search

globus / globus-cli

A command line interface to Globus
https://docs.globus.org/cli
Apache License 2.0
74 stars 21 forks source link

GlobusConnectionError with curl SSL_ERROR_SYSCALL using globus login #746

Closed rgreen13 closed 1 year ago

rgreen13 commented 1 year ago

I'd like to use the CLI to transfers files directly to my server for processing.

I issue the command globus -v login

I get the results:

error_type:       GlobusConnectionError
message:          ConnectionError on request

Running curl https://auth.globus.org/p/whoami, I get

 curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to auth.globus.org:443

Not sure if there are any thoughts. I had seen something similar at https://github.com/globus/globus-cli/issues/552, but that is now closed.

kurtmckee commented 1 year ago

Hello! I'm not able to reproduce on my side (neither the globus -v login nor the curl commands are showing SSL errors).

As a first step, I'd like to confirm the following:

  1. What host is auth.globus.org resolving to?
  2. What version of Globus CLI is installed?
  3. What version of curl and OpenSSL are installed?
  4. Is there a firewall that's blocking HTTPS access?

Would you run the following commands and paste the output here?

nslookup auth.globus.org
globus version --verbose
curl --version

nslookup google.com
curl https://www.google.com --verbose --output /dev/null
rgreen13 commented 1 year ago

Results below: nslookup auth.globus.org

Server:     129.1.2.2
Address:    129.1.2.2#53

Non-authoritative answer:
Name:   auth.globus.org
Address: 54.156.19.195
Name:   auth.globus.org
Address: 34.195.221.129
Server:     129.1.2.2
Address:    129.1.2.2#53

Non-authoritative answer:
Name:   auth.globus.org
Address: 54.156.19.195
Name:   auth.globus.org
Address: 34.195.221.129

globus version --verbose

Installed version:  3.10.1
Latest version:     3.10.1

You are running the latest version of the Globus CLI

Verbose Data
---
platform:
  platform: Linux-4.18.0-240.22.1.el8_3.x86_64-x86_64-with-glibc2.28
  py_implementation: CPython
  py_version: 3.9.7
  sys.executable: /opt/intel/oneapi/intelpython/latest/bin/python
  site.USER_BASE: /home/greenr/.local
modules:
  globus_cli:
    __version__: 3.10.1
    __file__: /home/greenr/.local/lib/python3.9/site-packages/globus_cli/__init__.py
    __path__: ['/home/greenr/.local/lib/python3.9/site-packages/globus_cli']
  globus_sdk:
    __version__: 3.15.0
    __file__: /home/greenr/.local/lib/python3.9/site-packages/globus_sdk/__init__.py
    __path__: ['/home/greenr/.local/lib/python3.9/site-packages/globus_sdk']
  requests:
    __version__: 2.25.1
    __file__: /opt/intel/oneapi/intelpython/latest/lib/python3.9/site-packages/requests/__init__.py
    __path__: ['/opt/intel/oneapi/intelpython/latest/lib/python3.9/site-packages/requests']

curl --version

curl 7.61.1 (x86_64-redhat-linux-gnu) libcurl/7.61.1 OpenSSL/1.1.1g zlib/1.2.11 brotli/1.0.6 libidn2/2.2.0 libpsl/0.20.2 (+libidn2/2.2.0) libssh/0.9.4/openssl/zlib nghttp2/1.33.0
Release-Date: 2018-09-05
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz brotli TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL Metalink

nsloookup google.com

Address:    129.1.2.2#53

Non-authoritative answer:
Name:   google.com
Address: 172.217.0.174
Name:   google.com
Address: 2607:f8b0:4009:80a::200e

curl https://www.google.com --verbose --output /dev/null

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 142.250.190.132...
* TCP_NODELAY set
* Connected to www.google.com (142.250.190.132) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [15 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [4003 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [79 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=www.google.com
*  start date: Dec 12 08:19:43 2022 GMT
*  expire date: Mar  6 08:19:42 2023 GMT
*  subjectAltName: host "www.google.com" matched cert's "www.google.com"
*  issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* TLSv1.3 (OUT), TLS app data, [no content] (0):
} [1 bytes data]
* TLSv1.3 (OUT), TLS app data, [no content] (0):
} [1 bytes data]
* TLSv1.3 (OUT), TLS app data, [no content] (0):
} [1 bytes data]
* Using Stream ID: 1 (easy handle 0x559bee6264c0)
} [5 bytes data]
* TLSv1.3 (OUT), TLS app data, [no content] (0):
} [1 bytes data]
> GET / HTTP/2
> Host: www.google.com
> User-Agent: curl/7.61.1
> Accept: */*
> 
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [282 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [282 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
} [5 bytes data]
* TLSv1.3 (OUT), TLS app data, [no content] (0):
} [1 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
< HTTP/2 200 
< date: Thu, 19 Jan 2023 16:30:43 GMT
< expires: -1
< cache-control: private, max-age=0
< content-type: text/html; charset=ISO-8859-1
< cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="gws"
< report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
< p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
< server: gws
< x-xss-protection: 0
< x-frame-options: SAMEORIGIN
< set-cookie: 1P_JAR=2023-01-19-16; expires=Sat, 18-Feb-2023 16:30:43 GMT; path=/; domain=.google.com; Secure
< set-cookie: AEC=ARSKqsIiIvbqGoYyyuoTxfDFBtvmqAViP9lH8hRSZM4mU20k4BFa3KWlr1o; expires=Tue, 18-Jul-2023 16:30:43 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
< set-cookie: NID=511=KEMOd5CwEuOxmp0D3GIydPOm6st5TZdieb9ZiQrRSa6FB90A6-7putgiqbdwfpJqK3CCRiItPV1933l_QEojksdgtA1f_FyAhZyjgn6-cz2AUzh4YnLvp8oOsK_zHhcfFqcGWv0-1hZAbz22pyRmQDA7yTvJWfyk2Xwv-rtTEQc; expires=Fri, 21-Jul-2023 16:30:43 GMT; path=/; domain=.google.com; HttpOnly
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
< accept-ranges: none
< vary: Accept-Encoding
< 
{ [5 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
100 14102    0 14102    0     0   132k      0 --:--:-- --:--:-- --:--:--  132k
* Connection #0 to host www.google.com left intact

curl https://auth.globus.org --verbose --output /dev/null

* Rebuilt URL to: https://auth.globus.org/
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 34.195.221.129...
* TCP_NODELAY set
* Connected to auth.globus.org (34.195.221.129) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to auth.globus.org:443 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to auth.globus.org:443
kurtmckee commented 1 year ago

Thanks for this output!

Would you double-check the output from curl --version? I had been anticipating one additional line that would show the curl version, and the version of various libraries (including OpenSSL) on the system. If you're using a Debian-based system, this command should also work to get that information:

apt show curl openssl
rgreen13 commented 1 year ago

I believe I accidentally entered it incorrectly above. I've fixed it.

curl 7.61.1 (x86_64-redhat-linux-gnu) libcurl/7.61.1 OpenSSL/1.1.1g zlib/1.2.11 brotli/1.0.6 libidn2/2.2.0 libpsl/0.20.2 (+libidn2/2.2.0) libssh/0.9.4/openssl/zlib nghttp2/1.33.0
Release-Date: 2018-09-05
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz brotli TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL Metalink
kurtmckee commented 1 year ago

Thanks! I'm reviewing this now.

kurtmckee commented 1 year ago

I haven't found an incompatibility between the TLS settings on auth.globus.org and OpenSSL 1.1.1g. Would you additionally run this command and paste the output here?

openssl s_client -connect auth.globus.org:443 -msg

I'm anticipating that it won't connect properly, but if you might reach a point where output ends and the program waits for you to type something, then hit CTRL+C.

rgreen13 commented 1 year ago

The output is...

CONNECTED(00000003)
>>> ??? [length 0005]
    16 03 01 01 38
>>> TLS 1.3, Handshake [length 0138], ClientHello
    01 00 01 34 03 03 92 6f 3a 5d f4 82 97 e1 17 bd
    d1 ab 2e d3 63 57 2e a5 1f 9b 25 35 ec e0 e6 e4
    57 24 14 a2 bc f1 20 c8 29 fa c0 78 31 b0 9c f3
    86 47 a8 93 82 0c 4d ff 40 14 70 9b d2 b2 02 4b
    fb 11 33 1b 07 f8 f5 00 3e 13 02 13 03 13 01 c0
    2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00
    9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0
    14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00
    3c 00 35 00 2f 00 ff 01 00 00 ad 00 00 00 14 00
    12 00 00 0f 61 75 74 68 2e 67 6c 6f 62 75 73 2e
    6f 72 67 00 0b 00 04 03 00 01 02 00 0a 00 0c 00
    0a 00 1d 00 17 00 1e 00 19 00 18 00 23 00 00 00
    16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 05
    03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08
    05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02
    01 03 02 02 02 04 02 05 02 06 02 00 2b 00 09 08
    03 04 03 03 03 02 03 01 00 2d 00 02 01 01 00 33
    00 26 00 24 00 1d 00 20 ce 49 33 3d a6 e8 bc d8
    08 76 6b 3e 91 f4 b5 22 2e ae 78 3e f8 2a f8 87
    26 27 45 04 6f b0 ed 51
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 317 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
kurtmckee commented 1 year ago

Thank you!

I need to confirm with the Globus Auth team, but I don't think that auth.globus.org currently supports TLS 1.3. An SSL report I looked at earlier showed that it only supported TLS 1.2. This line is therefore unexpected:

>>> TLS 1.3, Handshake [length 0138], ClientHello

What system or you using? Mac/Ubuntu/Red Hat/...? Are you aware of a firewall, or antivirus software, or a proxy that might be protecting or monitoring outbound connections?

rgreen13 commented 1 year ago

Thanks for pointing me this way. I'm running on RedHat. I'm not aware that any firewall would be forcing TLS 1.3, but I'll be looking into it.

kurtmckee commented 1 year ago

You might try that same OpenSSL connect command, but try to force TLS 1.2. You might also try specifying one of the auth.globus.org IP addresses directly. Would you paste the output of these two commands:

openssl s_client -connect auth.globus.org:443 -msg -tls1_2
openssl s_client -connect 34.195.221.129:443 -msg -tls1_2

I'm not yet convinced that the connection attempts are successfully reaching auth.globus.org, but I'm hoping to establish a differential diagnosis for what's going on.

Thanks for all your work to run these commands and paste the output!

rgreen13 commented 1 year ago

The output of them are 

CONNECTED(00000003)
>>> ??? [length 0005]
    16 03 01 00 d5
>>> TLS 1.2, Handshake [length 00d5], ClientHello
    01 00 00 d1 03 03 a8 1e 28 eb 6f b8 6d 9c e1 3c
    64 29 fd 0c 02 71 69 ea 09 d7 29 d0 38 99 a4 e8
    94 13 93 31 46 60 00 00 38 c0 2c c0 30 00 9f cc
    a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00
    6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0
    13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00
    ff 01 00 00 70 00 00 00 14 00 12 00 00 0f 61 75
    74 68 2e 67 6c 6f 62 75 73 2e 6f 72 67 00 0b 00
    04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00
    1e 00 19 00 18 00 23 00 00 00 16 00 00 00 17 00
    00 00 0d 00 30 00 2e 04 03 05 03 06 03 08 07 08
    08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05
    01 06 01 03 03 02 03 03 01 02 01 03 02 02 02 04
    02 05 02 06 02
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 218 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1674155410
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---

and

CONNECTED(00000003)
>>> ??? [length 0005]
    16 03 01 00 bd
>>> TLS 1.2, Handshake [length 00bd], ClientHello
    01 00 00 b9 03 03 c9 f4 ae 1b 38 ca dd 36 cf 4b
    03 d1 77 c9 84 cd 97 bd 9f 60 7b b7 9a a5 79 cc
    ed 80 2c 72 6f 69 00 00 38 c0 2c c0 30 00 9f cc
    a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00
    6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0
    13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00
    ff 01 00 00 58 00 0b 00 04 03 00 01 02 00 0a 00
    0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 23 00
    00 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e 04
    03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08
    04 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03
    01 02 01 03 02 02 02 04 02 05 02 06 02
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 194 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1674155423
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
kurtmckee commented 1 year ago

That output continues to make me doubt that your system is reaching auth.globus.org. Are you currently on a university or corporate network? I'd like to check other domains that are highly-available but might be similarly inaccessible. Would you try these?

openssl s_client -connect netflix.com:443 -msg
openssl s_client -connect mullvad.net:443 -msg
openssl s_client -connect daringfireball.net:443 -msg

Mullvad is a VPN provider, and Daring Fireball is the personal site of the person who created Markdown.

rgreen13 commented 1 year ago

Interesting. I'll get that. I am on a University network. I did just not that if I try to go to any subdomain of globus.org in my browser I get this as well:

image

rgreen13 commented 1 year ago

From openssl s_client -connect netflix.com:443 -msg

CONNECTED(00000003)
>>> ??? [length 0005]
    16 03 01 01 34
>>> TLS 1.3, Handshake [length 0134], ClientHello
    01 00 01 30 03 03 d0 a3 0a 27 c5 cd 19 29 18 18
    1c e7 7d 52 8f 78 3c 9a 2f bb f4 f7 96 d4 a0 67
    68 7a 93 06 4b a7 20 ff 2c af 8d a3 49 79 ca 52
    ad 87 e3 3a b3 ed dd db 57 22 e0 ef 2c 5d 0a 89
    27 f5 66 8e f6 6d 1f 00 3e 13 02 13 03 13 01 c0
    2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00
    9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0
    14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00
    3c 00 35 00 2f 00 ff 01 00 00 a9 00 00 00 10 00
    0e 00 00 0b 6e 65 74 66 6c 69 78 2e 63 6f 6d 00
    0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00
    17 00 1e 00 19 00 18 00 23 00 00 00 16 00 00 00
    17 00 00 00 0d 00 30 00 2e 04 03 05 03 06 03 08
    07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04
    01 05 01 06 01 03 03 02 03 03 01 02 01 03 02 02
    02 04 02 05 02 06 02 00 2b 00 09 08 03 04 03 03
    03 02 03 01 00 2d 00 02 01 01 00 33 00 26 00 24
    00 1d 00 20 47 93 67 f6 0d c9 c1 3c 3f 11 2f 53
    97 a7 36 36 20 36 08 3e b4 4d 39 b5 3f 65 ee 30
    88 ff aa 68
<<< ??? [length 0005]
    16 03 03 00 7a
<<< TLS 1.3, Handshake [length 007a], ServerHello
    02 00 00 76 03 03 63 9c 39 73 b5 8c 5d 97 e7 48
    e7 30 b1 fa 03 84 e5 70 2b 7a 5f 33 ea 5d b4 b4
    87 c6 d5 49 83 19 20 ff 2c af 8d a3 49 79 ca 52
    ad 87 e3 3a b3 ed dd db 57 22 e0 ef 2c 5d 0a 89
    27 f5 66 8e f6 6d 1f 13 02 00 00 2e 00 33 00 24
    00 1d 00 20 9e 5a 62 2c 63 d6 6a d6 93 ee e8 2a
    85 b5 10 96 a2 12 e3 46 9a c7 f1 1b f3 98 e0 0b
    3d 48 7c 73 00 2b 00 02 03 04
<<< ??? [length 0005]
    14 03 03 00 01
<<< ??? [length 0005]
    17 03 03 0e 33
<<< TLS 1.3 [length 0001]
    16
<<< TLS 1.3, Handshake [length 000a], EncryptedExtensions
    08 00 00 06 00 04 00 00 00 00
<<< TLS 1.3, Handshake [length 0cdc], Certificate
    0b 00 0c d8 00 00 0c d4 00 07 dc 30 82 07 d8 30
    82 06 c0 a0 03 02 01 02 02 10 0f 7c 86 c3 ac 13
    0c eb 0c 4b 4e f8 d5 f5 1c cd 30 0d 06 09 2a 86
    48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06
    03 55 04 06 13 02 55 53 31 15 30 13 06 03 55 04
    0a 13 0c 44 69 67 69 43 65 72 74 20 49 6e 63 31
    29 30 27 06 03 55 04 03 13 20 44 69 67 69 43 65
    72 74 20 54 4c 53 20 52 53 41 20 53 48 41 32 35
    36 20 32 30 32 30 20 43 41 31 30 1e 17 0d 32 32
    31 32 31 34 30 30 30 30 30 30 5a 17 0d 32 34 30
    31 31 34 32 33 35 39 35 39 5a 30 68 31 0b 30 09
    06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55
    04 08 13 0a 43 61 6c 69 66 6f 72 6e 69 61 31 12
    30 10 06 03 55 04 07 13 09 4c 6f 73 20 47 61 74
    6f 73 31 16 30 14 06 03 55 04 0a 13 0d 4e 65 74
    66 6c 69 78 2c 20 49 6e 63 2e 31 18 30 16 06 03
    55 04 03 13 0f 77 77 77 2e 6e 65 74 66 6c 69 78
    2e 63 6f 6d 30 82 01 22 30 0d 06 09 2a 86 48 86
    f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a
    02 82 01 01 00 bf 91 de 5e 86 4c c4 1f 09 d3 36
    fe b7 e6 8d 1e 57 4f a9 d3 f8 c1 26 d1 78 06 6a
    02 7b 45 26 88 c4 09 bf b1 93 f9 1f 7b 94 00 dc
    68 9a 6f b2 45 52 7d 4e 89 7d 9b 90 3b 7d 42 73
    64 59 4e 81 ae a2 f3 b8 96 aa 90 ed e1 c7 66 dc
    4c d6 a6 ec f1 af 2b ec d5 14 4a a4 99 b8 a5 e8
    cc 74 78 6d 22 6b 66 33 eb 8c 0c 37 09 19 ae c7
    db e3 7b 91 a9 60 84 dd d7 03 66 b8 45 a5 82 68
    8c 73 8a 6f 94 f6 18 9a 5c 3a ff 53 e3 d4 13 46
    76 ef b2 6c a7 ee 1c 36 8b 8e 97 53 1d 43 6a 27
    9a 66 6a 65 1a a9 66 44 fa e9 85 2a e1 14 b4 72
    a1 45 43 29 03 67 b0 57 17 de 73 74 49 af 01 8f
    4d 40 6c 9d e1 5e 25 78 6d 3e d8 92 cf f1 e7 e4
    1c e8 dc 93 7c 0f 20 2a cf fe a8 b3 e9 29 b7 e4
    86 84 7e 7c e8 e1 81 85 a3 e1 bd a8 7b 9b cb 92
    f6 7f 83 3c 98 b2 ba 9d 99 40 17 56 0b 8a 20 3b
    6e b0 f7 27 9b 02 03 01 00 01 a3 82 04 95 30 82
    04 91 30 1f 06 03 55 1d 23 04 18 30 16 80 14 b7
    6b a2 ea a8 aa 84 8c 79 ea b4 da 0f 98 b2 c5 95
    76 b9 f4 30 1d 06 03 55 1d 0e 04 16 04 14 99 1b
    73 79 d7 b4 75 c4 a4 89 c6 f8 10 6f 02 62 5e 9e
    56 b4 30 82 01 3e 06 03 55 1d 11 04 82 01 35 30
    82 01 31 82 13 61 63 63 6f 75 6e 74 2e 6e 65 74
    66 6c 69 78 2e 63 6f 6d 82 0e 63 61 2e 6e 65 74
    66 6c 69 78 2e 63 6f 6d 82 0a 6e 65 74 66 6c 69
    78 2e 63 61 82 0b 6e 65 74 66 6c 69 78 2e 63 6f
    6d 82 12 73 69 67 6e 75 70 2e 6e 65 74 66 6c 69
    78 2e 63 6f 6d 82 0e 77 77 77 2e 6e 65 74 66 6c
    69 78 2e 63 61 82 10 77 77 77 31 2e 6e 65 74 66
    6c 69 78 2e 63 6f 6d 82 10 77 77 77 32 2e 6e 65
    74 66 6c 69 78 2e 63 6f 6d 82 10 77 77 77 33 2e
    6e 65 74 66 6c 69 78 2e 63 6f 6d 82 19 64 65 76
    65 6c 6f 70 2d 73 74 61 67 65 2e 6e 65 74 66 6c
    69 78 2e 63 6f 6d 82 19 72 65 6c 65 61 73 65 2d
    73 74 61 67 65 2e 6e 65 74 66 6c 69 78 2e 63 6f
    6d 82 0f 77 77 77 2e 6e 65 74 66 6c 69 78 2e 63
    6f 6d 82 0e 74 76 2e 6e 65 74 66 6c 69 78 2e 63
    6f 6d 82 1f 65 6d 62 65 64 2e 64 65 76 65 6c 6f
    70 2d 73 74 61 67 65 2e 6e 65 74 66 6c 69 78 2e
    63 6f 6d 82 1f 65 6d 62 65 64 2e 72 65 6c 65 61
    73 65 2d 73 74 61 67 65 2e 6e 65 74 66 6c 69 78
    2e 63 6f 6d 30 0e 06 03 55 1d 0f 01 01 ff 04 04
    03 02 05 a0 30 1d 06 03 55 1d 25 04 16 30 14 06
    08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05 05
    07 03 02 30 81 8f 06 03 55 1d 1f 04 81 87 30 81
    84 30 40 a0 3e a0 3c 86 3a 68 74 74 70 3a 2f 2f
    63 72 6c 33 2e 64 69 67 69 63 65 72 74 2e 63 6f
    6d 2f 44 69 67 69 43 65 72 74 54 4c 53 52 53 41
    53 48 41 32 35 36 32 30 32 30 43 41 31 2d 32 2e
    63 72 6c 30 40 a0 3e a0 3c 86 3a 68 74 74 70 3a
    2f 2f 63 72 6c 34 2e 64 69 67 69 63 65 72 74 2e
    63 6f 6d 2f 44 69 67 69 43 65 72 74 54 4c 53 52
    53 41 53 48 41 32 35 36 32 30 32 30 43 41 31 2d
    32 2e 63 72 6c 30 3e 06 03 55 1d 20 04 37 30 35
    30 33 06 06 67 81 0c 01 02 02 30 29 30 27 06 08
    2b 06 01 05 05 07 02 01 16 1b 68 74 74 70 3a 2f
    2f 77 77 77 2e 64 69 67 69 63 65 72 74 2e 63 6f
    6d 2f 43 50 53 30 7d 06 08 2b 06 01 05 05 07 01
    01 04 71 30 6f 30 24 06 08 2b 06 01 05 05 07 30
    01 86 18 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 64
    69 67 69 63 65 72 74 2e 63 6f 6d 30 47 06 08 2b
    06 01 05 05 07 30 02 86 3b 68 74 74 70 3a 2f 2f
    63 61 63 65 72 74 73 2e 64 69 67 69 63 65 72 74
    2e 63 6f 6d 2f 44 69 67 69 43 65 72 74 54 4c 53
    52 53 41 53 48 41 32 35 36 32 30 32 30 43 41 31
    2e 63 72 74 30 0c 06 03 55 1d 13 01 01 ff 04 02
    30 00 30 82 01 7d 06 0a 2b 06 01 04 01 d6 79 02
    04 02 04 82 01 6d 04 82 01 69 01 67 00 76 00 76
    ff 88 3f 0a b6 fb 95 51 c2 61 cc f5 87 ba 34 b4
    a4 cd bb 29 dc 68 42 0a 9f e6 67 4c 5a 3a 74 00
    00 01 85 11 cb 51 19 00 00 04 03 00 47 30 45 02
    20 5d c5 b8 ff c2 a1 55 95 d3 7c 85 6f 59 cb 55
    02 2e 40 50 76 85 1a ab 11 e4 4f 90 87 2c eb 03
    a8 02 21 00 93 39 49 eb 00 52 11 1b 83 75 5a a5
    7d f0 77 fd 52 8b b2 78 cf 36 6f f8 f4 e7 2c 2b
    0f 46 97 58 00 75 00 73 d9 9e 89 1b 4c 96 78 a0
    20 7d 47 9d e6 b2 c6 1c d0 51 5e 71 19 2a 8c 6b
    80 10 7a c1 77 72 b5 00 00 01 85 11 cb 51 40 00
    00 04 03 00 46 30 44 02 20 74 02 c9 f2 70 62 32
    6e b7 3e a3 7a 95 57 17 f2 7d 33 7c 98 9e 8b 53
    f7 43 77 bd 9c cd a5 ee c5 02 20 04 9a 86 85 6d
    a8 36 72 ef 6b 97 89 e3 1c b4 ce 38 3d d4 18 44
    d8 18 4f 09 eb c6 20 89 47 06 bb 00 76 00 48 b0
    e3 6b da a6 47 34 0f e5 6a 02 fa 9d 30 eb 1c 52
    01 cb 56 dd 2c 81 d9 bb bf ab 39 d8 84 73 00 00
    01 85 11 cb 50 ff 00 00 04 03 00 47 30 45 02 21
    00 df 0e 2e e6 ff c2 2e 2a 99 e3 5f 0b da b5 98
    a6 0b bc c0 75 12 bc 76 47 74 65 22 db f0 68 12
    30 02 20 31 fc 9f 52 fb ab a3 1b 5c 85 c7 39 dc
    62 ad 1a fe b6 88 c5 ac f3 dc ed 7d d1 b1 be 0e
    44 0b f6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b
    05 00 03 82 01 01 00 99 37 fe 20 1e 62 f7 a8 c4
    32 52 56 ab 37 21 6c 7f a5 c2 34 f2 e6 ae 23 c5
    4c 38 ee e4 50 71 6c 67 47 84 26 bd 7b 08 2d 08
    8c 93 d3 51 0c 76 fe c4 2d 45 01 e9 0a 03 07 f4
    1a 8d 79 a1 7e ea 81 55 33 06 db e8 8a 49 a8 e5
    92 42 4f b3 13 91 f0 0c ee 76 96 f0 40 2d 57 7c
    b4 98 17 80 51 6b 4d ee 46 95 91 ed d3 c9 3b 7f
    43 ce 25 7c 7c 95 37 86 93 88 2b 80 45 eb 50 8d
    59 b7 df c2 73 85 b4 41 7d 30 6d dc 38 20 c7 af
    14 27 ce ed 6d c7 bd 42 a6 88 3b 62 30 74 28 05
    02 62 8f 1e bf 2d 9f 2a 4a 64 1a 26 2b 5f 5b 20
    f5 02 0e 03 a9 da b5 4c 23 d7 c9 75 49 f0 a3 71
    30 e4 e6 63 b2 63 55 dc f0 ab cc d9 62 99 6c 8f
    33 07 79 73 b4 83 0b 4a 76 83 bc fa 60 48 08 a4
    40 cd 1f 75 10 7f 29 94 40 46 e1 2e e7 c8 11 50
    07 2b 36 11 01 e5 13 82 29 95 93 81 cf bf 0e ae
    8a 4f 46 af 97 5e a3 00 00 00 04 ee 30 82 04 ea
    30 82 03 d2 a0 03 02 01 02 02 10 0a 35 08 d5 5c
    29 2b 01 7d f8 ad 65 c0 0f f7 e4 30 0d 06 09 2a
    86 48 86 f7 0d 01 01 0b 05 00 30 61 31 0b 30 09
    06 03 55 04 06 13 02 55 53 31 15 30 13 06 03 55
    04 0a 13 0c 44 69 67 69 43 65 72 74 20 49 6e 63
    31 19 30 17 06 03 55 04 0b 13 10 77 77 77 2e 64
    69 67 69 63 65 72 74 2e 63 6f 6d 31 20 30 1e 06
    03 55 04 03 13 17 44 69 67 69 43 65 72 74 20 47
    6c 6f 62 61 6c 20 52 6f 6f 74 20 43 41 30 1e 17
    0d 32 30 30 39 32 34 30 30 30 30 30 30 5a 17 0d
    33 30 30 39 32 33 32 33 35 39 35 39 5a 30 4f 31
    0b 30 09 06 03 55 04 06 13 02 55 53 31 15 30 13
    06 03 55 04 0a 13 0c 44 69 67 69 43 65 72 74 20
    49 6e 63 31 29 30 27 06 03 55 04 03 13 20 44 69
    67 69 43 65 72 74 20 54 4c 53 20 52 53 41 20 53
    48 41 32 35 36 20 32 30 32 30 20 43 41 31 30 82
    01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05
    00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 c1
    4b b3 65 47 70 bc dd 4f 58 db ec 9c ed c3 66 e5
    1f 31 13 54 ad 4a 66 46 1f 2c 0a ec 64 07 e5 2e
    dc dc b9 0a 20 ed df e3 c4 d0 9e 9a a9 7a 1d 82
    88 e5 11 56 db 1e 9f 58 c2 51 e7 2c 34 0d 2e d2
    92 e1 56 cb f1 79 5f b3 bb 87 ca 25 03 7b 9a 52
    41 66 10 60 4f 57 13 49 f0 e8 37 67 83 df e7 d3
    4b 67 4c 22 51 a6 df 0e 99 10 ed 57 51 74 26 e2
    7d c7 ca 62 2e 13 1b 7f 23 88 25 53 6f c1 34 58
    00 8b 84 ff f8 be a7 58 49 22 7b 96 ad a2 88 9b
    15 bc a0 7c df e9 51 a8 d5 b0 ed 37 e2 36 b4 82
    4b 62 b5 49 9a ec c7 67 d6 e3 3e f5 e3 d6 12 5e
    44 f1 bf 71 42 7d 58 84 03 80 b1 81 01 fa f9 ca
    32 bb b4 8e 27 87 27 c5 2b 74 d4 a8 d6 97 de c3
    64 f9 ca ce 53 a2 56 bc 78 17 8e 49 03 29 ae fb
    49 4f a4 15 b9 ce f2 5c 19 57 6d 6b 79 a7 2b a2
    27 20 13 b5 d0 3d 40 d3 21 30 07 93 ea 99 f5 02
    03 01 00 01 a3 82 01 ae 30 82 01 aa 30 1d 06 03
    55 1d 0e 04 16 04 14 b7 6b a2 ea a8 aa 84 8c 79
    ea b4 da 0f 98 b2 c5 95 76 b9 f4 30 1f 06 03 55
    1d 23 04 18 30 16 80 14 03 de 50 35 56 d1 4c bb
    66 f0 a3 e2 1b 1b c3 97 b2 3d d1 55 30 0e 06 03
    55 1d 0f 01 01 ff 04 04 03 02 01 86 30 1d 06 03
    55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03
    01 06 08 2b 06 01 05 05 07 03 02 30 12 06 03 55
    1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01 00 30
    76 06 08 2b 06 01 05 05 07 01 01 04 6a 30 68 30
    24 06 08 2b 06 01 05 05 07 30 01 86 18 68 74 74
    70 3a 2f 2f 6f 63 73 70 2e 64 69 67 69 63 65 72
    74 2e 63 6f 6d 30 40 06 08 2b 06 01 05 05 07 30
    02 86 34 68 74 74 70 3a 2f 2f 63 61 63 65 72 74
    73 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d 2f 44
    69 67 69 43 65 72 74 47 6c 6f 62 61 6c 52 6f 6f
    74 43 41 2e 63 72 74 30 7b 06 03 55 1d 1f 04 74
    30 72 30 37 a0 35 a0 33 86 31 68 74 74 70 3a 2f
    2f 63 72 6c 33 2e 64 69 67 69 63 65 72 74 2e 63
    6f 6d 2f 44 69 67 69 43 65 72 74 47 6c 6f 62 61
    6c 52 6f 6f 74 43 41 2e 63 72 6c 30 37 a0 35 a0
    33 86 31 68 74 74 70 3a 2f 2f 63 72 6c 34 2e 64
    69 67 69 63 65 72 74 2e 63 6f 6d 2f 44 69 67 69
    43 65 72 74 47 6c 6f 62 61 6c 52 6f 6f 74 43 41
    2e 63 72 6c 30 30 06 03 55 1d 20 04 29 30 27 30
    07 06 05 67 81 0c 01 01 30 08 06 06 67 81 0c 01
    02 01 30 08 06 06 67 81 0c 01 02 02 30 08 06 06
    67 81 0c 01 02 03 30 0d 06 09 2a 86 48 86 f7 0d
    01 01 0b 05 00 03 82 01 01 00 77 ab b7 7a 27 3d
    ae bb f6 7f e0 5a 56 c9 84 aa ca 5b 71 17 dd 22
    47 fc 4e 9f ee d0 c1 a4 04 e1 a3 eb c5 49 c1 fd
    d1 c9 df 8c af 94 45 2c 46 2a a3 63 39 20 f9 9e
    4a 24 94 41 c8 a9 d9 e2 9c 54 05 06 cb 5c 1c be
    00 1b 0f a8 5a ff 19 bb 65 c7 16 af 21 56 dd 61
    05 c9 e9 8f 98 76 df 6b 1b d0 72 0c 50 b9 30 29
    7a bf 60 59 10 66 13 3a 2d ac 15 11 6c 2d 23 0c
    02 3e 05 3b fe e5 a1 9c e2 8a db 87 d7 4a e8 5e
    e7 48 06 eb ab 12 9a f2 af 84 c3 5b 83 4a 99 81
    83 ab 00 a1 ca 0a 3c 4c a2 25 89 2a 22 a7 a4 f3
    33 4c 5b 8c 2e 1a 02 97 0f 9d 8f 6d 2d 95 08 fb
    4f da f1 91 38 25 e1 9c 6e 61 18 87 6a ce b1 bb
    00 30 6a 9b b7 af da f1 c5 97 fe 8a 78 24 aa ea
    93 80 ba 33 65 7a bc a1 77 e9 7f 69 14 0b 00 3f
    77 92 b1 4d 5b 73 87 0a 13 d0 9c c8 f2 4b 39 4f
    52 84 49 a6 4c 90 4e 1f f7 b4 00 00
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
verify return:1
depth=0 C = US, ST = California, L = Los Gatos, O = "Netflix, Inc.", CN = www.netflix.com
verify return:1
<<< TLS 1.3, Handshake [length 0108], CertificateVerify
    0f 00 01 04 08 04 01 00 03 28 4b 5c f2 0a 1d 41
    23 28 0a d6 93 22 4e fc 0f 29 c4 54 7d 32 09 46
    78 91 07 70 70 35 4b e1 8a ba 02 6b 1a 05 15 0f
    4c 2e 9f cd 96 1e b4 13 d6 3e 9b 60 fa e0 1b 09
    5c d8 1f 8f 78 71 f4 35 92 15 5a 3b 75 f1 94 b8
    a5 94 df f5 71 8c a9 f7 6e 7f 5c c9 55 e2 03 96
    25 ed 74 43 c8 a0 a1 cc 44 ef bf be 4e 9b 77 e6
    48 37 03 60 61 8e e6 65 85 72 50 e2 da e8 c8 f0
    63 b9 dc 54 ea ff d1 a0 3a c4 cf 6e 6b 9d dd aa
    12 93 cd a8 ff a2 d1 c4 5f 20 dd cd cf 03 d7 0e
    b2 b1 5b 9f 90 24 11 aa aa 89 67 d2 0a 32 e0 93
    20 6d 05 ca 0f d4 2f bd 36 74 4c 24 27 ad 55 34
    85 f6 1d 9c 48 56 60 e6 7d db 68 c9 4a ea da 71
    e6 75 bf 83 e2 5d 1d 91 22 99 db ab 0b 72 51 12
    79 dc c6 21 40 1f be aa 45 84 4e ae 02 e4 3d 4e
    74 6c 56 63 83 1c 1c de e5 f2 e4 ea 89 7d 75 16
    77 76 95 e6 dd dc 09 10
<<< TLS 1.3, Handshake [length 0034], Finished
    14 00 00 30 26 52 7f ea 32 64 8b d0 05 17 5b eb
    d4 1a da 8c 49 9f 9e df 10 8c 9a b1 fc bf 68 ef
    14 5f b6 c1 61 22 a3 90 37 ef f2 81 3e 73 95 89
    37 ff bb bb
>>> ??? [length 0005]
    14 03 03 00 01
>>> TLS 1.3, ChangeCipherSpec [length 0001]
    01
>>> ??? [length 0005]
    17 03 03 00 45
>>> TLS 1.3 [length 0001]
    16
>>> TLS 1.3, Handshake [length 0034], Finished
    14 00 00 30 b1 a7 4c c7 53 65 26 a0 9a 52 4d 49
    f2 64 cc 13 e3 31 85 97 5f 7e 4e 0c 83 1c dc 20
    db 94 ee 31 e7 27 1e 4b 97 9f 5a e0 65 d8 ab 46
    7f d5 8f a2
---
Certificate chain
 0 s:C = US, ST = California, L = Los Gatos, O = "Netflix, Inc.", CN = www.netflix.com
   i:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
 1 s:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIH2DCCBsCgAwIBAgIQD3yGw6wTDOsMS0741fUczTANBgkqhkiG9w0BAQsFADBP
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBE
aWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMjEyMTQwMDAwMDBa
Fw0yNDAxMTQyMzU5NTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y
bmlhMRIwEAYDVQQHEwlMb3MgR2F0b3MxFjAUBgNVBAoTDU5ldGZsaXgsIEluYy4x
GDAWBgNVBAMTD3d3dy5uZXRmbGl4LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL+R3l6GTMQfCdM2/rfmjR5XT6nT+MEm0XgGagJ7RSaIxAm/sZP5
H3uUANxomm+yRVJ9Tol9m5A7fUJzZFlOga6i87iWqpDt4cdm3EzWpuzxryvs1RRK
pJm4pejMdHhtImtmM+uMDDcJGa7H2+N7kalghN3XA2a4RaWCaIxzim+U9hiaXDr/
U+PUE0Z277Jsp+4cNouOl1MdQ2onmmZqZRqpZkT66YUq4RS0cqFFQykDZ7BXF95z
dEmvAY9NQGyd4V4leG0+2JLP8efkHOjck3wPICrP/qiz6Sm35IaEfnzo4YGFo+G9
qHuby5L2f4M8mLK6nZlAF1YLiiA7brD3J5sCAwEAAaOCBJUwggSRMB8GA1UdIwQY
MBaAFLdrouqoqoSMeeq02g+YssWVdrn0MB0GA1UdDgQWBBSZG3N517R1xKSJxvgQ
bwJiXp5WtDCCAT4GA1UdEQSCATUwggExghNhY2NvdW50Lm5ldGZsaXguY29tgg5j
YS5uZXRmbGl4LmNvbYIKbmV0ZmxpeC5jYYILbmV0ZmxpeC5jb22CEnNpZ251cC5u
ZXRmbGl4LmNvbYIOd3d3Lm5ldGZsaXguY2GCEHd3dzEubmV0ZmxpeC5jb22CEHd3
dzIubmV0ZmxpeC5jb22CEHd3dzMubmV0ZmxpeC5jb22CGWRldmVsb3Atc3RhZ2Uu
bmV0ZmxpeC5jb22CGXJlbGVhc2Utc3RhZ2UubmV0ZmxpeC5jb22CD3d3dy5uZXRm
bGl4LmNvbYIOdHYubmV0ZmxpeC5jb22CH2VtYmVkLmRldmVsb3Atc3RhZ2UubmV0
ZmxpeC5jb22CH2VtYmVkLnJlbGVhc2Utc3RhZ2UubmV0ZmxpeC5jb20wDgYDVR0P
AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBjwYDVR0f
BIGHMIGEMECgPqA8hjpodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRU
TFNSU0FTSEEyNTYyMDIwQ0ExLTIuY3JsMECgPqA8hjpodHRwOi8vY3JsNC5kaWdp
Y2VydC5jb20vRGlnaUNlcnRUTFNSU0FTSEEyNTYyMDIwQ0ExLTIuY3JsMD4GA1Ud
IAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNl
cnQuY29tL0NQUzB9BggrBgEFBQcBAQRxMG8wJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
Y3NwLmRpZ2ljZXJ0LmNvbTBHBggrBgEFBQcwAoY7aHR0cDovL2NhY2VydHMuZGln
aWNlcnQuY29tL0RpZ2lDZXJ0VExTUlNBU0hBMjU2MjAyMENBMS5jcnQwDAYDVR0T
AQH/BAIwADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYAdv+IPwq2+5VRwmHM
9Ye6NLSkzbsp3GhCCp/mZ0xaOnQAAAGFEctRGQAABAMARzBFAiBdxbj/wqFVldN8
hW9Zy1UCLkBQdoUaqxHkT5CHLOsDqAIhAJM5SesAUhEbg3VapX3wd/1Si7J4zzZv
+PTnLCsPRpdYAHUAc9meiRtMlnigIH1HneayxhzQUV5xGSqMa4AQesF3crUAAAGF
EctRQAAABAMARjBEAiB0AsnycGIybrc+o3qVVxfyfTN8mJ6LU/dDd72czaXuxQIg
BJqGhW2oNnLva5eJ4xy0zjg91BhE2BhPCevGIIlHBrsAdgBIsONr2qZHNA/lagL6
nTDrHFIBy1bdLIHZu7+rOdiEcwAAAYURy1D/AAAEAwBHMEUCIQDfDi7m/8IuKpnj
XwvatZimC7zAdRK8dkd0ZSLb8GgSMAIgMfyfUvuroxtchcc53GKtGv62iMWs89zt
fdGxvg5EC/YwDQYJKoZIhvcNAQELBQADggEBAJk3/iAeYveoxDJSVqs3IWx/pcI0
8uauI8VMOO7kUHFsZ0eEJr17CC0IjJPTUQx2/sQtRQHpCgMH9BqNeaF+6oFVMwbb
6IpJqOWSQk+zE5HwDO52lvBALVd8tJgXgFFrTe5GlZHt08k7f0POJXx8lTeGk4gr
gEXrUI1Zt9/Cc4W0QX0wbdw4IMevFCfO7W3HvUKmiDtiMHQoBQJijx6/LZ8qSmQa
JitfWyD1Ag4Dqdq1TCPXyXVJ8KNxMOTmY7JjVdzwq8zZYplsjzMHeXO0gwtKdoO8
+mBICKRAzR91EH8plEBG4S7nyBFQBys2EQHlE4IplZOBz78OropPRq+XXqM=
-----END CERTIFICATE-----
subject=C = US, ST = California, L = Los Gatos, O = "Netflix, Inc.", CN = www.netflix.com

issuer=C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3773 bytes and written 393 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
^C

From [greenr@gx2 ~]$ openssl s_client -connect mullvad.net:443 -msg

CONNECTED(00000003)
>>> ??? [length 0005]
    16 03 01 01 34
>>> TLS 1.3, Handshake [length 0134], ClientHello
    01 00 01 30 03 03 6b 5d 4f a4 60 10 e3 9a f5 28
    98 8b 3a b2 dc e9 2f 5c 47 2a 29 ed 15 2f bc 20
    02 30 7c 1b 95 6b 20 8c 39 dc 90 a9 7e 11 7f 67
    e4 4e 90 73 cf 69 9d b1 32 2c 00 66 47 e1 1f a3
    81 f3 6a 7c 3c a3 d8 00 3e 13 02 13 03 13 01 c0
    2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00
    9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0
    14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00
    3c 00 35 00 2f 00 ff 01 00 00 a9 00 00 00 10 00
    0e 00 00 0b 6d 75 6c 6c 76 61 64 2e 6e 65 74 00
    0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00
    17 00 1e 00 19 00 18 00 23 00 00 00 16 00 00 00
    17 00 00 00 0d 00 30 00 2e 04 03 05 03 06 03 08
    07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04
    01 05 01 06 01 03 03 02 03 03 01 02 01 03 02 02
    02 04 02 05 02 06 02 00 2b 00 09 08 03 04 03 03
    03 02 03 01 00 2d 00 02 01 01 00 33 00 26 00 24
    00 1d 00 20 90 7c d8 14 2c f1 cf e6 ea 39 ba 02
    8d 6d 67 6d 69 2b 2b a5 c7 91 2f d1 10 c6 8c 69
    2a f3 17 4c
<<< ??? [length 0005]
    16 03 03 00 7a
<<< TLS 1.3, Handshake [length 007a], ServerHello
    02 00 00 76 03 03 d7 ce a7 9f e1 d2 06 91 1a 33
    fa 57 d1 1d b2 34 95 6f 44 48 3a 44 20 7f 84 b5
    d6 f6 53 a5 91 7c 20 8c 39 dc 90 a9 7e 11 7f 67
    e4 4e 90 73 cf 69 9d b1 32 2c 00 66 47 e1 1f a3
    81 f3 6a 7c 3c a3 d8 13 02 00 00 2e 00 2b 00 02
    03 04 00 33 00 24 00 1d 00 20 00 a1 04 5f 7d 74
    e1 4b 08 5d 1a b5 46 ae 72 48 10 25 65 46 2f 5c
    c7 60 bd 02 c6 e4 ff 1d f9 64
<<< ??? [length 0005]
    14 03 03 00 01
<<< ??? [length 0005]
    17 03 03 00 1b
<<< TLS 1.3 [length 0001]
    16
<<< TLS 1.3, Handshake [length 000a], EncryptedExtensions
    08 00 00 06 00 04 00 00 00 00
<<< ??? [length 0005]
    17 03 03 10 90
<<< TLS 1.3 [length 0001]
    16
<<< TLS 1.3, Handshake [length 107f], Certificate
    0b 00 10 7b 00 00 10 77 00 05 ea 30 82 05 e6 30
    82 04 ce a0 03 02 01 02 02 12 03 6c cf c4 b4 d1
    36 2c 4f 0b ae 06 0d 5c ce b7 6d 03 30 0d 06 09
    2a 86 48 86 f7 0d 01 01 0b 05 00 30 32 31 0b 30
    09 06 03 55 04 06 13 02 55 53 31 16 30 14 06 03
    55 04 0a 13 0d 4c 65 74 27 73 20 45 6e 63 72 79
    70 74 31 0b 30 09 06 03 55 04 03 13 02 52 33 30
    1e 17 0d 32 33 30 31 30 33 32 33 30 30 34 36 5a
    17 0d 32 33 30 34 30 33 32 33 30 30 34 35 5a 30
    16 31 14 30 12 06 03 55 04 03 13 0b 6d 75 6c 6c
    76 61 64 2e 6e 65 74 30 82 01 22 30 0d 06 09 2a
    86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30
    82 01 0a 02 82 01 01 00 d9 57 c4 9a 8f 2f b4 9b
    61 a6 b0 92 01 a9 ea 67 22 7b 00 c9 a7 07 93 6c
    ed 76 72 6e 70 fd 72 25 f9 d8 ba 76 a4 50 f5 b6
    22 60 ca 28 40 46 2c ba 03 53 2b 33 0b ef 66 71
    a2 b9 71 da da c4 dd 29 6a 5d ff 90 71 4e 31 ae
    da 57 dd f1 5c 71 15 98 a1 94 a6 93 80 18 20 46
    10 e1 6f 53 b3 08 44 d0 02 5f f5 6e 9d f1 4b c8
    3b 3f 1b ee 47 30 be 8a 3f e7 1f 5d 27 72 ef 39
    56 03 7c 1b b5 b9 d9 05 d4 9f a4 9c a0 6d 60 51
    63 fc 1b ee 44 15 2e 25 f6 15 86 2a 26 92 87 ec
    2c 6f 4b 31 37 74 cb b6 54 2a c1 be ab 23 4e 4e
    ab 44 00 5e 4d b4 bf 01 59 23 89 b2 28 81 0a c6
    62 18 c2 75 3c 1b f9 2a 12 59 26 25 47 d2 7a 50
    b4 ad a7 a1 63 6d 5b 7d 48 29 0a 1c 6c 1f 71 50
    ec 29 c5 33 f3 14 06 88 7e a1 8a 91 b7 3d 74 22
    7d 84 d5 7c 4b 37 fe c7 c6 8f cc dd ac 4e f2 00
    72 da e4 d2 f1 f9 fc 15 02 03 01 00 01 a3 82 03
    10 30 82 03 0c 30 0e 06 03 55 1d 0f 01 01 ff 04
    04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 30 14
    06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05
    05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff 04 02
    30 00 30 1d 06 03 55 1d 0e 04 16 04 14 f4 59 54
    92 54 5f c0 86 89 b0 e4 02 ec c4 6b 8d ff 77 20
    74 30 1f 06 03 55 1d 23 04 18 30 16 80 14 14 2e
    b3 17 b7 58 56 cb ae 50 09 40 e6 1f af 9d 8b 14
    c2 c6 30 55 06 08 2b 06 01 05 05 07 01 01 04 49
    30 47 30 21 06 08 2b 06 01 05 05 07 30 01 86 15
    68 74 74 70 3a 2f 2f 72 33 2e 6f 2e 6c 65 6e 63
    72 2e 6f 72 67 30 22 06 08 2b 06 01 05 05 07 30
    02 86 16 68 74 74 70 3a 2f 2f 72 33 2e 69 2e 6c
    65 6e 63 72 2e 6f 72 67 2f 30 81 df 06 03 55 1d
    11 04 81 d7 30 81 d4 82 0b 6d 75 6c 6c 76 61 64
    2e 6e 65 74 82 49 6f 35 34 68 6f 6e 32 65 32 76
    6a 36 63 37 6d 33 61 71 71 75 36 75 79 65 63 65
    36 35 62 79 33 76 67 6f 78 78 68 6c 71 6c 73 76
    6b 6d 61 63 77 36 61 37 6d 37 6b 69 61 64 6f 6e
    69 6f 6e 2e 6d 75 6c 6c 76 61 64 2e 6e 65 74 82
    4d 6f 35 34 68 6f 6e 32 65 32 76 6a 36 63 37 6d
    33 61 71 71 75 36 75 79 65 63 65 36 35 62 79 33
    76 67 6f 78 78 68 6c 71 6c 73 76 6b 6d 61 63 77
    36 61 37 6d 37 6b 69 61 64 6f 6e 69 6f 6e 2e 77
    77 77 2e 6d 75 6c 6c 76 61 64 2e 6e 65 74 82 1a
    73 65 2d 6d 6d 61 2d 77 77 77 2d 31 30 31 2e 6d
    75 6c 6c 76 61 64 2e 6e 65 74 82 0f 77 77 77 2e
    6d 75 6c 6c 76 61 64 2e 6e 65 74 30 4c 06 03 55
    1d 20 04 45 30 43 30 08 06 06 67 81 0c 01 02 01
    30 37 06 0b 2b 06 01 04 01 82 df 13 01 01 01 30
    28 30 26 06 08 2b 06 01 05 05 07 02 01 16 1a 68
    74 74 70 3a 2f 2f 63 70 73 2e 6c 65 74 73 65 6e
    63 72 79 70 74 2e 6f 72 67 30 82 01 04 06 0a 2b
    06 01 04 01 d6 79 02 04 02 04 81 f5 04 81 f2 00
    f0 00 76 00 7a 32 8c 54 d8 b7 2d b6 20 ea 38 e0
    52 1e e9 84 16 70 32 13 85 4d 3b d2 2b c1 3a 57
    a3 52 eb 52 00 00 01 85 7a 14 90 b9 00 00 04 03
    00 47 30 45 02 21 00 f5 49 79 5d 27 c0 fe 3e b0
    96 44 59 6b 5c 47 40 1d 31 13 a3 11 e2 67 64 b6
    b4 2e ac 9a df fd a7 02 20 1d f6 e2 14 d9 75 04
    a7 94 7f e9 32 8b 4d 85 f3 a9 48 e7 8a 44 16 94
    47 e4 73 3f 35 8d 47 e6 ee 00 76 00 e8 3e d0 da
    3e f5 06 35 32 e7 57 28 bc 89 6b c9 03 d3 cb d1
    11 6b ec eb 69 e1 77 7d 6d 06 bd 6e 00 00 01 85
    7a 14 90 5b 00 00 04 03 00 47 30 45 02 20 6f c6
    d6 62 86 b3 56 01 bd 4c 6f eb 9a 0b 0f aa b7 78
    be f7 54 1c f3 10 1f 2e 78 69 e5 e4 da 8a 02 21
    00 fa 39 a2 ce f6 16 63 64 3e 14 48 d6 5b 54 c8
    0b e9 b1 5a a5 a6 34 d6 c4 c3 41 12 18 14 2a 31
    e9 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00
    03 82 01 01 00 7c f4 26 f1 69 94 5b 80 24 e1 43
    a3 14 10 3a be 5c d8 ce 65 7c 9b 8e 57 74 94 6e
    90 9e 9d 32 c9 e3 b4 1a f3 de 09 0f ff 79 5a 4a
    4d 54 50 70 54 87 0d dd ff 06 18 09 2b 73 02 f6
    8d 29 43 a0 08 5c ac 61 73 ae b0 19 09 b3 b3 87
    a8 ac fe cc 2d 9a 15 ee 4f 53 38 64 f8 3f 69 48
    92 48 c5 62 4d 8d 2a f1 11 11 7d 85 cc 5c 3b b8
    64 4c f2 59 13 a4 24 cb 59 30 aa 4f fa 84 1c 85
    bb 94 18 fd af 9b 7c 4d ca 16 ec 63 f0 86 cf b1
    31 9a 19 c4 30 d4 46 72 d9 a8 5a 49 61 d3 cd fd
    82 92 2a bf 8f 50 bf 55 ac 63 b2 be b9 eb 68 11
    14 0a c4 99 fc a1 b7 e2 8f 12 93 43 91 2b 56 57
    5e 06 b1 a7 41 62 f8 82 d5 1b e1 c8 94 df 69 66
    f1 df cb 67 eb 12 12 53 c4 32 11 a3 c3 b7 f1 af
    7c 57 b0 91 82 11 3e d0 86 81 fc 89 73 a7 4c cd
    18 aa ea 00 7a 5c eb 62 2d a3 8e 92 5d df 4a 72
    d8 92 24 d9 d4 00 00 00 05 1a 30 82 05 16 30 82
    02 fe a0 03 02 01 02 02 11 00 91 2b 08 4a cf 0c
    18 a7 53 f6 d6 2e 25 a7 5f 5a 30 0d 06 09 2a 86
    48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06
    03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04
    0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75
    72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72
    6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53
    52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 32 30
    30 39 30 34 30 30 30 30 30 30 5a 17 0d 32 35 30
    39 31 35 31 36 30 30 30 30 5a 30 32 31 0b 30 09
    06 03 55 04 06 13 02 55 53 31 16 30 14 06 03 55
    04 0a 13 0d 4c 65 74 27 73 20 45 6e 63 72 79 70
    74 31 0b 30 09 06 03 55 04 03 13 02 52 33 30 82
    01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05
    00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb
    02 15 28 cc f6 a0 94 d3 0f 12 ec 8d 55 92 c3 f8
    82 f1 99 a6 7a 42 88 a7 5d 26 aa b5 2b b9 c5 4c
    b1 af 8e 6b f9 75 c8 a3 d7 0f 47 94 14 55 35 57
    8c 9e a8 a2 39 19 f5 82 3c 42 a9 4e 6e f5 3b c3
    2e db 8d c0 b0 5c f3 59 38 e7 ed cf 69 f0 5a 0b
    1b be c0 94 24 25 87 fa 37 71 b3 13 e7 1c ac e1
    9b ef db e4 3b 45 52 45 96 a9 c1 53 ce 34 c8 52
    ee b5 ae ed 8f de 60 70 e2 a5 54 ab b6 6d 0e 97
    a5 40 34 6b 2b d3 bc 66 eb 66 34 7c fa 6b 8b 8f
    57 29 99 f8 30 17 5d ba 72 6f fb 81 c5 ad d2 86
    58 3d 17 c7 e7 09 bb f1 2b f7 86 dc c1 da 71 5d
    d4 46 e3 cc ad 25 c1 88 bc 60 67 75 66 b3 f1 18
    f7 a2 5c e6 53 ff 3a 88 b6 47 a5 ff 13 18 ea 98
    09 77 3f 9d 53 f9 cf 01 e5 f5 a6 70 17 14 af 63
    a4 ff 99 b3 93 9d dc 53 a7 06 fe 48 85 1d a1 69
    ae 25 75 bb 13 cc 52 03 f5 ed 51 a1 8b db 15 02
    03 01 00 01 a3 82 01 08 30 82 01 04 30 0e 06 03
    55 1d 0f 01 01 ff 04 04 03 02 01 86 30 1d 06 03
    55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03
    02 06 08 2b 06 01 05 05 07 03 01 30 12 06 03 55
    1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01 00 30
    1d 06 03 55 1d 0e 04 16 04 14 14 2e b3 17 b7 58
    56 cb ae 50 09 40 e6 1f af 9d 8b 14 c2 c6 30 1f
    06 03 55 1d 23 04 18 30 16 80 14 79 b4 59 e6 7b
    b6 e5 e4 01 73 80 08 88 c8 1a 58 f6 e9 9b 6e 30
    32 06 08 2b 06 01 05 05 07 01 01 04 26 30 24 30
    22 06 08 2b 06 01 05 05 07 30 02 86 16 68 74 74
    70 3a 2f 2f 78 31 2e 69 2e 6c 65 6e 63 72 2e 6f
    72 67 2f 30 27 06 03 55 1d 1f 04 20 30 1e 30 1c
    a0 1a a0 18 86 16 68 74 74 70 3a 2f 2f 78 31 2e
    63 2e 6c 65 6e 63 72 2e 6f 72 67 2f 30 22 06 03
    55 1d 20 04 1b 30 19 30 08 06 06 67 81 0c 01 02
    01 30 0d 06 0b 2b 06 01 04 01 82 df 13 01 01 01
    30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03
    82 02 01 00 85 ca 4e 47 3e a3 f7 85 44 85 bc d5
    67 78 b2 98 63 ad 75 4d 1e 96 3d 33 65 72 54 2d
    81 a0 ea c3 ed f8 20 bf 5f cc b7 70 00 b7 6e 3b
    f6 5e 94 de e4 20 9f a6 ef 8b b2 03 e7 a2 b5 16
    3c 91 ce b4 ed 39 02 e7 7c 25 8a 47 e6 65 6e 3f
    46 f4 d9 f0 ce 94 2b ee 54 ce 12 bc 8c 27 4b b8
    c1 98 2f a2 af cd 71 91 4a 08 b7 c8 b8 23 7b 04
    2d 08 f9 08 57 3e 83 d9 04 33 0a 47 21 78 09 82
    27 c3 2a c8 9b b9 ce 5c f2 64 c8 c0 be 79 c0 4f
    8e 6d 44 0c 5e 92 bb 2e f7 8b 10 e1 e8 1d 44 29
    db 59 20 ed 63 b9 21 f8 12 26 94 93 57 a0 1d 65
    04 c1 0a 22 ae 10 0d 43 97 a1 18 1f 7e e0 e0 86
    37 b5 5a b1 bd 30 bf 87 6e 2b 2a ff 21 4e 1b 05
    c3 f5 18 97 f0 5e ac c3 a5 b8 6a f0 2e bc 3b 33
    b9 ee 4b de cc fc e4 af 84 0b 86 3f c0 55 43 36
    f6 68 e1 36 17 6a 8e 99 d1 ff a5 40 a7 34 b7 c0
    d0 63 39 35 39 75 6e f2 ba 76 c8 93 02 e9 a9 4b
    6c 17 ce 0c 02 d9 bd 81 fb 9f b7 68 d4 06 65 b3
    82 3d 77 53 f8 8e 79 03 ad 0a 31 07 75 2a 43 d8
    55 97 72 c4 29 0e f7 c4 5d 4e c8 ae 46 84 30 d7
    f2 85 5f 18 a1 79 bb e7 5e 70 8b 07 e1 86 93 c3
    b9 8f dc 61 71 25 2a af df ed 25 50 52 68 8b 92
    dc e5 d6 b5 e3 da 7d d0 87 6c 84 21 31 ae 82 f5
    fb b9 ab c8 89 17 3d e1 4c e5 38 0e f6 bd 2b bd
    96 81 14 eb d5 db 3d 20 a7 7e 59 d3 e2 f8 58 f9
    5b b8 48 cd fe 5c 4f 16 29 fe 1e 55 23 af c8 11
    b0 8d ea 7c 93 90 17 2f fd ac a2 09 47 46 3f f0
    e9 b0 b7 ff 28 4d 68 32 d6 67 5e 1e 69 a3 93 b8
    f5 9d 8b 2f 0b d2 52 43 a6 6f 32 57 65 4d 32 81
    df 38 53 85 5d 7e 5d 66 29 ea b8 dd e4 95 b5 cd
    b5 56 12 42 cd c4 4e c6 25 38 44 50 6d ec ce 00
    55 18 fe e9 49 64 d4 4e ca 97 9c b4 5b c0 73 a8
    ab b8 47 c2 00 00 00 05 64 30 82 05 60 30 82 04
    48 a0 03 02 01 02 02 10 40 01 77 21 37 d4 e9 42
    b8 ee 76 aa 3c 64 0a b7 30 0d 06 09 2a 86 48 86
    f7 0d 01 01 0b 05 00 30 3f 31 24 30 22 06 03 55
    04 0a 13 1b 44 69 67 69 74 61 6c 20 53 69 67 6e
    61 74 75 72 65 20 54 72 75 73 74 20 43 6f 2e 31
    17 30 15 06 03 55 04 03 13 0e 44 53 54 20 52 6f
    6f 74 20 43 41 20 58 33 30 1e 17 0d 32 31 30 31
    32 30 31 39 31 34 30 33 5a 17 0d 32 34 30 39 33
    30 31 38 31 34 30 33 5a 30 4f 31 0b 30 09 06 03
    55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a
    13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72
    69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f
    75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52
    47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06
    09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f
    00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14
    37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c
    6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00
    4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b
    bf 1f d2 ea 31 9b 21 7e d1 33 3c ba 48 f5 dd 79
    df b3 b8 ff 12 f1 21 9a 4b c1 8a 86 71 69 4a 66
    66 6c 8f 7e 3c 70 bf ad 29 22 06 f3 e4 c0 e6 80
    ae e2 4b 8f b7 99 7e 94 03 9f d3 47 97 7c 99 48
    23 53 e8 38 ae 4f 0a 6f 83 2e d1 49 57 8c 80 74
    b6 da 2f d0 38 8d 7b 03 70 21 1b 75 f2 30 3c fa
    8f ae dd da 63 ab eb 16 4f c2 8e 11 4b 7e cf 0b
    e8 ff b5 77 2e f4 b2 7b 4a e0 4c 12 25 0c 70 8d
    03 29 a0 e1 53 24 ec 13 d9 ee 19 bf 10 b3 4a 8c
    3f 89 a3 61 51 de ac 87 07 94 f4 63 71 ec 2e e2
    6f 5b 98 81 e1 89 5c 34 79 6c 76 ef 3b 90 62 79
    e6 db a4 9a 2f 26 c5 d0 10 e1 0e de d9 10 8e 16
    fb b7 f7 a8 f7 c7 e5 02 07 98 8f 36 08 95 e7 e2
    37 96 0d 36 75 9e fb 0e 72 b1 1d 9b bc 03 f9 49
    05 d8 81 dd 05 b4 2a d6 41 e9 ac 01 76 95 0a 0f
    d8 df d5 bd 12 1f 35 2f 28 17 6c d2 98 c1 a8 09
    64 77 6e 47 37 ba ce ac 59 5e 68 9d 7f 72 d6 89
    c5 06 41 29 3e 59 3e dd 26 f5 24 c9 11 a7 5a a3
    4c 40 1f 46 a1 99 b5 a7 3a 51 6e 86 3b 9e 7d 72
    a7 12 05 78 59 ed 3e 51 78 15 0b 03 8f 8d d0 2f
    05 b2 3e 7b 4a 1c 4b 73 05 12 fc c6 ea e0 50 13
    7c 43 93 74 b3 ca 74 e7 8e 1f 01 08 d0 30 d4 5b
    71 36 b4 07 ba c1 30 30 5c 48 b7 82 3b 98 a6 7d
    60 8a a2 a3 29 82 cc ba bd 83 04 1b a2 83 03 41
    a1 d6 05 f1 1b c2 b6 f0 a8 7c 86 3b 46 a8 48 2a
    88 dc 76 9a 76 bf 1f 6a a5 3d 19 8f eb 38 f3 64
    de c8 2b 0d 0a 28 ff f7 db e2 15 42 d4 22 d0 27
    5d e1 79 fe 18 e7 70 88 ad 4e e6 d9 8b 3a c6 dd
    27 51 6e ff bc 64 f5 33 43 4f 02 03 01 00 01 a3
    82 01 46 30 82 01 42 30 0f 06 03 55 1d 13 01 01
    ff 04 05 30 03 01 01 ff 30 0e 06 03 55 1d 0f 01
    01 ff 04 04 03 02 01 06 30 4b 06 08 2b 06 01 05
    05 07 01 01 04 3f 30 3d 30 3b 06 08 2b 06 01 05
    05 07 30 02 86 2f 68 74 74 70 3a 2f 2f 61 70 70
    73 2e 69 64 65 6e 74 72 75 73 74 2e 63 6f 6d 2f
    72 6f 6f 74 73 2f 64 73 74 72 6f 6f 74 63 61 78
    33 2e 70 37 63 30 1f 06 03 55 1d 23 04 18 30 16
    80 14 c4 a7 b1 a4 7b 2c 71 fa db e1 4b 90 75 ff
    c4 15 60 85 89 10 30 54 06 03 55 1d 20 04 4d 30
    4b 30 08 06 06 67 81 0c 01 02 01 30 3f 06 0b 2b
    06 01 04 01 82 df 13 01 01 01 30 30 30 2e 06 08
    2b 06 01 05 05 07 02 01 16 22 68 74 74 70 3a 2f
    2f 63 70 73 2e 72 6f 6f 74 2d 78 31 2e 6c 65 74
    73 65 6e 63 72 79 70 74 2e 6f 72 67 30 3c 06 03
    55 1d 1f 04 35 30 33 30 31 a0 2f a0 2d 86 2b 68
    74 74 70 3a 2f 2f 63 72 6c 2e 69 64 65 6e 74 72
    75 73 74 2e 63 6f 6d 2f 44 53 54 52 4f 4f 54 43
    41 58 33 43 52 4c 2e 63 72 6c 30 1d 06 03 55 1d
    0e 04 16 04 14 79 b4 59 e6 7b b6 e5 e4 01 73 80
    08 88 c8 1a 58 f6 e9 9b 6e 30 0d 06 09 2a 86 48
    86 f7 0d 01 01 0b 05 00 03 82 01 01 00 0a 73 00
    6c 96 6e ff 0e 52 d0 ae dd 8c e7 5a 06 ad 2f a8
    e3 8f bf c9 0a 03 15 50 c2 e5 6c 42 bb 6f 9b f4
    b4 4f c2 44 88 08 75 cc eb 07 9b 14 62 6e 78 de
    ec 27 ba 39 5c f5 a2 a1 6e 56 94 70 10 53 b1 bb
    e4 af d0 a2 c3 2b 01 d4 96 f4 c5 20 35 33 f9 d8
    61 36 e0 71 8d b4 b8 b5 aa 82 45 95 c0 f2 a9 23
    28 e7 d6 a1 cb 67 08 da a0 43 2c aa 1b 93 1f c9
    de f5 ab 69 5d 13 f5 5b 86 58 22 ca 4d 55 e4 70
    67 6d c2 57 c5 46 39 41 cf 8a 58 83 58 6d 99 fe
    57 e8 36 0e f0 0e 23 aa fd 88 97 d0 e3 5c 0e 94
    49 b5 b5 17 35 d2 2e bf 4e 85 ef 18 e0 85 92 eb
    06 3b 6c 29 23 09 60 dc 45 02 4c 12 18 3b e9 fb
    0e de dc 44 f8 58 98 ae ea bd 45 45 a1 88 5d 66
    ca fe 10 e9 6f 82 c8 11 42 0d fb e9 ec e3 86 00
    de 9d 10 e3 38 fa a4 7d b1 d8 e8 49 82 84 06 9b
    2b e8 6b 4f 01 0c 38 77 2e f9 dd e7 39 00 00
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = mullvad.net
verify return:1
<<< ??? [length 0005]
    17 03 03 01 19
<<< TLS 1.3 [length 0001]
    16
<<< TLS 1.3, Handshake [length 0108], CertificateVerify
    0f 00 01 04 08 04 01 00 ca e5 98 50 57 90 36 45
    fd c0 dd f6 41 a2 1d 72 cb 7e f0 57 01 f4 51 1e
    c8 e8 81 79 ad 50 a4 c7 c2 6d 51 54 17 f7 3e 2b
    85 2a 10 1b 14 db c0 ae 32 d6 51 6d c8 38 59 8c
    92 42 a0 84 7c aa 0a bb db 41 0a 89 0b 56 9c 09
    3f 33 8a 50 0f 3a 8c 60 b1 2d fb 14 bf b5 83 24
    e3 53 0a 39 b1 bb 00 e2 95 66 e6 7e 77 42 27 d7
    f1 4b ff 63 a9 90 e2 c6 68 2c 15 20 36 52 5d d9
    4c 1a 1a d4 2d a0 d2 e8 11 e2 e9 3f 4b 46 ec b3
    d0 35 7e af ee 47 3e a6 a6 db a3 15 0a eb da 8a
    e1 f5 9a c9 51 4d fb 24 50 f4 39 c3 ff 9e 89 3d
    ba e3 67 cd 60 d1 03 4f 05 f7 42 4b 8f e1 56 61
    a6 3f b7 c5 12 01 b2 a7 45 dc ff 71 c4 db da 3a
    d9 b4 cf e8 4f 5a 40 5c 46 62 7f 20 02 fc fb 98
    c1 59 26 5e 69 9a a1 bb 38 d9 fa 53 5a ad c3 9f
    c1 69 51 f2 18 9c c8 57 d7 8c 37 6f 2f 0a e2 8b
    9d 1a 3e 93 e7 5d 76 34
<<< ??? [length 0005]
    17 03 03 00 45
<<< TLS 1.3 [length 0001]
    16
<<< TLS 1.3, Handshake [length 0034], Finished
    14 00 00 30 0d 3e cc e7 e4 03 39 8c 8b 88 4f 8b
    da 86 15 08 96 71 b2 f2 77 35 d8 25 ef 5d bf be
    95 c0 94 72 3a f8 cd d2 6b 8e f4 7f c6 54 02 6d
    be a4 37 ad
>>> ??? [length 0005]
    14 03 03 00 01
>>> TLS 1.3, ChangeCipherSpec [length 0001]
    01
>>> ??? [length 0005]
    17 03 03 00 45
>>> TLS 1.3 [length 0001]
    16
>>> TLS 1.3, Handshake [length 0034], Finished
    14 00 00 30 fe d1 48 9e c8 23 f5 60 e1 cb 4e 9e
    bd db e4 e4 1c 92 a4 0f 9b 84 1a 3a 93 4d 69 ca
    70 44 cc 25 3a 3d ca 6c cd 0d 55 ea 50 a6 ec d2
    37 8b f5 ba
---
Certificate chain
 0 s:CN = mullvad.net
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF5jCCBM6gAwIBAgISA2zPxLTRNixPC64GDVzOt20DMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzAxMDMyMzAwNDZaFw0yMzA0MDMyMzAwNDVaMBYxFDASBgNVBAMT
C211bGx2YWQubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2VfE
mo8vtJthprCSAanqZyJ7AMmnB5Ns7XZybnD9ciX52Lp2pFD1tiJgyihARiy6A1Mr
MwvvZnGiuXHa2sTdKWpd/5BxTjGu2lfd8VxxFZihlKaTgBggRhDhb1OzCETQAl/1
bp3xS8g7PxvuRzC+ij/nH10ncu85VgN8G7W52QXUn6ScoG1gUWP8G+5EFS4l9hWG
KiaSh+wsb0sxN3TLtlQqwb6rI05Oq0QAXk20vwFZI4myKIEKxmIYwnU8G/kqElkm
JUfSelC0raehY21bfUgpChxsH3FQ7CnFM/MUBoh+oYqRtz10In2E1XxLN/7Hxo/M
3axO8gBy2uTS8fn8FQIDAQABo4IDEDCCAwwwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
BBT0WVSSVF/Ahomw5ALsxGuN/3cgdDAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDm
H6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5v
LmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzCB
3wYDVR0RBIHXMIHUggttdWxsdmFkLm5ldIJJbzU0aG9uMmUydmo2YzdtM2FxcXU2
dXllY2U2NWJ5M3Znb3h4aGxxbHN2a21hY3c2YTdtN2tpYWRvbmlvbi5tdWxsdmFk
Lm5ldIJNbzU0aG9uMmUydmo2YzdtM2FxcXU2dXllY2U2NWJ5M3Znb3h4aGxxbHN2
a21hY3c2YTdtN2tpYWRvbmlvbi53d3cubXVsbHZhZC5uZXSCGnNlLW1tYS13d3ct
MTAxLm11bGx2YWQubmV0gg93d3cubXVsbHZhZC5uZXQwTAYDVR0gBEUwQzAIBgZn
gQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5s
ZXRzZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgB6MoxU2Lct
tiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYV6FJC5AAAEAwBHMEUCIQD1SXld
J8D+PrCWRFlrXEdAHTEToxHiZ2S2tC6smt/9pwIgHfbiFNl1BKeUf+kyi02F86lI
54pEFpRH5HM/NY1H5u4AdgDoPtDaPvUGNTLnVyi8iWvJA9PL0RFr7Otp4Xd9bQa9
bgAAAYV6FJBbAAAEAwBHMEUCIG/G1mKGs1YBvUxv65oLD6q3eL73VBzzEB8ueGnl
5NqKAiEA+jmizvYWY2Q+FEjWW1TIC+mxWqWmNNbEw0ESGBQqMekwDQYJKoZIhvcN
AQELBQADggEBAHz0JvFplFuAJOFDoxQQOr5c2M5lfJuOV3SUbpCenTLJ47Qa894J
D/95WkpNVFBwVIcN3f8GGAkrcwL2jSlDoAhcrGFzrrAZCbOzh6is/swtmhXuT1M4
ZPg/aUiSSMViTY0q8RERfYXMXDu4ZEzyWROkJMtZMKpP+oQchbuUGP2vm3xNyhbs
Y/CGz7ExmhnEMNRGctmoWklh0839gpIqv49Qv1WsY7K+uetoERQKxJn8obfijxKT
Q5ErVldeBrGnQWL4gtUb4ciU32lm8d/LZ+sSElPEMhGjw7fxr3xXsJGCET7QhoH8
iXOnTM0YquoAelzrYi2jjpJd30py2JIk2dQ=
-----END CERTIFICATE-----
subject=CN = mullvad.net

issuer=C = US, O = Let's Encrypt, CN = R3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4770 bytes and written 393 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
<<< ??? [length 0005]
    17 03 03 00 4a
<<< TLS 1.3 [length 0001]
    16
<<< TLS 1.3, Handshake [length 0039], NewSessionTicket
    04 00 00 35 00 01 51 80 1e 28 a8 39 08 00 00 00
    00 00 00 00 00 00 20 ce 5a a7 41 ad 25 72 ad 76
    93 c8 40 3e 19 25 fb 1a 44 27 c8 6b 5e 14 b7 5a
    47 97 44 eb 45 bc e0 00 00
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 8B21356BF6CB92140909F051758B086129BE266682E31F7CE96195851A793ADD
    Session-ID-ctx: 
    Resumption PSK: 816E3C8670D337BD87BC63A41EAAFCBB4CEAE7A1119AD15A73BBFE9D343378BA60CE4B25B3CF197447168412D782E2FA
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 86400 (seconds)
    TLS session ticket:
    0000 - ce 5a a7 41 ad 25 72 ad-76 93 c8 40 3e 19 25 fb   .Z.A.%r.v..@>.%.
    0010 - 1a 44 27 c8 6b 5e 14 b7-5a 47 97 44 eb 45 bc e0   .D'.k^..ZG.D.E..

    Start Time: 1674169690
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
<<< ??? [length 0005]
    17 03 03 00 4a
<<< TLS 1.3 [length 0001]
    16
<<< TLS 1.3, Handshake [length 0039], NewSessionTicket
    04 00 00 35 00 01 51 80 8d 22 d8 4e 08 00 00 00
    00 00 00 00 01 00 20 a6 a7 65 06 3c 27 43 3a ca
    16 51 75 09 55 dd ff 52 e0 9e a6 cf b3 f9 99 1d
    63 c4 00 66 15 2f 33 00 00
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: EF6281D9BA8253981FA45C7F9CD660223EDBB59F05735D0D2DBC4697FB76D15C
    Session-ID-ctx: 
    Resumption PSK: B5D6495CACABD02BE26C8C4EA27EAE6C78E27CB8B8212753F2F6333BD3237010BDBE3AF45380FA96167EECED3DED9182
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 86400 (seconds)
    TLS session ticket:
    0000 - a6 a7 65 06 3c 27 43 3a-ca 16 51 75 09 55 dd ff   ..e.<'C:..Qu.U..
    0010 - 52 e0 9e a6 cf b3 f9 99-1d 63 c4 00 66 15 2f 33   R........c..f./3

    Start Time: 1674169690
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
^C

openssl s_client -connect daringfireball.net:443 -msg

CONNECTED(00000003)
>>> ??? [length 0005]
    16 03 01 01 3b
>>> TLS 1.3, Handshake [length 013b], ClientHello
    01 00 01 37 03 03 d5 b4 b8 c0 5e 2b 74 0f 7b 8e
    4a 39 eb dd 2d 9d 85 9e ea a8 68 dd 22 d0 53 99
    06 97 ff 3a 37 7a 20 9f 51 b6 a6 d6 ce 26 56 0e
    98 0b 87 18 4b 1d 7f 6d b2 f6 57 24 43 96 0f 5f
    fc f1 ab 7a e2 50 16 00 3e 13 02 13 03 13 01 c0
    2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00
    9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0
    14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00
    3c 00 35 00 2f 00 ff 01 00 00 b0 00 00 00 17 00
    15 00 00 12 64 61 72 69 6e 67 66 69 72 65 62 61
    6c 6c 2e 6e 65 74 00 0b 00 04 03 00 01 02 00 0a
    00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 23
    00 00 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e
    04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b
    08 04 08 05 08 06 04 01 05 01 06 01 03 03 02 03
    03 01 02 01 03 02 02 02 04 02 05 02 06 02 00 2b
    00 09 08 03 04 03 03 03 02 03 01 00 2d 00 02 01
    01 00 33 00 26 00 24 00 1d 00 20 29 9f 82 f8 00
    90 f4 27 a3 d2 75 91 94 59 6e c8 b3 96 92 f0 38
    a1 36 c5 b4 4a f4 c1 7c 79 1b 31
<<< ??? [length 0005]
    16 03 03 00 7a
<<< TLS 1.3, Handshake [length 007a], ServerHello
    02 00 00 76 03 03 15 90 0e 6f d0 b5 38 d6 4b fe
    0a 58 ff e9 60 f4 42 5a a7 2d 6a 3d 4e 5f e2 19
    6c 51 8b d5 7a 5f 20 9f 51 b6 a6 d6 ce 26 56 0e
    98 0b 87 18 4b 1d 7f 6d b2 f6 57 24 43 96 0f 5f
    fc f1 ab 7a e2 50 16 13 02 00 00 2e 00 33 00 24
    00 1d 00 20 a0 91 e7 9c 36 91 72 da f9 d5 50 63
    08 4c 7c f7 7f 1c bd 7d d4 2d 4b 69 e1 62 82 24
    4b a8 19 35 00 2b 00 02 03 04
<<< ??? [length 0005]
    14 03 03 00 01
<<< ??? [length 0005]
    17 03 03 09 af
<<< TLS 1.3 [length 0001]
    16
<<< TLS 1.3, Handshake [length 000a], EncryptedExtensions
    08 00 00 06 00 04 00 00 00 00
<<< TLS 1.3, Handshake [length 0911], Certificate
    0b 00 09 0d 00 00 09 09 00 05 2e 30 82 05 2a 30
    82 04 d0 a0 03 02 01 02 02 10 0d 7c 69 78 4e 73
    37 85 b2 f1 34 f3 81 b1 fd 17 30 0a 06 08 2a 86
    48 ce 3d 04 03 02 30 4a 31 0b 30 09 06 03 55 04
    06 13 02 55 53 31 19 30 17 06 03 55 04 0a 13 10
    43 6c 6f 75 64 66 6c 61 72 65 2c 20 49 6e 63 2e
    31 20 30 1e 06 03 55 04 03 13 17 43 6c 6f 75 64
    66 6c 61 72 65 20 49 6e 63 20 45 43 43 20 43 41
    2d 33 30 1e 17 0d 32 32 30 34 33 30 30 30 30 30
    30 30 5a 17 0d 32 33 30 34 33 30 32 33 35 39 35
    39 5a 30 72 31 0b 30 09 06 03 55 04 06 13 02 55
    53 31 13 30 11 06 03 55 04 08 13 0a 43 61 6c 69
    66 6f 72 6e 69 61 31 16 30 14 06 03 55 04 07 13
    0d 53 61 6e 20 46 72 61 6e 63 69 73 63 6f 31 19
    30 17 06 03 55 04 0a 13 10 43 6c 6f 75 64 66 6c
    61 72 65 2c 20 49 6e 63 2e 31 1b 30 19 06 03 55
    04 03 13 12 64 61 72 69 6e 67 66 69 72 65 62 61
    6c 6c 2e 6e 65 74 30 59 30 13 06 07 2a 86 48 ce
    3d 02 01 06 08 2a 86 48 ce 3d 03 01 07 03 42 00
    04 e9 7a c1 5d 60 19 1b df 23 89 4c 60 53 ce 76
    3f 1f ac c9 35 5f 06 46 41 7a fa 03 07 ce 61 18
    76 b6 9f ae 40 48 d2 d5 a3 cd 6e 56 5c fe 4c 7d
    d0 26 2d 7e ba 2a 24 64 cc 61 2d 01 a4 a3 08 f9
    11 a3 82 03 6e 30 82 03 6a 30 1f 06 03 55 1d 23
    04 18 30 16 80 14 a5 ce 37 ea eb b0 75 0e 94 67
    88 b4 45 fa d9 24 10 87 96 1f 30 1d 06 03 55 1d
    0e 04 16 04 14 0a 68 45 9a 1b 4d 74 0c c3 f8 ab
    72 bb a4 13 15 4e c4 e1 c1 30 33 06 03 55 1d 11
    04 2c 30 2a 82 12 64 61 72 69 6e 67 66 69 72 65
    62 61 6c 6c 2e 6e 65 74 82 14 2a 2e 64 61 72 69
    6e 67 66 69 72 65 62 61 6c 6c 2e 6e 65 74 30 0e
    06 03 55 1d 0f 01 01 ff 04 04 03 02 07 80 30 1d
    06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05
    07 03 01 06 08 2b 06 01 05 05 07 03 02 30 7b 06
    03 55 1d 1f 04 74 30 72 30 37 a0 35 a0 33 86 31
    68 74 74 70 3a 2f 2f 63 72 6c 33 2e 64 69 67 69
    63 65 72 74 2e 63 6f 6d 2f 43 6c 6f 75 64 66 6c
    61 72 65 49 6e 63 45 43 43 43 41 2d 33 2e 63 72
    6c 30 37 a0 35 a0 33 86 31 68 74 74 70 3a 2f 2f
    63 72 6c 34 2e 64 69 67 69 63 65 72 74 2e 63 6f
    6d 2f 43 6c 6f 75 64 66 6c 61 72 65 49 6e 63 45
    43 43 43 41 2d 33 2e 63 72 6c 30 3e 06 03 55 1d
    20 04 37 30 35 30 33 06 06 67 81 0c 01 02 02 30
    29 30 27 06 08 2b 06 01 05 05 07 02 01 16 1b 68
    74 74 70 3a 2f 2f 77 77 77 2e 64 69 67 69 63 65
    72 74 2e 63 6f 6d 2f 43 50 53 30 76 06 08 2b 06
    01 05 05 07 01 01 04 6a 30 68 30 24 06 08 2b 06
    01 05 05 07 30 01 86 18 68 74 74 70 3a 2f 2f 6f
    63 73 70 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d
    30 40 06 08 2b 06 01 05 05 07 30 02 86 34 68 74
    74 70 3a 2f 2f 63 61 63 65 72 74 73 2e 64 69 67
    69 63 65 72 74 2e 63 6f 6d 2f 43 6c 6f 75 64 66
    6c 61 72 65 49 6e 63 45 43 43 43 41 2d 33 2e 63
    72 74 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00
    30 82 01 7f 06 0a 2b 06 01 04 01 d6 79 02 04 02
    04 82 01 6f 04 82 01 6b 01 69 00 76 00 e8 3e d0
    da 3e f5 06 35 32 e7 57 28 bc 89 6b c9 03 d3 cb
    d1 11 6b ec eb 69 e1 77 7d 6d 06 bd 6e 00 00 01
    80 78 09 e9 bb 00 00 04 03 00 47 30 45 02 20 7e
    87 69 ad 8c 71 13 68 7e 60 9c 5b 39 e9 19 57 91
    33 dc d5 55 73 9c 3c cd 8f 1b 4d 94 ce 3c ce 02
    21 00 a4 ed e5 4a 26 3b 34 98 3c ae e5 ef 92 0a
    99 e8 88 71 55 4c b5 e4 e2 c8 72 7f 86 ea da 4e
    41 4e 00 76 00 35 cf 19 1b bf b1 6c 57 bf 0f ad
    4c 6d 42 cb bb b6 27 20 26 51 ea 3f e1 2a ef a8
    03 c3 3b d6 4c 00 00 01 80 78 09 e9 f5 00 00 04
    03 00 47 30 45 02 20 49 62 50 1d f4 af e6 9d 10
    8f 9a b2 db f4 bc e7 ab 9f 3c 68 35 f0 d0 c5 f1
    73 1e 2f f9 4b 0e 98 02 21 00 fe 73 1e 6b e8 40
    95 f3 67 f1 7f 10 b9 99 e9 6c 00 6d 79 16 5a 52
    4b 24 fc 92 3a f8 3a cd af b0 00 77 00 b3 73 77
    07 e1 84 50 f8 63 86 d6 05 a9 dc 11 09 4a 79 2d
    b1 67 0c 0b 87 dc f0 03 0e 79 36 a5 9a 00 00 01
    80 78 09 ea 17 00 00 04 03 00 48 30 46 02 21 00
    99 fb 3f 64 fd bd e0 d3 a3 4d c9 5a 6b a4 e2 f2
    d3 70 e5 c6 2a 43 4d c8 88 ee f9 01 cc 42 99 f6
    02 21 00 ee 20 dc 30 b8 d7 e8 3e 9b 1c 16 34 2f
    bf 27 51 9e a1 f9 91 6c ce b5 db 22 ad 01 dd 9b
    b9 ef 2e 30 0a 06 08 2a 86 48 ce 3d 04 03 02 03
    48 00 30 45 02 21 00 c1 e0 db 46 a3 7b 21 9e 4b
    a8 0c 7e 7b bc 01 ec 6b 99 bb 6a 6c 1e b2 cb 7b
    9e 63 a7 71 71 ea 34 02 20 75 67 2d b4 69 c2 50
    b1 37 ee 4d 4b 3b bb b6 ab 0a a1 1f dd f2 74 b6
    39 10 8d c3 46 67 94 5f 12 00 00 00 03 d1 30 82
    03 cd 30 82 02 b5 a0 03 02 01 02 02 10 0a 37 87
    64 5e 5f b4 8c 22 4e fd 1b ed 14 0c 3c 30 0d 06
    09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 5a 31 0b
    30 09 06 03 55 04 06 13 02 49 45 31 12 30 10 06
    03 55 04 0a 13 09 42 61 6c 74 69 6d 6f 72 65 31
    13 30 11 06 03 55 04 0b 13 0a 43 79 62 65 72 54
    72 75 73 74 31 22 30 20 06 03 55 04 03 13 19 42
    61 6c 74 69 6d 6f 72 65 20 43 79 62 65 72 54 72
    75 73 74 20 52 6f 6f 74 30 1e 17 0d 32 30 30 31
    32 37 31 32 34 38 30 38 5a 17 0d 32 34 31 32 33
    31 32 33 35 39 35 39 5a 30 4a 31 0b 30 09 06 03
    55 04 06 13 02 55 53 31 19 30 17 06 03 55 04 0a
    13 10 43 6c 6f 75 64 66 6c 61 72 65 2c 20 49 6e
    63 2e 31 20 30 1e 06 03 55 04 03 13 17 43 6c 6f
    75 64 66 6c 61 72 65 20 49 6e 63 20 45 43 43 20
    43 41 2d 33 30 59 30 13 06 07 2a 86 48 ce 3d 02
    01 06 08 2a 86 48 ce 3d 03 01 07 03 42 00 04 b9
    ad 4d 66 99 14 0b 46 ec 1f 81 d1 2a 50 1e 9d 03
    15 2f 34 12 7d 2d 96 b8 88 38 9b 85 5f 8f bf bb
    4d ef 61 46 c4 c9 73 d4 24 4f e0 ee 1c ce 6c b3
    51 71 2f 6a ee 4c 05 09 77 d3 72 62 a4 9b d7 a3
    82 01 68 30 82 01 64 30 1d 06 03 55 1d 0e 04 16
    04 14 a5 ce 37 ea eb b0 75 0e 94 67 88 b4 45 fa
    d9 24 10 87 96 1f 30 1f 06 03 55 1d 23 04 18 30
    16 80 14 e5 9d 59 30 82 47 58 cc ac fa 08 54 36
    86 7b 3a b5 04 4d f0 30 0e 06 03 55 1d 0f 01 01
    ff 04 04 03 02 01 86 30 1d 06 03 55 1d 25 04 16
    30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06
    01 05 05 07 03 02 30 12 06 03 55 1d 13 01 01 ff
    04 08 30 06 01 01 ff 02 01 00 30 34 06 08 2b 06
    01 05 05 07 01 01 04 28 30 26 30 24 06 08 2b 06
    01 05 05 07 30 01 86 18 68 74 74 70 3a 2f 2f 6f
    63 73 70 2e 64 69 67 69 63 65 72 74 2e 63 6f 6d
    30 3a 06 03 55 1d 1f 04 33 30 31 30 2f a0 2d a0
    2b 86 29 68 74 74 70 3a 2f 2f 63 72 6c 33 2e 64
    69 67 69 63 65 72 74 2e 63 6f 6d 2f 4f 6d 6e 69
    72 6f 6f 74 32 30 32 35 2e 63 72 6c 30 6d 06 03
    55 1d 20 04 66 30 64 30 37 06 09 60 86 48 01 86
    fd 6c 01 01 30 2a 30 28 06 08 2b 06 01 05 05 07
    02 01 16 1c 68 74 74 70 73 3a 2f 2f 77 77 77 2e
    64 69 67 69 63 65 72 74 2e 63 6f 6d 2f 43 50 53
    30 0b 06 09 60 86 48 01 86 fd 6c 01 02 30 08 06
    06 67 81 0c 01 02 01 30 08 06 06 67 81 0c 01 02
    02 30 08 06 06 67 81 0c 01 02 03 30 0d 06 09 2a
    86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 05
    24 1d dd 1b b0 2a eb 98 d6 85 e3 39 4d 5e 6b 57
    9d 82 57 fc eb e8 31 a2 57 90 65 05 be 16 44 38
    5a 77 02 b9 cf 10 42 c6 e1 92 a4 e3 45 27 f8 00
    47 2c 68 a8 56 99 53 54 8f ad 9e 40 c1 d0 0f b6
    d7 0d 0b 38 48 6c 50 2c 49 90 06 5b 64 1d 8b cc
    48 30 2e de 08 e2 9b 49 22 c0 92 0c 11 5e 96 92
    94 d5 fc 20 dc 56 6c e5 92 93 bf 7a 1c c0 37 e3
    85 49 15 fa 2b e1 74 39 18 0f b7 da f3 a2 57 58
    60 4f cc 8e 94 00 fc 46 7b 34 31 3e 4d 47 82 81
    3a cb f4 89 5d 0e ef 4d 0d 6e 9c 1b 82 24 dd 32
    25 5d 11 78 51 10 3d a0 35 23 04 2f 65 6f 9c c1
    d1 43 d7 d0 1e f3 31 67 59 27 dd 6b d2 75 09 93
    11 24 24 14 cf 29 be e6 23 c3 b8 8f 72 3f e9 07
    c8 24 44 53 7a b3 b9 61 65 a1 4c 0e c6 48 00 c9
    75 63 05 87 70 45 52 83 d3 95 9d 45 ea f0 e8 31
    1d 7e 09 1f 0a fe 3e dd aa 3c 5e 74 d2 ac b1 00
    00
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=1 C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = daringfireball.net
verify return:1
<<< TLS 1.3, Handshake [length 004f], CertificateVerify
    0f 00 00 4b 04 03 00 47 30 45 02 21 00 88 8c 80
    15 37 10 f7 58 d1 63 87 f2 a0 db 70 93 65 6f af
    09 aa d1 1d 07 2a 1b d7 d6 3f c1 e2 4e 02 20 2b
    48 7f c8 ca cc 4f 54 b6 72 6f 07 eb 84 f8 72 47
    81 eb d0 9a fc ce b8 d5 25 5f 02 78 e3 98 80
<<< TLS 1.3, Handshake [length 0034], Finished
    14 00 00 30 5c 81 62 10 0f c8 0e a6 b7 e1 bd ad
    48 86 af a3 ef 20 da 3a 06 50 a2 0d de cf 64 bd
    64 53 43 38 13 a8 4e c2 17 d6 a3 bc 1b 68 37 41
    d1 7d b7 20
>>> ??? [length 0005]
    14 03 03 00 01
>>> TLS 1.3, ChangeCipherSpec [length 0001]
    01
>>> ??? [length 0005]
    17 03 03 00 45
>>> TLS 1.3 [length 0001]
    16
>>> TLS 1.3, Handshake [length 0034], Finished
    14 00 00 30 8f 4a b9 0f 23 28 a2 ab 4a 99 6d 75
    e5 a5 95 d4 37 02 99 97 9a cb d8 a1 06 83 33 ba
    3b b7 fb 8f 43 65 b9 c1 93 b2 39 2c a1 1e b4 0a
    ae 11 05 e6
---
Certificate chain
 0 s:C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = daringfireball.net
   i:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
 1 s:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
   i:C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFKjCCBNCgAwIBAgIQDXxpeE5zN4Wy8TTzgbH9FzAKBggqhkjOPQQDAjBKMQsw
CQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMX
Q2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjIwNDMwMDAwMDAwWhcNMjMwNDMw
MjM1OTU5WjByMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQG
A1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEb
MBkGA1UEAxMSZGFyaW5nZmlyZWJhbGwubmV0MFkwEwYHKoZIzj0CAQYIKoZIzj0D
AQcDQgAE6XrBXWAZG98jiUxgU852Px+syTVfBkZBevoDB85hGHa2n65ASNLVo81u
Vlz+TH3QJi1+uiokZMxhLQGkowj5EaOCA24wggNqMB8GA1UdIwQYMBaAFKXON+rr
sHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBQKaEWaG010DMP4q3K7pBMVTsThwTAz
BgNVHREELDAqghJkYXJpbmdmaXJlYmFsbC5uZXSCFCouZGFyaW5nZmlyZWJhbGwu
bmV0MA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Ns
b3VkZmxhcmVJbmNFQ0NDQS0zLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNl
cnQuY29tL0Nsb3VkZmxhcmVJbmNFQ0NDQS0zLmNybDA+BgNVHSAENzA1MDMGBmeB
DAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMw
dgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy
dC5jb20wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9D
bG91ZGZsYXJlSW5jRUNDQ0EtMy5jcnQwDAYDVR0TAQH/BAIwADCCAX8GCisGAQQB
1nkCBAIEggFvBIIBawFpAHYA6D7Q2j71BjUy51covIlryQPTy9ERa+zraeF3fW0G
vW4AAAGAeAnpuwAABAMARzBFAiB+h2mtjHETaH5gnFs56RlXkTPc1VVznDzNjxtN
lM48zgIhAKTt5UomOzSYPK7l75IKmeiIcVVMteTiyHJ/huraTkFOAHYANc8ZG7+x
bFe/D61MbULLu7YnICZR6j/hKu+oA8M71kwAAAGAeAnp9QAABAMARzBFAiBJYlAd
9K/mnRCPmrLb9Lznq588aDXw0MXxcx4v+UsOmAIhAP5zHmvoQJXzZ/F/ELmZ6WwA
bXkWWlJLJPySOvg6za+wAHcAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2
pZoAAAGAeAnqFwAABAMASDBGAiEAmfs/ZP294NOjTclaa6Ti8tNw5cYqQ03IiO75
AcxCmfYCIQDuINwwuNfoPpscFjQvvydRnqH5kWzOtdsirQHdm7nvLjAKBggqhkjO
PQQDAgNIADBFAiEAweDbRqN7IZ5LqAx+e7wB7GuZu2psHrLLe55jp3Fx6jQCIHVn
LbRpwlCxN+5NSzu7tqsKoR/d8nS2ORCNw0ZnlF8S
-----END CERTIFICATE-----
subject=C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = daringfireball.net

issuer=C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2617 bytes and written 400 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
kurtmckee commented 1 year ago

I see that these are all responding with TLS 1.3. If you add the -tls1_2 flag to any of these CLI commands, can you still connect?

rgreen13 commented 1 year ago

Yes. I'm contacting our internal IT to see if they are blocking it for some reason.

kurtmckee commented 1 year ago

I think that will help shed some light on what's happening here. :+1:

sirosen commented 1 year ago

I'm going ahead and closing this. I'm hopeful that @kurtmckee's feedback has been helpful, but if you need additional assistance, it might be best to contact us via support@globus.org to get more help troubleshooting firewall issues.

We're always on the lookout for ways that we can improve the CLI, but it's difficult to see a clear way for us to handle firewalls better, at least not from the contents of this issue.