C:\OpenSSL\bin>openssl.exe s_client -tlsextdebug -connect mail.akonchenkov.com:443
CONNECTED(000001AC)
TLS server extension "server name" (id=0), len=0
TLS server extension "renegotiation info" (id=65281), len=1
0000 - 00 .
TLS server extension "EC point formats" (id=11), len=4
0000 - 03 00 01 02 ....
TLS server extension "session ticket" (id=35), len=0
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = *.akonchenkov.com
verify return:1
---
Certificate chain
0 s:CN = *.akonchenkov.com
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 28 03:51:02 2022 GMT; NotAfter: Nov 26 03:51:01 2022 GMT
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISA5qIXsRyBzTSA2Oqh4lMolsYMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjA4MjgwMzUxMDJaFw0yMjExMjYwMzUxMDFaMBwxGjAYBgNVBAMM
ESouYWtvbmNoZW5rb3YuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA03FmMYSGUhiNXvc7ZNlvxXgclk3VnGzNUtSnAp3r27I5CiWCFcHzpQ19fsNT
SYEBhQ1dsojWpQqua3MqR4eLVVG9Ctp1dgXXukpW0XP4ctCA5gjYgHKYpdmZuTG8
z7ZAjk/vDrCIuABCxTZ0aDH7c/W1HTq7/YQPMgaLJ2BMp3GSO+lMj516aWswhcqu
pvjdPSy+kN1Gl/0Tf7DRTEhV7iWx42SxkAuSzWUs6AcgdLkFctfBENb37jb1JsxA
3GEir/JeWPdjjbpdCJUuvDy1/VyXk3hObrxwP0e/q/l4Hb6jRYdvXqGykpiEU9jH
MTLSsVplcgqZeiXtqQGyKqTOXwIDAQABo4ICXTCCAlkwDgYDVR0PAQH/BAQDAgWg
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0G
A1UdDgQWBBQ1ZMa+2KjgK6slEwCZCbXcB65hRTAfBgNVHSMEGDAWgBQULrMXt1hW
y65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6
Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iu
b3JnLzAtBgNVHREEJjAkghEqLmFrb25jaGVua292LmNvbYIPYWtvbmNoZW5rb3Yu
Y29tMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYB
BQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBAYKKwYBBAHWeQIE
AgSB9QSB8gDwAHYA36Veq2iCTx9sre64X04+WurNohKkal6OOxLAIERcKnMAAAGC
4sn2wgAABAMARzBFAiEA8nXxjSKpLFuBWad+wul+whIkk0Wi5x/RG71mVM6DHU4C
IGZyOdW0h54lx7n8iJLEfNcryTJFQdjGS6MyVmz+p2NdAHYARqVV63X6kSAwtaKJ
afTzfREsQXS+/Um4havy/HD+bUcAAAGC4sn26gAABAMARzBFAiEA4iqK1GawxQIl
C0+7r4aU+zYjD3UnZTg/Faqdsz0MAm8CIFZHz8jUUpFEPoS27e8EiZoRgINdjQCA
FWoa56NCwkveMA0GCSqGSIb3DQEBCwUAA4IBAQAbQGqYPWTsdm6DSx5LDx/NQ6Jh
CTOCsLA/rZmq9YDGsO1LcZPI3/ZYagVxyAdZiVthsDIC4dOxmJS+lXNzChdxnFFO
22+1q9DZKk2tS2evAZFWTZ7LGrbuLXHU9IBuPZVcZFFjDkAOvMCMJd5wpEvwLZz7
rQDw4es4t4XgsOaSZfjaIrrSFQtZf2Kz60vblav7okGWJgyb/Od9E5kMLNx8Eg2O
A9irDVhnQnbzxh7jKxMv0waWuuOEpMgtvoTkGnTxZ/lbz3AubmEncmxV7NG7OZLu
qeFiuBUxlLdykKFpaJWsrDbHE9XSMKnN5xoxcbYn0501T7WFSLv5baTngPva
-----END CERTIFICATE-----
subject=CN = *.akonchenkov.com
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA512
Peer signature type: RSA
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 4739 bytes and written 452 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: A3E4732B063DEC4DC166B3A7FDD562BA88564BFD23351B4BBD6523D8FBD4D049
Session-ID-ctx:
Master-Key: 3B7CDD6D81D8AFC603105C71F7D91C9DFAB94FEA969FE7419494A3178214F44E895038B8922B89C8418A0A864B392DEF
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - c4 70 78 03 b2 9d 09 4f-66 37 fd be b5 34 49 09 .px....Of7...4I.
0010 - f8 29 ca 12 f0 7e e1 4a-72 64 07 f7 e4 a4 1b 59 .)...~.Jrd.....Y
0020 - 72 1b 8c ac 70 67 62 17-57 35 4c a0 76 6f 9f 82 r...pgb.W5L.vo..
0030 - 00 9c c7 a7 27 91 c6 de-8a 85 a6 10 49 80 43 0d ....'.......I.C.
0040 - 84 e9 4f 81 90 fe 1b dd-10 c7 f6 1b 22 c1 5f 20 ..O........."._
0050 - 2e 65 fd cd b0 ca 06 ee-b4 af 51 f0 f6 5a 17 f1 .e........Q..Z..
0060 - 87 8f 1b 8e d6 c4 60 9f-22 69 6a a6 6f ad f5 4d ......`."ij.o..M
0070 - aa 58 7e 4d 9a 2c 2e ea-d7 f9 12 a1 b0 55 d2 98 .X~M.,.......U..
0080 - 7b 9d 2a d7 7a 9b ed 4b-de 4f f2 45 77 a1 2a 6a {.*.z..K.O.Ew.*j
0090 - 2d 01 e5 27 96 77 5c f5-25 90 70 e5 a9 ac 50 f9 -..'.w\.%.p...P.
00a0 - e3 25 1b 18 88 7d 10 9c-a5 e8 28 c4 bd 88 1d 12 .%...}....(.....
00b0 - cd a0 d3 6c 3b b7 0b 9d-f5 45 b4 c0 6f ad 2a 76 ...l;....E..o.*v
00c0 - 36 8a 10 05 6a be 24 9d-09 1f de b3 ad 12 d1 13 6...j.$.........
Start Time: 1664277069
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Extended master secret: no
---
HEAD / HTTP/1.2
Host: mail.akonchenkov.com
User-Agent: fucking best browser ever
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 11:11:19 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips SVN/1.7.14 PHP/7.3.33
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Public-Key-Pins: pin-sha256="uEcUTqwGAIgz3YrjJ0fmG84MRaGeXpgAag5bK4R4xkM="; pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys="; pin-sha256="wyhGG0QW8G6by1aRs+oxHEzIWJ4jVpf4srCe6dndrME="; max-age=2592000; includeSubDomains
Strict-Transport-Security: max-age=15768000;includeSubdomains;preload
Referrer-Policy: sameorigin
Content-Security-Policy: referrer origin; frame-ancestors https: ;style-src https: 'unsafe-inline'; child-src 'self' https:; img-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; upgrade-insecure-requests
X-Powered-By: PHP/7.3.33
Set-Cookie: roundcube_sessid=pqpttrr66c1hp12qv2jhv8vthd; path=/; secure; HttpOnly
Expires: Tue, 27 Sep 2022 11:11:22 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Last-Modified: Tue, 27 Sep 2022 11:11:22 GMT
X-Frame-Options: sameorigin
Content-Language: en
Content-Type: text/html; charset=UTF-8
closed
C:\OpenSSL\bin>openssl.exe s_client -showcerts -connect akonchenkov.com:143 -starttls imap
C:\OpenSSL\bin>openssl.exe s_client -showcerts -connect akonchenkov.com:143 -starttls imap
C:\OpenSSL\bin>