用 openssl 测试 tls 连接

以 baidu 为例，命令行为：

openssl s_client -tlsextdebug -connect baidu.com:443

得到的输出为：

CONNECTED(00000003)
TLS server extension "renegotiation info" (id=65281), len=1
0000 - 00                                                .
TLS server extension "EC point formats" (id=11), len=4
0000 - 03 00 01 02                                       ....
TLS server extension "session ticket" (id=35), len=0
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = "DigiCert, Inc.", CN = DigiCert Secure Site Pro G2 TLS CN RSA4096 SHA256 2022 CA1
verify return:1
depth=0 C = CN, ST = \E5\8C\97\E4\BA\AC\E5\B8\82, O = "BeiJing Baidu Netcom Science Technology Co., Ltd", CN = www.baidu.cn
verify return:1
---
Certificate chain
 0 s:C = CN, ST = \E5\8C\97\E4\BA\AC\E5\B8\82, O = "BeiJing Baidu Netcom Science Technology Co., Ltd", CN = www.baidu.cn
   i:C = US, O = "DigiCert, Inc.", CN = DigiCert Secure Site Pro G2 TLS CN RSA4096 SHA256 2022 CA1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Feb 12 00:00:00 2025 GMT; NotAfter: Mar  3 23:59:59 2026 GMT
 1 s:C = US, O = "DigiCert, Inc.", CN = DigiCert Secure Site Pro G2 TLS CN RSA4096 SHA256 2022 CA1
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Dec 15 00:00:00 2022 GMT; NotAfter: Dec 14 23:59:59 2032 GMT
 2 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 18 00:00:00 2024 GMT; NotAfter: Nov  9 23:59:59 2031 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIIlzCCBn+gAwIBAgIQD41nR/OhQo95k3ouSXk0KDANBgkqhkiG9w0BAQsFADBr
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQzBBBgNVBAMT
OkRpZ2lDZXJ0IFNlY3VyZSBTaXRlIFBybyBHMiBUTFMgQ04gUlNBNDA5NiBTSEEy
NTYgMjAyMiBDQTEwHhcNMjUwMjEyMDAwMDAwWhcNMjYwMzAzMjM1OTU5WjBzMQsw
CQYDVQQGEwJDTjESMBAGA1UECAwJ5YyX5Lqs5biCMTkwNwYDVQQKEzBCZWlKaW5n
IEJhaWR1IE5ldGNvbSBTY2llbmNlIFRlY2hub2xvZ3kgQ28uLCBMdGQxFTATBgNV
BAMTDHd3dy5iYWlkdS5jbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
ANugve9PaRllDOS4+X6lmki6d0pBR2xa5N5TY/2nU7asjQRoowyuD0c5d6lAoibl
z4KaeglV9yjTD/Z6kkbwmj/G5ckMdvZ1t2TH9zqrsvD4sHCJjdCfJhFm2zF4OyU3
7bnh7J0UpjcjzkIWV6ZqpYy68FNBhxYDzUwECABHzR8/x9GG8kfS2y0NDT6pu+Ky
/v+XLKbLj6OXWFdgstRKXgJ6G0fxpPhxyHjsLWLVpXMfTuGa0IvDuBAaWUpOyOp6
v2fpnNKP9VAfLpJMJsgBb7QVmYEscd0C76LPZ8QupvbtiWTKCH86UweOY0RWUh/2
L16CaKFckpz+4BgARtspVtUCAwEAAaOCBC0wggQpMB8GA1UdIwQYMBaAFOFsw5SF
b+dBL1V6M32PX7YgUDYVMB0GA1UdDgQWBBRRok2im6uS1qk+tBoyHaONJ14WKTCB
9AYDVR0RBIHsMIHpggx3d3cuYmFpZHUuY26CCGJhaWR1LmNuggliYWlkdS5jb22C
DGJhaWR1LmNvbS5jboILdy5iYWlkdS5jb22CDHd3LmJhaWR1LmNvbYIQd3d3LmJh
aWR1LmNvbS5jboIQd3d3LmJhaWR1LmNvbS5oa4IMd3d3LmJhaWR1LmhrghB3d3cu
YmFpZHUubmV0LmF1ghB3d3cuYmFpZHUubmV0LnBoghB3d3cuYmFpZHUubmV0LnR3
ghB3d3cuYmFpZHUubmV0LnZugg53d3d3LmJhaWR1LmNvbYIRd3d3dy5iYWlkdS5j
b20uY24wPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDov
L3d3dy5kaWdpY2VydC5jb20vQ1BTMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU
BggrBgEFBQcDAQYIKwYBBQUHAwIwXAYDVR0fBFUwUzBRoE+gTYZLaHR0cDovL2Ny
bC5kaWdpY2VydC5jbi9EaWdpQ2VydFNlY3VyZVNpdGVQcm9HMlRMU0NOUlNBNDA5
NlNIQTI1NjIwMjJDQTEuY3JsMIGSBggrBgEFBQcBAQSBhTCBgjAjBggrBgEFBQcw
AYYXaHR0cDovL29jc3AuZGlnaWNlcnQuY24wWwYIKwYBBQUHMAKGT2h0dHA6Ly9j
YWNlcnRzLmRpZ2ljZXJ0LmNuL0RpZ2lDZXJ0U2VjdXJlU2l0ZVByb0cyVExTQ05S
U0E0MDk2U0hBMjU2MjAyMkNBMS5jcnQwDAYDVR0TAQH/BAIwADCCAX4GCisGAQQB
1nkCBAIEggFuBIIBagFoAHYADleUvPOuqT4zGyyZB7P3kN+bwj1xMiXdIaklrGHF
TiEAAAGU+RfM4wAABAMARzBFAiBBJjCKso+A6d+o0MMRnWEpYq5dMR2DuJo6mJk+
HDIFvAIhAMtz1Ix2SIlFew3WPahi1YnH5LhZjcfMmBtWxWeeq8FtAHYAZBHEbKQS
7KeJHKICLgC8q08oB9QeNSer6v7VA8l9zfAAAAGU+RfNIAAABAMARzBFAiB6FmgL
IFKV+n4Ook6Z7ngweREUpJhRVjQQ8d4Huss9OQIhAM+HihT8LiftaPkbNUaLkOO8
FkKMSOAFL1Fi82T53fEaAHYASZybad4dfOz8Nt7Nh2SmuFuvCoeAGdFVUvvp6ynd
+MMAAAGU+RfNOQAABAMARzBFAiBf0Fj9+VSVmJIvrjVeSa/Jppcrw52PvqWOQaRS
H9OnrAIhAJvSf8uTVrt5wJV9nCLXNM9lM7KzieAedSpt1Z/m8uqEMA0GCSqGSIb3
DQEBCwUAA4ICAQBmsknr6XATyiEkC9+l6Vd1rOIoZuNnyVUXgSNe4FIeIxRgV7yK
Nua2y94uQHB5CkbCh2NIupM5fftAKBdyeTlW1eqCLsNVXTxcaR/C+NDFIsRp98r7
Izv4fFcaa5HQc86GFD4yMI3sBea2BP0ceUnEXSUMPr5vM7+6VVi2vBrgDHRTxyfr
8ZzsvYutyL04lsQFsIIJ21luAvVRIpA9UMj43Y3KMOLsQnjsoicRmLbf1FWm5M/y
kl+Os7IWwqbaILjJr9dkgDUFYTifRcVdehxirb2lafvtTm6pSBZvfdAlADvVtdPO
DopU2AePbhtmOqI3xqNtzubtPFYmH/tA7ROZwtrAsZXh2+cgdo5DA5oK1zFCuv1X
QBdDvAOdxGyZDNI4qVxmSn1XnAj4344W8GpLW3qWc5GmS75Sl2jPzUcijqqHIsLg
PKU9vfPfItlnAVLEQUZLZ1VDWcCR/rzvYXdqNHfSF2XKzY0BO+SgZ16GPf75rDlC
Qa8ZjQcaG4l5pXDdHqfUobC0lXxOFlrUuL7VbQ9xdfszctPbRWjWcRchiu/+2b/0
6vSIZwGzlvHum1/fr0jzzb1NH7+0ripdYSZpr5bkH55FiYV+TfSWvzk3iXx+QHQH
79ciq5i7ls8IId2SNzcJ6r/SqN03ukj3oOUC0Y3r+whc7f28H5jK/uf/0g==
-----END CERTIFICATE-----
subject=C = CN, ST = \E5\8C\97\E4\BA\AC\E5\B8\82, O = "BeiJing Baidu Netcom Science Technology Co., Ltd", CN = www.baidu.cn
issuer=C = US, O = "DigiCert, Inc.", CN = DigiCert Secure Site Pro G2 TLS CN RSA4096 SHA256 2022 CA1
---
No client certificate CA names sent
Peer signing digest: SHA512
Peer signature type: RSA
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 5531 bytes and written 441 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 3849D483A6AED4AE295956DBE2971B9F83C358AFBED12476C9740AD04B238194
    Session-ID-ctx: 
    Master-Key: DBD919F7F4B66A4F0628EA867E4CF1308434CEC4C43B5F1A994765BA3080ED3F4BE0F13564F2F6DE67052B671783772D
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 72000 (seconds)
    TLS session ticket:
    0000 - f3 5a 68 38 69 0a 42 7e-86 4a ba 21 56 60 9a 0e   .Zh8i.B~.J.!V`..
    0010 - 59 58 c4 70 a3 71 dc 69-9d d3 20 a4 ef 84 5a 8d   YX.p.q.i.. ...Z.
    0020 - ff 30 5f 04 64 9f 92 63-db 61 16 ab 88 85 d3 2e   .0_.d..c.a......
    0030 - 80 bc 10 19 70 bd 48 b4-48 37 5d c0 11 36 f1 8d   ....p.H.H7]..6..
    0040 - 2d d5 7b c8 78 ed ba 5c-75 e5 dc 8a f8 da b2 fb   -.{.x..\u.......
    0050 - 93 ca 00 91 72 b1 6a 58-a6 27 ed a5 18 8b e8 50   ....r.jX.'.....P
    0060 - 15 5a db 4f d2 67 8d 73-fb 3e a5 4e 3f e9 54 52   .Z.O.g.s.>.N?.TR
    0070 - b4 c6 a6 dd 15 07 24 fb-f8 60 4d 77 d1 5b e8 5c   ......$..`Mw.[.\
    0080 - bd 1c fa 9c 87 2e 35 b0-bd c0 ab 2f 05 10 01 01   ......5..../....
    0090 - 8d 42 df 3c 9d 52 a5 02-20 69 7d 48 95 f8 0e e4   .B.<.R.. i}H....
    00a0 - c7 6e ad 8d bd 1b 2b 39-89 cb 40 30 68 86 15 af   .n....+9..@0h...

    Start Time: 1747033364
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
 

下面传 sni

openssl s_client -servername sports.baidu.com  -tlsextdebug -connect baidu.com:443