Vielen Dank für die Bearbeitung meines Posts. Ich habe die Funktion gesucht, aber auf die schnelle nicht gefunden. Jetzt weiß ich, wie es geht.
schard Das oben ist nicht die komplette Ausgabe des openssl s_client -connect get.hacs.xyz:443 Kommandos. Warte bis das Post-Handshake Ticket kommt.
Tatsache. Hier die vollständige Ausgabe
--2022-10-03 20:06:36-- https://get.hacs.xyz/
CA-Zertifikat »/etc/ssl/certs/ca-certificates.crt« wurde geladen
Auflösen des Hostnamens get.hacs.xyz (get.hacs.xyz)… 172.67.143.44, 104.21.39.42
Verbindungsaufbau zu get.hacs.xyz (get.hacs.xyz)|172.67.143.44|:443 … verbunden.
Das ausgestellte Zertifikat ist nicht mehr gültig.
[root@alarmpi homeassistant]# date
Mo 3. Okt 20:06:41 CEST 2022
[root@alarmpi homeassistant]# openssl s_client -connect get.hacs.xyz:443
CONNECTED(00000003)
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1P5
verify return:1
depth=0 CN = *.hacs.xyz
verify return:1
---
Certificate chain
0 s:CN = *.hacs.xyz
i:C = US, O = Google Trust Services LLC, CN = GTS CA 1P5
1 s:C = US, O = Google Trust Services LLC, CN = GTS CA 1P5
i:C = US, O = Google Trust Services LLC, CN = GTS Root R1
2 s:C = US, O = Google Trust Services LLC, CN = GTS Root R1
i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFZDCCBEygAwIBAgIRAMrdlO0lxtvbDtMFTYAHaugwDQYJKoZIhvcNAQELBQAw
RjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBM
TEMxEzARBgNVBAMTCkdUUyBDQSAxUDUwHhcNMjIwOTIyMjA0NTM2WhcNMjIxMjIx
MjA0NTM1WjAVMRMwEQYDVQQDDAoqLmhhY3MueHl6MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAzTAi4QL5QF9hKbmsZgwx7eN7H0gEGlbmkqSgHE9R5X9P
ulHHrIubgBo2V/O+8jCHcSztMnrP9MBikKjDMV05l2JWlWz45IZZ26YxQNxbY9ne
JtsGW27dOenkQthr99VEbGckvaDiPewWIxxmAZFDMydJvr5ePwRxHt5XPMVdHsvX
s7lkqAqXjL/obDFtwIhZ2bIPQB+ydQsKWJU3YiIX6uT+vDumdkl6QEKHNlBUPtac
m6QpCRl33NI00DXi5RiSs5HL2tGYJ5MfsUbgSdrIczsWAzSr5UzgdOho8/RmpspL
6ZMqTZ9W7THRfzbDUCiEy6XL1UCacOfLozLDWsWIswIDAQABo4ICfDCCAngwDgYD
VR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAw
HQYDVR0OBBYEFI7aFLlSxXm2K9hrXNEWzo9gmBt4MB8GA1UdIwQYMBaAFNX8ng3f
HsrdCJeXbivFX8Ur9ey4MHgGCCsGAQUFBwEBBGwwajA1BggrBgEFBQcwAYYpaHR0
cDovL29jc3AucGtpLmdvb2cvcy9ndHMxcDUvSlFhOG5zTEJ2ZDAwMQYIKwYBBQUH
MAKGJWh0dHA6Ly9wa2kuZ29vZy9yZXBvL2NlcnRzL2d0czFwNS5kZXIwHwYDVR0R
BBgwFoIKKi5oYWNzLnh5eoIIaGFjcy54eXowIQYDVR0gBBowGDAIBgZngQwBAgEw
DAYKKwYBBAHWeQIFAzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3Jscy5wa2ku
Z29vZy9ndHMxcDUvUUNURnZXUmg2bUUuY3JsMIIBBQYKKwYBBAHWeQIEAgSB9gSB
8wDxAHYAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVdx4QAAAGDZynRagAA
BAMARzBFAiBhTvLj8MUwCtfcbCIRGMiZxMaZQsoX0pieCacuE/lAYgIhAOZdx34N
joAvJeVAbvi417nwn/5ZsprtxkRLXx7XS421AHcAQcjKsd8iRkoQxqE6CUKHXk4x
ixsD6+tLx2jwkGKWBvYAAAGDZynRwwAABAMASDBGAiEA+y9fzsOpigpFAeQE0fR+
K8pt9i0CvP1dhaCAP4Rt0pkCIQDnUfb+Y2qdCKr+8L+WA5oVyl3CCKFTg2cd22Ty
nPPLSzANBgkqhkiG9w0BAQsFAAOCAQEAPpTYyLj3R98AiSsECH7OsQpKLDBcj/Rt
ExT0ZaqOf/Af+zrayZS9G6MM3DtKcpR94v8rGYazdnZO4KRMJ1xIlaG9hwezYSSS
jWuXdsG+1o16R5iV3p8Qwoy0FiqSyYdIkzJasrMr3fT0XA4sQERhihGUwHuSMke7
jZZwm38v4g6/dBp6XApeL8psJ+SIFScrfQZ43SBdX4XorXzaMvJD6hWS/P6Ig9Nd
BnuDTxCdSQbvEn+SWkJ18Zl0v5e7/93cSl6ZachOc8K9oAwj9sHWwXdiwmijmcxP
BVhDAOrETkHlnxJMwgoFtQ+0fp6sEgFHgccLC39RfzDSf+U1FDjyFQ==
-----END CERTIFICATE-----
subject=CN = *.hacs.xyz
issuer=C = US, O = Google Trust Services LLC, CN = GTS CA 1P5
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4694 bytes and written 394 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: A73FE492FCDFC7B857FCD675F07E6B084197F9F19F3474BE2CF47530F98020A4
Session-ID-ctx:
Resumption PSK: 490BF8ED94DCBDA5B11EE79FF93161E8CEF15E8103C58C385DEF511E79D7B7FFDD8D2474C0C616D4C64F90461EECBF6D
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 64800 (seconds)
TLS session ticket:
0000 - 40 58 c9 e9 91 72 d1 e0-88 f8 75 7a 39 cd c7 f6 @X...r....uz9...
0010 - 5e 82 a5 77 4c c9 2d d1-8b cd 4d 97 71 b2 4d 29 ^..wL.-...M.q.M)
0020 - 51 6b b1 c8 10 7f c8 3d-d2 1a 7f c1 ec 43 a0 d4 Qk.....=.....C..
0030 - d6 c9 23 8a db 9d 71 2f-2b fe 5d 0d da 47 2a 14 ..#...q/+.]..G*.
0040 - 59 95 0c 5e e9 7c 36 02-d0 46 1c 8b 4e 09 96 c6 Y..^.|6..F..N...
0050 - 13 8f 31 12 46 2d 3e d7-17 67 c2 da 2e b9 18 04 ..1.F->..g......
0060 - 91 f7 f6 47 4d 81 85 90-d7 4f c4 ac 57 1b 9a 31 ...GM....O..W..1
0070 - 1a ac e6 e1 45 76 43 e8-4d 20 9b c5 05 d8 73 31 ....EvC.M ....s1
0080 - be 8f 7d f7 91 50 d5 83-fc c7 b3 16 c5 1a 8f b1 ..}..P..........
0090 - 85 48 a7 d5 e8 83 85 06-4b 2f 30 a3 e0 24 4c d6 .H......K/0..$L.
00a0 - c4 77 b2 35 e2 63 f7 6e-61 5d 3b 35 86 0e 1c 69 .w.5.c.na];5...i
00b0 - d7 e1 af dc 1b 9f 4a 2e-cd 8e f2 d6 e9 01 be ce ......J.........
Start Time: 1664820428
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: BA03F1FEE55D5F2D892674CECCAD52695EC013B4235BA0693A840BC1F7C55414
Session-ID-ctx:
Resumption PSK: 2DBE2E155F33E71B3613281A2C54B14E560C4BA296A594AE0F5D6928C83FF85C83087412C3D29AE6EBA15F400A5C715F
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 64800 (seconds)
TLS session ticket:
0000 - 40 58 c9 e9 91 72 d1 e0-88 f8 75 7a 39 cd c7 f6 @X...r....uz9...
0010 - 03 62 56 f4 34 af 9a d3-d8 da 11 53 44 69 87 b4 .bV.4......SDi..
0020 - 71 52 9b 6e 06 b3 f1 8e-a8 e7 ce cd 8a 54 58 62 qR.n.........TXb
0030 - 17 ee 03 df 0e 54 de ae-ac 1a ba 25 f8 b1 62 fb .....T.....%..b.
0040 - e4 4e be 41 45 c9 e0 65-98 89 0e e7 61 70 a3 df .N.AE..e....ap..
0050 - e1 3e 6b a9 6a 24 54 a6-24 a3 ca bf 12 9b 82 3f .>k.j$T.$......?
0060 - 28 6a 2d 82 99 0d 87 fc-53 25 73 6f 95 40 f7 9d (j-.....S%so.@..
0070 - 8e bd 72 61 b7 c5 e9 e5-0e dc 3f b7 9c e4 98 76 ..ra......?....v
0080 - 9e 5b 7e 43 3e d5 1c 3e-37 7a c6 96 ab 8d ca 3c .[~C>..>7z.....<
0090 - 14 15 b3 d1 55 26 b5 63-7f 02 14 ac 9d d4 05 08 ....U&.c........
00a0 - b8 f8 a5 91 98 97 7f 36-b1 ff c2 b8 92 29 1b 91 .......6.....)..
00b0 - 08 f5 b7 6d 4c d6 ce 6d-93 a8 83 0f be b1 71 cf ...mL..m......q.
Start Time: 1664820428
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
closed
schard Was ist deine Systemzeit? date
Die hatte ich auch schon geprüft und sie passt:
Mo 3. Okt 20:10:48 CEST 2022
Selbes Verhalten.
An meinem x86_64 Arch Linux kann ich das Problem auch nicht nachstellen. Da läuft alles wie gewünscht.