openssl s_client -connect localhost:16000 -starttls mysql -trace CONNECTED(00000003) Sent Record Header: Version = TLS 1.0 (0x301) Content Type = Handshake (22) Length = 294 ClientHello, Length=290 client_version=0x303 (TLS 1.2) Random: gmt_unix_time=0x80DC8628 random_bytes (len=28): C6A5DE120C95C8211686C81A6D15225F6418C3706104CB24D85017B4 session_id (len=32): 5BA51F59459B97365ECEA600B8223CF88137B9069E46802362B36B5FBBF48532 cipher_suites (len=72) {0x13, 0x02} TLS_AES_256_GCM_SHA384 {0x13, 0x03} TLS_CHACHA20_POLY1305_SHA256 {0x13, 0x01} TLS_AES_128_GCM_SHA256 {0x13, 0x04} TLS_AES_128_CCM_SHA256 {0xC0, 0x2C} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 {0xC0, 0x30} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 {0xCC, 0xA9} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 {0xCC, 0xA8} TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 {0xC0, 0xAD} TLS_ECDHE_ECDSA_WITH_AES_256_CCM {0xC0, 0x2B} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 {0xC0, 0x2F} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 {0xC0, 0xAC} TLS_ECDHE_ECDSA_WITH_AES_128_CCM {0xC0, 0x23} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 {0xC0, 0x27} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 {0xC0, 0x0A} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA {0xC0, 0x14} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA {0xC0, 0x09} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA {0xC0, 0x13} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x9D} TLS_RSA_WITH_AES_256_GCM_SHA384 {0xC0, 0x9D} TLS_RSA_WITH_AES_256_CCM {0x00, 0x9C} TLS_RSA_WITH_AES_128_GCM_SHA256 {0xC0, 0x9C} TLS_RSA_WITH_AES_128_CCM {0x00, 0x3D} TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3C} TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x35} TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x2F} TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0x9F} TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 {0xCC, 0xAA} TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 {0xC0, 0x9F} TLS_DHE_RSA_WITH_AES_256_CCM {0x00, 0x9E} TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 {0xC0, 0x9E} TLS_DHE_RSA_WITH_AES_128_CCM {0x00, 0x6B} TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x67} TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x39} TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x33} TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV compression_methods (len=1) No Compression (0x00) extensions, length = 145 extension_type=ec_point_formats(11), length=4 uncompressed (0) ansiX962_compressed_prime (1) ansiX962_compressed_char2 (2) extension_type=supported_groups(10), length=22 ecdh_x25519 (29) secp256r1 (P-256) (23) ecdh_x448 (30) secp521r1 (P-521) (25) secp384r1 (P-384) (24) ffdhe2048 (256) ffdhe3072 (257) ffdhe4096 (258) ffdhe6144 (259) ffdhe8192 (260) extension_type=session_ticket(35), length=0 extension_type=encrypt_then_mac(22), length=0 extension_type=extended_master_secret(23), length=0 extension_type=signature_algorithms(13), length=38 ecdsa_secp256r1_sha256 (0x0403) ecdsa_secp384r1_sha384 (0x0503) ecdsa_secp521r1_sha512 (0x0603) ed25519 (0x0807) ed448 (0x0808) rsa_pss_pss_sha256 (0x0809) rsa_pss_pss_sha384 (0x080a) rsa_pss_pss_sha512 (0x080b) rsa_pss_rsae_sha256 (0x0804) rsa_pss_rsae_sha384 (0x0805) rsa_pss_rsae_sha512 (0x0806) rsa_pkcs1_sha256 (0x0401) rsa_pkcs1_sha384 (0x0501) rsa_pkcs1_sha512 (0x0601) ecdsa_sha224 (0x0303) rsa_pkcs1_sha224 (0x0301) ecdsa_sha1 (0x0203) rsa_pkcs1_sha1 (0x0201) extension_type=supported_versions(43), length=5 TLS 1.3 (772) TLS 1.2 (771) extension_type=psk_key_exchange_modes(45), length=2 psk_dhe_ke (1) extension_type=key_share(51), length=38 NamedGroup: ecdh_x25519 (29) key_exchange: (len=32): 5C6B4B9F8FB48EDF137097D4CCA120546E969B400F8684E7F39AA347A81E4031 Received Record Header: Version = TLS 1.2 (0x303) Content Type = Handshake (22) Length = 65 ServerHello, Length=61 server_version=0x303 (TLS 1.2) Random: gmt_unix_time=0x2D602227 random_bytes (len=28): 7AB299AFD9C68D852F11E73E7EEE39ECBFC83A77DC7F6F08E348AC82 session_id (len=0): cipher_suite {0xC0, 0x30} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 compression_method: No Compression (0x00) extensions, length = 21 extension_type=renegotiate(65281), length=1 extension_type=ec_point_formats(11), length=4 uncompressed (0) ansiX962_compressed_prime (1) ansiX962_compressed_char2 (2) extension_type=session_ticket(35), length=0 extension_type=extended_master_secret(23), length=0 Can't use SSL_get_servername Received Record Header: Version = TLS 1.2 (0x303) Content Type = Handshake (22) Length = 2089 Certificate, Length=2085 certificate_list, length=2082 ASN.1Cert, length=1177 ------details----- Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: CN = cacert, C = FI, ST = Helsinki, L = Helsinki, O = MariaDB Validity Not Before: Jan 27 10:11:10 2019 GMT Not After : Jan 22 10:11:10 2039 GMT Subject: C = FI, ST = "state or province within country, in other certificates in this file it is the same as L", L = "location, usually an address but often ambiguously used", O = "organization name, typically a company name", OU = "organizational unit name, a division name within an organization", CN = localhost Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:eb:7c:4f:59:f0:40:37:ed:38:b2:e8:30:69:4e: 95:c9:00:59:d1:60:3b:8a:aa:28:a1:20:40:ee:bf: 1c:f3:b0:a6:40:8e:57:a4:79:81:c9:70:9f:8c:3d: f4:5c:b0:f9:58:55:d9:62:b2:4b:69:e1:1a:73:bf: 03:0e:8b:ca:d3:0d:f2:12:ea:68:1e:b8:f5:ba:29: 02:b0:15:7f:76:52:9a:7d:ee:6d:7e:2c:f5:5a:d0: 8c:a7:c9:53:d8:8c:ce:e3:be:c7:bb:4a:ae:7c:f9: f1:6d:07:ac:3b:55:cd:83:3d:e4:ef:96:8e:a9:c9: 1c:cb:84:99:cf:37:f5:53:57:e7:94:78:97:12:04: 1f:dc:31:f8:f0:bf:7c:9b:ef:8a:25:02:1f:1b:ab: cd:f9:bd:a9:de:df:e1:3d:b2:fb:92:44:93:59:ab: f7:c2:a6:e1:05:19:49:fb:f8:02:5d:3e:d0:50:26: 5b:e3:26:ac:fb:cf:ab:f1:52:0a:12:36:16:3d:b5: 9e:12:f3:c3:69:e2:9b:89:70:b2:31:56:9a:9b:91: a4:c6:39:01:56:e4:b5:8b:35:70:4e:eb:45:1b:70: 7d:1a:52:2f:a5:37:32:80:ae:50:d0:da:4a:85:6a: 3c:66:e7:41:85:c8:3a:dd:25:d8:4c:32:85:cb:12: bc:81 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 0B:18:61:66:8F:12:44:81:60:0D:80:D6:0A:6A:9E:DE:D7:69:56:B0 X509v3 Authority Key Identifier: CA:71:99:89:F0:72:AB:75:66:BB:65:6A:03:04:72:A5:7B:95:A6:93 Signature Algorithm: sha256WithRSAEncryption Signature Value: ac:6b:15:7d:68:74:9d:ce:e2:ed:80:9c:f6:36:b5:54:8b:60: 38:d3:cd:43:5c:97:44:1b:c8:6d:73:e2:1d:6a:68:07:bf:c4: 0c:bf:ae:b9:f1:12:28:1b:07:6d:86:2e:8d:4d:1c:56:3e:e7: d7:62:a1:a2:de:9b:7b:1a:8a:b4:7f:76:f1:cf:d3:b5:b0:95: 91:ce:7e:49:45:0f:11:a6:96:6b:7b:42:07:cc:8d:28:13:d2: 30:19:5a:c3:31:16:f6:0a:9a:d7:cd:8e:6f:be:8c:aa:91:40: 68:fa:4d:ff:9f:10:d6:3d:27:27:54:f7:64:fa:7a:89:d9:67: 4b:63:2b:da:cc:95:f1:30:10:e8:5e:cd:ce:43:c9:72:ad:32: b6:06:cc:a9:02:dd:4d:9c:00:97:fc:99:80:84:bf:e3:54:5a: e8:2c:a5:b3:30:8e:30:cb:3c:5f:74:18:43:a3:42:36:53:78: 62:4f:08:56:11:80:c2:12:1a:da:70:18:10:7f:3d:15:b4:73: 29:26:69:7d:3b:ec:f8:18:01:f7:ac:c2:8f:f2:37:8d:8d:fc: 78:87:bc:d4:cb:1d:c1:14:c7:9c:3b:dc:a9:fd:e8:86:2a:32: 51:fe:8d:89:cd:6a:9d:7a:6f:0c:52:4b:b2:4d:d3:dc:02:39: 8d:2d:25:6e -----BEGIN CERTIFICATE----- MIIElTCCA32gAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQ8wDQYDVQQDDAZjYWNl cnQxCzAJBgNVBAYTAkZJMREwDwYDVQQIDAhIZWxzaW5raTERMA8GA1UEBwwISGVs c2lua2kxEDAOBgNVBAoMB01hcmlhREIwHhcNMTkwMTI3MTAxMTEwWhcNMzkwMTIy MTAxMTEwWjCCAUcxCzAJBgNVBAYTAkZJMWEwXwYDVQQIDFhzdGF0ZSBvciBwcm92 aW5jZSB3aXRoaW4gY291bnRyeSwgaW4gb3RoZXIgY2VydGlmaWNhdGVzIGluIHRo aXMgZmlsZSBpdCBpcyB0aGUgc2FtZSBhcyBMMUAwPgYDVQQHDDdsb2NhdGlvbiwg dXN1YWxseSBhbiBhZGRyZXNzIGJ1dCBvZnRlbiBhbWJpZ3VvdXNseSB1c2VkMTQw MgYDVQQKDCtvcmdhbml6YXRpb24gbmFtZSwgdHlwaWNhbGx5IGEgY29tcGFueSBu YW1lMUkwRwYDVQQLDEBvcmdhbml6YXRpb25hbCB1bml0IG5hbWUsIGEgZGl2aXNp b24gbmFtZSB3aXRoaW4gYW4gb3JnYW5pemF0aW9uMRIwEAYDVQQDDAlsb2NhbGhv c3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrfE9Z8EA37Tiy6DBp TpXJAFnRYDuKqiihIEDuvxzzsKZAjlekeYHJcJ+MPfRcsPlYVdlisktp4RpzvwMO i8rTDfIS6mgeuPW6KQKwFX92Upp97m1+LPVa0IynyVPYjM7jvse7Sq58+fFtB6w7 Vc2DPeTvlo6pyRzLhJnPN/VTV+eUeJcSBB/cMfjwv3yb74olAh8bq835vane3+E9 svuSRJNZq/fCpuEFGUn7+AJdPtBQJlvjJqz7z6vxUgoSNhY9tZ4S88Np4puJcLIx VpqbkaTGOQFW5LWLNXBO60UbcH0aUi+lNzKArlDQ2kqFajxm50GFyDrdJdhMMoXL EryBAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wg R2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQLGGFmjxJEgWANgNYKap7e 12lWsDAfBgNVHSMEGDAWgBTKcZmJ8HKrdWa7ZWoDBHKle5WmkzANBgkqhkiG9w0B AQsFAAOCAQEArGsVfWh0nc7i7YCc9ja1VItgONPNQ1yXRBvIbXPiHWpoB7/EDL+u ufESKBsHbYYujU0cVj7n12Khot6bexqKtH928c/TtbCVkc5+SUUPEaaWa3tCB8yN KBPSMBlawzEW9gqa182Ob76MqpFAaPpN/58Q1j0nJ1T3ZPp6idlnS2Mr2syV8TAQ 6F7NzkPJcq0ytgbMqQLdTZwAl/yZgIS/41Ra6CylszCOMMs8X3QYQ6NCNlN4Yk8I VhGAwhIa2nAYEH89FbRzKSZpfTvs+BgB96zCj/I3jY38eIe81MsdwRTHnDvcqf3o hioyUf6Nic1qnXpvDFJLsk3T3AI5jS0lbg== -----END CERTIFICATE----- ------------------ ASN.1Cert, length=899 ------details----- Certificate: Data: Version: 3 (0x2) Serial Number: d0:4d:23:85:ee:59:b3:fa Signature Algorithm: sha256WithRSAEncryption Issuer: CN = cacert, C = FI, ST = Helsinki, L = Helsinki, O = MariaDB Validity Not Before: Jan 27 10:11:10 2019 GMT Not After : Jan 22 10:11:10 2039 GMT Subject: CN = cacert, C = FI, ST = Helsinki, L = Helsinki, O = MariaDB Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:e8:0e:a7:84:d3:75:30:06:30:b2:10:b9:d1:88: 36:2b:5e:f8:c8:44:57:cb:67:72:ab:96:95:33:d5: 88:d1:8f:23:50:98:ba:6d:20:00:80:bd:35:d5:c1: bf:98:49:c4:0a:15:4a:34:a6:21:9b:2e:8c:15:09: f0:63:81:02:c2:7c:e2:53:e0:f7:a1:1a:40:5e:8f: 41:4a:4c:56:d4:20:f1:d5:a7:c1:53:2e:ff:7e:37: 17:cc:7e:74:bd:e2:22:33:ce:8c:77:62:a4:c5:3f: 44:35:7b:7e:b9:f5:7d:8c:7a:27:58:fd:2c:42:86: 2e:e7:6b:01:99:7b:fe:7d:a7:a1:4f:3e:39:39:54: 1f:61:de:74:66:d1:77:4f:43:1b:66:70:29:85:de: fc:8f:8e:1b:7b:a2:66:48:26:7f:9b:a6:fd:4a:e4: dc:eb:ed:bd:f8:e3:f1:57:98:13:6f:f1:a3:2a:e3: 73:bd:8d:7c:6f:4b:59:35:bc:b5:42:3e:99:a7:13: 8d:be:2e:5c:9a:c6:5b:ab:ae:bf:00:e9:c8:ee:05: 22:8e:d5:67:1a:47:9a:6d:9c:f9:42:3e:15:34:f8: 31:ec:b4:7e:d3:92:95:b0:b8:f9:66:f3:bd:1d:31: 2c:b1:90:62:a1:f8:4e:a6:5d:26:22:f0:e1:fe:16: 2b:69 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: CA:71:99:89:F0:72:AB:75:66:BB:65:6A:03:04:72:A5:7B:95:A6:93 X509v3 Authority Key Identifier: CA:71:99:89:F0:72:AB:75:66:BB:65:6A:03:04:72:A5:7B:95:A6:93 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption Signature Value: df:fd:74:29:5b:5e:9a:8b:09:02:40:59:73:cb:71:47:3f:97: 3d:a9:fd:c4:8c:01:29:c9:86:b8:71:55:ff:72:0e:50:dc:c8: b5:e6:91:41:52:47:21:30:cc:4d:e7:3b:4b:db:55:ea:7d:46: eb:53:e0:b7:1b:80:7c:b1:0c:d3:d1:bc:a0:73:ae:96:1f:fd: 05:52:7e:54:d5:03:52:69:7b:34:5f:27:d7:98:da:98:76:73: e6:bb:50:59:2a:94:90:67:03:1c:a4:76:2f:ee:ef:59:60:09: 48:33:03:2b:52:ed:83:42:f8:71:19:7f:d8:be:40:ed:20:01: 90:3c:7e:1c:8b:d2:9f:f3:2f:09:1f:50:c8:10:e1:8a:d9:a5: 49:9c:0b:74:17:b9:2b:68:f6:1e:73:c2:73:10:38:b3:35:e2: 87:91:1b:a1:d1:9b:81:9d:1b:32:cc:03:6e:4c:82:95:81:11: 42:56:e2:16:2b:22:65:db:40:2c:ca:dc:03:f4:d5:07:cf:f5: 13:b2:cf:51:5b:24:cd:c7:d1:9b:42:8e:f9:df:5d:1e:5a:09: a3:4f:a9:0b:f4:21:c5:bb:ff:02:93:67:e8:2d:ee:ab:d9:59: 76:03:2c:a1:bd:fb:dc:af:b6:82:94:71:85:53:a8:18:0d:3a: 9e:42:eb:59 -----BEGIN CERTIFICATE----- MIIDfzCCAmegAwIBAgIJANBNI4XuWbP6MA0GCSqGSIb3DQEBCwUAMFYxDzANBgNV BAMMBmNhY2VydDELMAkGA1UEBhMCRkkxETAPBgNVBAgMCEhlbHNpbmtpMREwDwYD VQQHDAhIZWxzaW5raTEQMA4GA1UECgwHTWFyaWFEQjAeFw0xOTAxMjcxMDExMTBa Fw0zOTAxMjIxMDExMTBaMFYxDzANBgNVBAMMBmNhY2VydDELMAkGA1UEBhMCRkkx ETAPBgNVBAgMCEhlbHNpbmtpMREwDwYDVQQHDAhIZWxzaW5raTEQMA4GA1UECgwH TWFyaWFEQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOgOp4TTdTAG MLIQudGINite+MhEV8tncquWlTPViNGPI1CYum0gAIC9NdXBv5hJxAoVSjSmIZsu jBUJ8GOBAsJ84lPg96EaQF6PQUpMVtQg8dWnwVMu/343F8x+dL3iIjPOjHdipMU/ RDV7frn1fYx6J1j9LEKGLudrAZl7/n2noU8+OTlUH2HedGbRd09DG2ZwKYXe/I+O G3uiZkgmf5um/Urk3Ovtvfjj8VeYE2/xoyrjc72NfG9LWTW8tUI+macTjb4uXJrG W6uuvwDpyO4FIo7VZxpHmm2c+UI+FTT4Mey0ftOSlbC4+WbzvR0xLLGQYqH4TqZd JiLw4f4WK2kCAwEAAaNQME4wHQYDVR0OBBYEFMpxmYnwcqt1ZrtlagMEcqV7laaT MB8GA1UdIwQYMBaAFMpxmYnwcqt1ZrtlagMEcqV7laaTMAwGA1UdEwQFMAMBAf8w DQYJKoZIhvcNAQELBQADggEBAN/9dClbXpqLCQJAWXPLcUc/lz2p/cSMASnJhrhx Vf9yDlDcyLXmkUFSRyEwzE3nO0vbVep9RutT4LcbgHyxDNPRvKBzrpYf/QVSflTV A1JpezRfJ9eY2ph2c+a7UFkqlJBnAxykdi/u71lgCUgzAytS7YNC+HEZf9i+QO0g AZA8fhyL0p/zLwkfUMgQ4YrZpUmcC3QXuSto9h5zwnMQOLM14oeRG6HRm4GdGzLM A25MgpWBEUJW4hYrImXbQCzK3AP01QfP9ROyz1FbJM3H0ZtCjvnfXR5aCaNPqQv0 IcW7/wKTZ+gt7qvZWXYDLKG9+9yvtoKUcYVTqBgNOp5C61k= -----END CERTIFICATE----- ------------------ depth=1 CN = cacert, C = FI, ST = Helsinki, L = Helsinki, O = MariaDB verify error:num=19:self-signed certificate in certificate chain verify return:1 depth=1 CN = cacert, C = FI, ST = Helsinki, L = Helsinki, O = MariaDB verify return:1 depth=0 C = FI, ST = "state or province within country, in other certificates in this file it is the same as L", L = "location, usually an address but often ambiguously used", O = "organization name, typically a company name", OU = "organizational unit name, a division name within an organization", CN = localhost verify return:1 Received Record Header: Version = TLS 1.2 (0x303) Content Type = Handshake (22) Length = 300 ServerKeyExchange, Length=296 KeyExchangeAlgorithm=ECDHE named_curve: ecdh_x25519 (29) point (len=32): 5794D7963C0EBB2879923E232E8CFF64CE390FDA919469254E1E513278CAB674 Signature Algorithm: rsa_pss_rsae_sha256 (0x0804) Signature (len=256): D9CAAB6B9934300B4E9297D736806799A75C3D2FC53AEE67DACFF24202D342B0E7B603EA99674F59472FB9C14CCCA953E32C96CBE3C32A9C1525EBFE345E6FAFE396C5743D0049C6C70DB9A49E601A469EFF73E83263462DEAB4E13632B90F909F2E7E1FDD395D1C4C8C9965109843952DD7DB30D52318E4ECA88D52FEF0499BD95743ED06F856F6BFF6A872B53F6B184E35051DE083A007081BBCD853F42731B6C657E3E984056C92439108955BDC61DB1403B74DE390D1DC96A2FB6E56C16453A38B2AFE4ECF64C3E3A69D4E56843FF25637CBABFB45E050EF0D02BACDFDCC69A6A3949EDC7AFAB23B99F404C4CA883A79EEDA8A05B9E8EE9A4798DC80BCDA Received Record Header: Version = TLS 1.2 (0x303) Content Type = Handshake (22) Length = 52 CertificateRequest, Length=48 certificate_types (len=3) rsa_sign (1) dss_sign (2) ecdsa_sign (64) signature_algorithms (len=40) ecdsa_secp256r1_sha256 (0x0403) ecdsa_secp384r1_sha384 (0x0503) ecdsa_secp521r1_sha512 (0x0603) ed25519 (0x0807) ed448 (0x0808) rsa_pss_pss_sha256 (0x0809) rsa_pss_pss_sha384 (0x080a) rsa_pss_pss_sha512 (0x080b) rsa_pss_rsae_sha256 (0x0804) rsa_pss_rsae_sha384 (0x0805) rsa_pss_rsae_sha512 (0x0806) rsa_pkcs1_sha256 (0x0401) rsa_pkcs1_sha384 (0x0501) rsa_pkcs1_sha512 (0x0601) ecdsa_sha224 (0x0303) rsa_pkcs1_sha224 (0x0301) dsa_sha224 (0x0302) dsa_sha256 (0x0402) dsa_sha384 (0x0502) dsa_sha512 (0x0602) certificate_authorities (len=0) Received Record Header: Version = TLS 1.2 (0x303) Content Type = Handshake (22) Length = 4 ServerHelloDone, Length=0 Sent Record Header: Version = TLS 1.2 (0x303) Content Type = Handshake (22) Length = 7 Certificate, Length=3 certificate_list, length=0 Sent Record Header: Version = TLS 1.2 (0x303) Content Type = Handshake (22) Length = 37 ClientKeyExchange, Length=33 KeyExchangeAlgorithm=ECDHE ecdh_Yc (len=32): A80DC471FEDF2A0D93A9ACB61300B15AC66397BC136BB1F2901598E91F6BE972 Sent Record Header: Version = TLS 1.2 (0x303) Content Type = ChangeCipherSpec (20) Length = 1 change_cipher_spec (1) Sent Record Header: Version = TLS 1.2 (0x303) Content Type = Handshake (22) Length = 40 Finished, Length=12 verify_data (len=12): 3C7E2E04D9AC620641977427 Received Record Header: Version = TLS 1.2 (0x303) Content Type = Handshake (22) Length = 186 NewSessionTicket, Length=182 ticket_lifetime_hint=7200 ticket (len=176): A49193CDBA6BF4E092FC837F1B627532492BB2CCF96EA9E792E0A4D0905539554E82E69CB0D56D55A903677575E0AC24382AF42A9311AA6458A019C3C33461D703813130B065AD71BAB6940C03775D5F12062AD6699C1E49A00696341FE0740E7231A961DAC6FD9BA2C9FD73B5D7426E654DC21EBDFB4FFF0C387D351527EAD7520AF17D86178EC227572B4BA4D8854866A4CC886E995F3A949ED272729CC49F867F179D87AD3642582812E783CF3CF3 Received Record Header: Version = TLS 1.2 (0x303) Content Type = ChangeCipherSpec (20) Length = 1 Received Record Header: Version = TLS 1.2 (0x303) Content Type = Handshake (22) Length = 40 Finished, Length=12 verify_data (len=12): A3D054997ABD415D238B1224 --- Certificate chain 0 s:C = FI, ST = "state or province within country, in other certificates in this file it is the same as L", L = "location, usually an address but often ambiguously used", O = "organization name, typically a company name", OU = "organizational unit name, a division name within an organization", CN = localhost i:CN = cacert, C = FI, ST = Helsinki, L = Helsinki, O = MariaDB a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Jan 27 10:11:10 2019 GMT; NotAfter: Jan 22 10:11:10 2039 GMT 1 s:CN = cacert, C = FI, ST = Helsinki, L = Helsinki, O = MariaDB i:CN = cacert, C = FI, ST = Helsinki, L = Helsinki, O = MariaDB a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Jan 27 10:11:10 2019 GMT; NotAfter: Jan 22 10:11:10 2039 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIElTCCA32gAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQ8wDQYDVQQDDAZjYWNl cnQxCzAJBgNVBAYTAkZJMREwDwYDVQQIDAhIZWxzaW5raTERMA8GA1UEBwwISGVs c2lua2kxEDAOBgNVBAoMB01hcmlhREIwHhcNMTkwMTI3MTAxMTEwWhcNMzkwMTIy MTAxMTEwWjCCAUcxCzAJBgNVBAYTAkZJMWEwXwYDVQQIDFhzdGF0ZSBvciBwcm92 aW5jZSB3aXRoaW4gY291bnRyeSwgaW4gb3RoZXIgY2VydGlmaWNhdGVzIGluIHRo aXMgZmlsZSBpdCBpcyB0aGUgc2FtZSBhcyBMMUAwPgYDVQQHDDdsb2NhdGlvbiwg dXN1YWxseSBhbiBhZGRyZXNzIGJ1dCBvZnRlbiBhbWJpZ3VvdXNseSB1c2VkMTQw MgYDVQQKDCtvcmdhbml6YXRpb24gbmFtZSwgdHlwaWNhbGx5IGEgY29tcGFueSBu YW1lMUkwRwYDVQQLDEBvcmdhbml6YXRpb25hbCB1bml0IG5hbWUsIGEgZGl2aXNp b24gbmFtZSB3aXRoaW4gYW4gb3JnYW5pemF0aW9uMRIwEAYDVQQDDAlsb2NhbGhv c3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrfE9Z8EA37Tiy6DBp TpXJAFnRYDuKqiihIEDuvxzzsKZAjlekeYHJcJ+MPfRcsPlYVdlisktp4RpzvwMO i8rTDfIS6mgeuPW6KQKwFX92Upp97m1+LPVa0IynyVPYjM7jvse7Sq58+fFtB6w7 Vc2DPeTvlo6pyRzLhJnPN/VTV+eUeJcSBB/cMfjwv3yb74olAh8bq835vane3+E9 svuSRJNZq/fCpuEFGUn7+AJdPtBQJlvjJqz7z6vxUgoSNhY9tZ4S88Np4puJcLIx VpqbkaTGOQFW5LWLNXBO60UbcH0aUi+lNzKArlDQ2kqFajxm50GFyDrdJdhMMoXL EryBAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wg R2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQLGGFmjxJEgWANgNYKap7e 12lWsDAfBgNVHSMEGDAWgBTKcZmJ8HKrdWa7ZWoDBHKle5WmkzANBgkqhkiG9w0B AQsFAAOCAQEArGsVfWh0nc7i7YCc9ja1VItgONPNQ1yXRBvIbXPiHWpoB7/EDL+u ufESKBsHbYYujU0cVj7n12Khot6bexqKtH928c/TtbCVkc5+SUUPEaaWa3tCB8yN KBPSMBlawzEW9gqa182Ob76MqpFAaPpN/58Q1j0nJ1T3ZPp6idlnS2Mr2syV8TAQ 6F7NzkPJcq0ytgbMqQLdTZwAl/yZgIS/41Ra6CylszCOMMs8X3QYQ6NCNlN4Yk8I VhGAwhIa2nAYEH89FbRzKSZpfTvs+BgB96zCj/I3jY38eIe81MsdwRTHnDvcqf3o hioyUf6Nic1qnXpvDFJLsk3T3AI5jS0lbg== -----END CERTIFICATE----- subject=C = FI, ST = "state or province within country, in other certificates in this file it is the same as L", L = "location, usually an address but often ambiguously used", O = "organization name, typically a company name", OU = "organizational unit name, a division name within an organization", CN = localhost issuer=CN = cacert, C = FI, ST = Helsinki, L = Helsinki, O = MariaDB --- No client certificate CA names sent Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512 Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 2874 bytes and written 440 bytes Verification error: self-signed certificate in certificate chain --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: C279D932C7C67B8D1F2676E1A832C18F0314C3DCB1E2BBA99F9FBFC4E20F5FB6 Session-ID-ctx: Master-Key: 83F4F6991594C999FA9F5DC2FA1D907B1CA189E362536D62F7F5A38DB009DDB2AAB680028344AC2C39990F875E443AF8 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - a4 91 93 cd ba 6b f4 e0-92 fc 83 7f 1b 62 75 32 .....k.......bu2 0010 - 49 2b b2 cc f9 6e a9 e7-92 e0 a4 d0 90 55 39 55 I+...n.......U9U 0020 - 4e 82 e6 9c b0 d5 6d 55-a9 03 67 75 75 e0 ac 24 N.....mU..guu..$ 0030 - 38 2a f4 2a 93 11 aa 64-58 a0 19 c3 c3 34 61 d7 8*.*...dX....4a. 0040 - 03 81 31 30 b0 65 ad 71-ba b6 94 0c 03 77 5d 5f ..10.e.q.....w]_ 0050 - 12 06 2a d6 69 9c 1e 49-a0 06 96 34 1f e0 74 0e ..*.i..I...4..t. 0060 - 72 31 a9 61 da c6 fd 9b-a2 c9 fd 73 b5 d7 42 6e r1.a.......s..Bn 0070 - 65 4d c2 1e bd fb 4f ff-0c 38 7d 35 15 27 ea d7 eM....O..8}5.'.. 0080 - 52 0a f1 7d 86 17 8e c2-27 57 2b 4b a4 d8 85 48 R..}....'W+K...H 0090 - 66 a4 cc 88 6e 99 5f 3a-94 9e d2 72 72 9c c4 9f f...n._:...rr... 00a0 - 86 7f 17 9d 87 ad 36 42-58 28 12 e7 83 cf 3c f3 ......6BX(....<. Start Time: 1653641275 Timeout : 7200 (sec) Verify return code: 19 (self-signed certificate in certificate chain) Extended master secret: yes --- Sent Record Header: Version = TLS 1.2 (0x303) Content Type = ApplicationData (23) Length = 25 Sent Record Header: Version = TLS 1.2 (0x303) Content Type = ApplicationData (23) Length = 25 Sent Record Header: Version = TLS 1.2 (0x303) Content Type = ApplicationData (23) Length = 25 hello Sent Record Header: Version = TLS 1.2 (0x303) Content Type = ApplicationData (23) Length = 30 Received Record Header: Version = TLS 1.2 (0x303) Content Type = ApplicationData (23) Length = 61 !��#08S01Got packets out of order Level=fatal(2), description=decode error(50) C0412826C87F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:ssl/record/rec_layer_s3.c:308: