C/S中单向认证大致流程

C/S中双向认证大致流程

使用命令生成各自的私钥和证书

客户端：

openssl req -newkey rsa:512 -nodes -keyout client.key -x509 -days 5 -out client.crt

服务器端：

openssl req -newkey rsa:512 -nodes -keyout server.key -x509 -days 5 -out server.crt

测试一下：

google@ubuntu1404:~/workspace/openssl/server$ openssl s_server -accept 2020 -key server.key -cert server.crt
Using default temp DH parameters
error setting certificate
140273329796928:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: DH PARAMETERS
140273329796928:error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small:ssl/ssl_rsa.c:310:

结果出现了问题，貌似是在产生私钥时给的值太小了，那就删掉原来的文件，把原来的客户端和服务器端的值都改大一点吧！改成1024试一下看看

openssl req -newkey rsa:1024 -nodes -keyout server.key -x509 -days 5 -out server.crt
openssl req -newkey rsa:1024 -nodes -keyout client.key -x509 -days 5 -out client.crt

填写好生成证书的信息之后
服务器端输入openssl s_server -accept 2020 -key server.key -cert server.crt
客户端输入openssl s_client -connect localhost:2020 -cert client.crt -key client.key

双向认证测试结果

连上后服务器端输入hello world!结果如下：

google@ubuntu1404:~/workspace/openssl/server$ openssl s_server -accept 2020 -key server.key -cert server.crt
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MH0CAQECAgMEBAITAgQgi7VOIMA4IwKdDQPAGKfZYIAaQF166qiWfYxrBMmFPZUE
MLGAyyYryR9kChTPG6Z3rgSKHC7nVoXHIhEnNtLBcXdv9Azjmb0Jb1CoVcvqknNa
PaEGAgRfB9mAogQCAhwgpAYEBAEAAACuBgIEZSqe7A==
-----END SSL SESSION PARAMETERS-----
Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:ECDSA+SHA1:RSA+SHA224:RSA+SHA1:DSA+SHA224:DSA+SHA1:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:ECDSA+SHA1:RSA+SHA224:RSA+SHA1
Supported Elliptic Groups: X25519:P-256:X448:P-521:P-384
Shared Elliptic groups: X25519:P-256:X448:P-521:P-384
CIPHER is TLS_AES_256_GCM_SHA384
Secure Renegotiation IS supported
hello world!

在客户端显示结果如下：

google@ubuntu1404:~/workspace/test/client$ openssl s_client -connect localhost:2020 -cert client.crt -key client.key
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 C = 12, ST = 12, L = 12, O = 12, OU = 121, CN = 2, emailAddress = 12
verify error:num=18:self signed certificate
verify return:1
depth=0 C = 12, ST = 12, L = 12, O = 12, OU = 121, CN = 2, emailAddress = 12
verify return:1
---
Certificate chain0 s:C = 12, ST = 12, L = 12, O = 12, OU = 121, CN = 2, emailAddress = 12i:C = 12, ST = 12, L = 12, O = 12, OU = 121, CN = 2, emailAddress = 12
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICnjCCAgegAwIBAgIUFfstl/lR6ZuQGMoYxUJN5ejwPSUwDQYJKoZIhvcNAQEL
BQAwYTELMAkGA1UEBhMCMTIxCzAJBgNVBAgMAjEyMQswCQYDVQQHDAIxMjELMAkG
A1UECgwCMTIxDDAKBgNVBAsMAzEyMTEKMAgGA1UEAwwBMjERMA8GCSqGSIb3DQEJ
ARYCMTIwHhcNMjAwNzEwMDI1NjE1WhcNMjAwNzE1MDI1NjE1WjBhMQswCQYDVQQG
EwIxMjELMAkGA1UECAwCMTIxCzAJBgNVBAcMAjEyMQswCQYDVQQKDAIxMjEMMAoG
A1UECwwDMTIxMQowCAYDVQQDDAEyMREwDwYJKoZIhvcNAQkBFgIxMjCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAqnONVTCk1wGB7MBIehqgolR93JIYlIMg+upN
ctAtdcqCojz8rWD2bd18D9KL5vPS+VS4/MeFuqST/fZNR7Ax5ooX3y00VUdol7Z1
QxLTwafoou3uAuv4ExPdHA0GXmNodudJ1FSKFj8ronTSs1RaUQT347aTp5QzkojC
MwXTLmsCAwEAAaNTMFEwHQYDVR0OBBYEFCf/7ZDNmd41ZBKc7pqW82yz1/jzMB8G
A1UdIwQYMBaAFCf/7ZDNmd41ZBKc7pqW82yz1/jzMA8GA1UdEwEB/wQFMAMBAf8w
DQYJKoZIhvcNAQELBQADgYEAZmfHiMphOeiCm6RKVRJx2+08kabW9KKa+kH0XUaY
J1y1P2yZmV/Wq6T+SKLpXTEesqfxrQkVfOCsie1GVZP9WvDFGCRr84IgWh8atLMv
839d344ZtqATCZ6RfC9tTl74AmTtNjlAWZxey0Wd9GvOcIWhaVKp5g3Qc9Dmfzpv
dY4=
-----END CERTIFICATE-----
subject=C = 12, ST = 12, L = 12, O = 12, OU = 121, CN = 2, emailAddress = 12issuer=C = 12, ST = 12, L = 12, O = 12, OU = 121, CN = 2, emailAddress = 12---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1102 bytes and written 373 bytes
Verification error: self signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self signed certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:Protocol  : TLSv1.3Cipher    : TLS_AES_256_GCM_SHA384Session-ID: F8A32282B336576A86CAB8E8BC6FA0EDB5984C7C2454287F6792563FBBB5BD1ESession-ID-ctx: Resumption PSK: FF703E0C67C7BC8CD48393BCBA13223F70AB67ECB78A008C94F8B04F1BD6CCCCAEB5148F49D2A402784D269C924960E2PSK identity: NonePSK identity hint: NoneSRP username: NoneTLS session ticket lifetime hint: 7200 (seconds)TLS session ticket:0000 - 35 b2 1c ea 7e 51 96 41-4e 88 7b 99 bf 98 fe ce   5...~Q.AN.{.....0010 - 9c ac f0 d2 04 bb bb 95-75 bf 4b f7 a5 91 b2 ed   ........u.K.....0020 - 74 3f 54 d6 ba c2 f6 5f-07 50 7c ce 92 ec ea d3   t?T...._.P|.....0030 - 3d 80 12 ab 37 da 80 bf-de 23 79 88 c3 fe 75 dd   =...7....#y...u.0040 - 0b 09 0b 71 fc 05 32 1b-f5 4e 24 03 6c 6b be 30   ...q..2..N$.lk.00050 - 1e 21 02 e4 79 76 87 b4-24 3f 38 23 5f 65 ca 8b   .!..yv..$?8#_e..0060 - d4 40 32 91 d7 b6 85 3c-b7 a8 c2 a8 f1 f8 46 90   .@2....<......F.0070 - 8d 14 c9 19 32 7e 5d 91-67 7e 1b 6a fc 25 7f d5   ....2~].g~.j.%..0080 - d4 54 88 b5 bf 80 5f 98-c3 fb 8d fb 9b 11 51 b2   .T...._.......Q.0090 - 76 87 c6 30 f9 dd bc 29-18 2d 77 d0 e9 8a c4 1c   v..0...).-w.....00a0 - 79 57 8f f7 0a 2b 45 a2-af 6a e8 ed a9 71 d9 1a   yW...+E..j...q..00b0 - e9 4c 00 c3 af 55 7f c5-ea e6 21 79 06 c1 17 e2   .L...U....!y....00c0 - 51 fd 13 1f 86 23 3b 4a-83 ef cd ca f2 58 03 f7   Q....#;J.....X..Start Time: 1594350907Timeout   : 7200 (sec)Verify return code: 18 (self signed certificate)Extended master secret: noMax Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:Protocol  : TLSv1.3Cipher    : TLS_AES_256_GCM_SHA384Session-ID: D6A0BFC0E2A25C3FC3727B67723A048261942DCAA417B935E3D6A4877B6C552BSession-ID-ctx: Resumption PSK: 54BBD1FB31F49E9B554E260474049F9BFA31648106BBC4E46BC2D6273C00E454F78AFB37A02DE2FE614552FB380CFD63PSK identity: NonePSK identity hint: NoneSRP username: NoneTLS session ticket lifetime hint: 7200 (seconds)TLS session ticket:0000 - 35 b2 1c ea 7e 51 96 41-4e 88 7b 99 bf 98 fe ce   5...~Q.AN.{.....0010 - 0f b3 9e 27 43 3a e3 f7-70 e2 f7 79 f0 3a dc 60   ...'C:..p..y.:.`0020 - f1 35 61 c9 ac 31 5b d2-e3 89 56 98 c8 77 a7 cf   .5a..1[...V..w..0030 - 1d 39 c3 ba 67 49 3b ec-da e0 22 84 c5 c0 6f 96   .9..gI;..."...o.0040 - 1b 6e 17 b4 cd 50 51 26-f1 a7 88 32 49 c6 76 3c   .n...PQ&...2I.v<0050 - 73 5a 70 9e 23 91 6f 91-ea 83 45 cb fe cb 07 7c   sZp.#.o...E....|0060 - 10 6c 6b 2d f8 02 f4 e4-f2 10 58 b8 7c 6f 62 a0   .lk-......X.|ob.0070 - d4 59 82 c4 54 f7 94 b0-ca b8 32 e3 34 59 84 32   .Y..T.....2.4Y.20080 - 2f da 66 31 06 0c dd e2-ca d7 50 2b 6c 00 d8 01   /.f1......P+l...0090 - 23 a7 af b9 bf e2 e6 24-41 fd fe a1 ad f1 34 96   #......$A.....4.00a0 - cb 44 b9 89 67 3c bd a1-c7 e8 c7 0b 48 f6 15 31   .D..g<......H..100b0 - 65 03 eb eb b9 b0 6e f9-1e c5 39 ed ac 87 ac 7a   e.....n...9....z00c0 - ed 8f ea 24 b6 f6 62 a3-37 8c c1 0f ea 28 7b 41   ...$..b.7....({AStart Time: 1594350907Timeout   : 7200 (sec)Verify return code: 18 (self signed certificate)Extended master secret: noMax Early Data: 0
---
read R BLOCK
hello world!

好了双向认证成功了！

单向认证测试结果

服务器端输入openssl s_server -accept 2020 -key server.key -cert server.crt
客户端输入openssl s_client -connect localhost:2020
连上后服务器端输入hello world!结果如下：

google@ubuntu1404:~/workspace/openssl/server$ openssl s_server -accept 2020 -key server.key -cert server.crt
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MH4CAQECAgMEBAITAgQg6MN1pjhacTJ/ijwV2gvpytlE9bxjLgTYRI1G5XTsh3IE
MLxDbU0tZkzKY3rJva1tABWPVq+4xa3Qzo69aTUuOAwiM0vvGCswUgUtakdO/t62
3aEGAgRfB97WogQCAhwgpAYEBAEAAACuBwIFANs4vlg=
-----END SSL SESSION PARAMETERS-----
Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:ECDSA+SHA1:RSA+SHA224:RSA+SHA1:DSA+SHA224:DSA+SHA1:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:ECDSA+SHA1:RSA+SHA224:RSA+SHA1
Supported Elliptic Groups: X25519:P-256:X448:P-521:P-384
Shared Elliptic groups: X25519:P-256:X448:P-521:P-384
CIPHER is TLS_AES_256_GCM_SHA384
Secure Renegotiation IS supported
hello world!

客户端：

google@ubuntu1404:~/workspace/test/client$ openssl s_client -connect localhost:2020
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 C = 12, ST = 12, L = 12, O = 12, OU = 121, CN = 2, emailAddress = 12
verify error:num=18:self signed certificate
verify return:1
depth=0 C = 12, ST = 12, L = 12, O = 12, OU = 121, CN = 2, emailAddress = 12
verify return:1
---
Certificate chain0 s:C = 12, ST = 12, L = 12, O = 12, OU = 121, CN = 2, emailAddress = 12i:C = 12, ST = 12, L = 12, O = 12, OU = 121, CN = 2, emailAddress = 12
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICnjCCAgegAwIBAgIUFfstl/lR6ZuQGMoYxUJN5ejwPSUwDQYJKoZIhvcNAQEL
BQAwYTELMAkGA1UEBhMCMTIxCzAJBgNVBAgMAjEyMQswCQYDVQQHDAIxMjELMAkG
A1UECgwCMTIxDDAKBgNVBAsMAzEyMTEKMAgGA1UEAwwBMjERMA8GCSqGSIb3DQEJ
ARYCMTIwHhcNMjAwNzEwMDI1NjE1WhcNMjAwNzE1MDI1NjE1WjBhMQswCQYDVQQG
EwIxMjELMAkGA1UECAwCMTIxCzAJBgNVBAcMAjEyMQswCQYDVQQKDAIxMjEMMAoG
A1UECwwDMTIxMQowCAYDVQQDDAEyMREwDwYJKoZIhvcNAQkBFgIxMjCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAqnONVTCk1wGB7MBIehqgolR93JIYlIMg+upN
ctAtdcqCojz8rWD2bd18D9KL5vPS+VS4/MeFuqST/fZNR7Ax5ooX3y00VUdol7Z1
QxLTwafoou3uAuv4ExPdHA0GXmNodudJ1FSKFj8ronTSs1RaUQT347aTp5QzkojC
MwXTLmsCAwEAAaNTMFEwHQYDVR0OBBYEFCf/7ZDNmd41ZBKc7pqW82yz1/jzMB8G
A1UdIwQYMBaAFCf/7ZDNmd41ZBKc7pqW82yz1/jzMA8GA1UdEwEB/wQFMAMBAf8w
DQYJKoZIhvcNAQELBQADgYEAZmfHiMphOeiCm6RKVRJx2+08kabW9KKa+kH0XUaY
J1y1P2yZmV/Wq6T+SKLpXTEesqfxrQkVfOCsie1GVZP9WvDFGCRr84IgWh8atLMv
839d344ZtqATCZ6RfC9tTl74AmTtNjlAWZxey0Wd9GvOcIWhaVKp5g3Qc9Dmfzpv
dY4=
-----END CERTIFICATE-----
subject=C = 12, ST = 12, L = 12, O = 12, OU = 121, CN = 2, emailAddress = 12issuer=C = 12, ST = 12, L = 12, O = 12, OU = 121, CN = 2, emailAddress = 12---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1102 bytes and written 373 bytes
Verification error: self signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self signed certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:Protocol  : TLSv1.3Cipher    : TLS_AES_256_GCM_SHA384Session-ID: D7A22DBF1AD765BF5D4ECB21CC9EF5200731FAA21F44A13333DE296C6089D77DSession-ID-ctx: Resumption PSK: 0861E43EC64B80978A063BFE01E911FECF38EADA7F8CF99A8993A5459C9DE26687CCD233CDD2A55F3192EFC0F325A302PSK identity: NonePSK identity hint: NoneSRP username: NoneTLS session ticket lifetime hint: 7200 (seconds)TLS session ticket:0000 - 07 f4 d5 34 9b 8b 6b 50-e5 47 99 5b c8 a5 be e3   ...4..kP.G.[....0010 - 8f 85 8b 8b df 02 27 16-58 02 ee 2c 26 0c ae 22   ......'.X..,&.."0020 - 7e 1d 29 9c bc 37 fc 54-94 ae da cb 53 70 5d cc   ~.)..7.T....Sp].0030 - 2e 0f 94 6b 17 be d7 36-26 41 d3 d9 68 dd aa ff   ...k...6&A..h...0040 - b3 39 de a3 1d da c3 51-4f 95 35 0c 69 1e f4 be   .9.....QO.5.i...0050 - 91 10 e5 88 e9 ee f4 3b-97 83 10 e9 22 fa 37 b9   .......;....".7.0060 - 1b 70 a7 72 80 be e1 ff-07 0a 3c f2 6c a7 90 69   .p.r......<.l..i0070 - 4f f2 1d 2f c2 5d b2 ee-30 e0 5c 0c 6b ad f1 a2   O../.]..0.\.k...0080 - 51 c3 38 f6 3c 98 21 f6-eb 4f 38 a9 36 80 5f 66   Q.8.<.!..O8.6._f0090 - d6 59 24 85 70 e1 f3 45-da 04 7a 0c 64 3d c6 d7   .Y$.p..E..z.d=..00a0 - d2 99 31 00 aa 6e 4b 87-5b f4 1b 81 4d aa b2 ce   ..1..nK.[...M...00b0 - 41 1c 59 f5 e3 9c 40 c0-40 67 c9 fe 2b 62 06 cd   A.Y...@.@g..+b..Start Time: 1594351318Timeout   : 7200 (sec)Verify return code: 18 (self signed certificate)Extended master secret: noMax Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:Protocol  : TLSv1.3Cipher    : TLS_AES_256_GCM_SHA384Session-ID: DFF8E82B51E0EDDD3D814E28B0CC9947307AD2E3DB188C8C58A129C8AFB58065Session-ID-ctx: Resumption PSK: BC436D4D2D664CCA637AC9BDAD6D00158F56AFB8C5ADD0CE8EBD69352E380C22334BEF182B3052052D6A474EFEDEB6DDPSK identity: NonePSK identity hint: NoneSRP username: NoneTLS session ticket lifetime hint: 7200 (seconds)TLS session ticket:0000 - 07 f4 d5 34 9b 8b 6b 50-e5 47 99 5b c8 a5 be e3   ...4..kP.G.[....0010 - 3f eb 6d 01 29 e6 16 ea-38 5a ad 57 ba 39 bf a7   ?.m.)...8Z.W.9..0020 - de 1b 01 7d 2f 02 09 80-eb 36 a5 5e 7d cd 56 57   ...}/....6.^}.VW0030 - ac 78 e6 f3 30 1a 7c 2a-bf e0 20 7e d3 17 be 86   .x..0.|*.. ~....0040 - 5d 64 a5 aa 19 9f b8 66-e5 a1 42 fc d7 30 a6 b2   ]d.....f..B..0..0050 - 12 f0 f2 96 94 a5 75 4f-4b 25 6c 58 58 fe 5d f2   ......uOK%lXX.].0060 - 80 96 f9 4c 6a 7d 33 ed-2b 04 89 08 d0 e3 fd 1b   ...Lj}3.+.......0070 - 8e a4 b8 a9 12 73 5c f5-da a4 4e 95 a9 5c e6 75   .....s\...N..\.u0080 - 1b e4 92 10 7f 4d c2 a6-08 4b fe 03 35 b0 55 00   .....M...K..5.U.0090 - a4 3f 59 8c 32 13 a9 b7-9f de 71 bf 07 0b 79 a2   .?Y.2.....q...y.00a0 - e3 d3 97 40 f4 d6 93 16-38 07 59 4c 8f e5 99 ed   ...@....8.YL....00b0 - 31 2b 9e bc 9b 26 fb bd-6b ec ed 69 2c 4c 95 45   1+...&..k..i,L.E00c0 - c8 ea 86 17 12 44 60 e5-55 b0 26 a2 3f 44 a3 07   .....D`.U.&.?D..Start Time: 1594351318Timeout   : 7200 (sec)Verify return code: 18 (self signed certificate)Extended master secret: noMax Early Data: 0
---
read R BLOCK
hello world!

单向认证测试成功！