My SSL handshake (using the openssl s_client -connect host:port) show this output:

SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1631731107
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

It is showing return code 0 (ok), start time etc. Does this mean a SSL session is established here? Why does it not show other things like cipher, session-id etc which I normally see with other SSL sessions?

CodePudding user response：

This output means that the handshake was not successful at all. There is usually an error somewhere in the output preceding this, like here:

$ openssl s_client -connect example.com:80
CONNECTED(00000003)
140501726137216:error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number:ssl_pkt.c:386:
....
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    ...
    Verify return code: 0 (ok)

In this example a TLS connection was attempted to a server which does not speak TLS at all but instead speaks only plain HTTP (since I've connected to the plain HTTP port). There is a clear error showing some kind of TLS problem, which in this case is caused by trying to interpret a plain HTTP response as TLS.

CodePudding user response：

From https://www.virtuesecurity.com/kb/null-ciphers-supported/:

Cipher Name (IANA)      Cipher Name (OpenSSL)   Value
TLS_NULL_WITH_NULL_NULL N/A                     0x00,0x00

See also https://en.wikipedia.org/wiki/Null_cipher.

Just don't use it,there's no encryption.