6..L.0.
0090 - 84 e3 f3 82 16 c2 7b bf-f4 2c 3d 83 5b ac 2a e7 ......{..,=.[.*.
00a0 - 97 7f 73 f7 11 17 36 c2-50 c7 22 55 df c2 f2 41 ..s...6.P."U...A
00b0 - b6 e9 cc b8 8f 2f 4d b4-dd 28 c9 57 72 15 28 c7 ...../M..(.Wr.(.
00c0 - c1 ef 28 8e fc 7d fa 15-86 60 c9 19 4b 67 81 a8 ..(..}...`..Kg..
00d0 - 8b 48 d3 9f 97 f4 5a 9c-f9 b2 89 8f 33 b9 92 85 .H....Z.....3...
Start Time: 1614948735
Timeout : 7200 (sec)
Verify return code: 10 (certificate has expired)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] Dovecot (Ubuntu) ready.