root@XXXXXX:/var/tmp# curl --tlsv1.2 --tls-max 1.2 -v https://example.com:8443/health --cacert Internal_Root_CA.cer

• Trying 10.50.65.56...
• TCP_NODELAY set
• Connected to example.com (10.50.65.56) port 8443 (#0)
• ALPN, offering h2
• ALPN, offering http/1.1
• successfully set certificate verify locations:
• CAfile: Internal_Root_CA.cer CApath: /etc/ssl/certs
• TLSv1.2 (OUT), TLS handshake, Client hello (1):
• TLSv1.2 (IN), TLS handshake, Server hello (2):
• TLSv1.2 (IN), TLS handshake, Certificate (11):
• TLSv1.2 (IN), TLS handshake, Server key exchange (12):
• TLSv1.2 (IN), TLS handshake, Server finished (14):
• TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
• TLSv1.2 (OUT), TLS change cipher, Client hello (1):
• TLSv1.2 (OUT), TLS handshake, Finished (20):
• TLSv1.2 (IN), TLS handshake, Finished (20):
• SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
• ALPN, server did not agree to a protocol
• Server certificate:
• subject: C=US; ST=ZZZ; L=CCC; O=Company; CN=example.com
• start date: Sep 29 22:30:19 2022 GMT
• expire date: Sep 27 22:30:49 2024 GMT
• subjectAltName: host "example.com" matched cert's "example.com"
• issuer: O=Company; CN= Issuing CA
• SSL certificate verify ok.

GET /health HTTP/1.1 Host: example.com:8443 User-Agent: curl/7.58.0 Accept: / < HTTP/1.1 200 < Content-Type: text/plain;charset=UTF-8 < Content-Length: 0 < Date: Wed, 12 Oct 2022 18:33:10 GMT <

• Connection #0 to host mdm-dev.gcp.aexp.com left intact

Am I using 1 way or 2 way SSL? THe REST API is developed using Spring boot. I have to pass in the Root CA for the Call to work.

CodePudding user response：

This is 1-way SSL because a) you don't give a client certificate to use and b) the server does not even request one (no CertificateRequest message from server).