How to find out user id and SID mapping

PsGetSid
https://docs.microsoft.com/zh-tw/sysinternals/downloads/psgetsid

Security Identifier(SID): GetSID of a user,object using Registry, WMIC, PowerShell
https://blogs.msdn.microsoft.com/gaurav/2014/06/03/security-identifiersid-getsid-of-a-userobject-using-registry-wmic-powershell/


wmic useraccount where (name='administrator' and domain='gauravtestMachine') get name,sid

Name           SID
administrator  S-1-5-21-1976753858-2077894621-3616986626-500

MQ client failed to connect qmgr with 2539 error

https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_9.0.0/com.ibm.mq.tro.doc/q045390_.htm

2539 (09EB) (RC2539): MQRC_CHANNEL_CONFIG_ERROR

ExplanationAn MQCONN call was issued from a client to connect to a queue manager but the attempt to establish communication failed. Common causes of this reason code are:(1) The server and client cannot agree on the channel attributes to use.(2) There are errors in one or both of the QM.INI or MQCLIENT.INI configuration files.(3) The server machine does not support the code page used by the client.

注意﹕非常容易忘記(3)也可能造成無法連線, 從error 的文字訊息不易想到

How can I test if my server supports a specific SSL protocol?

1. Linux command line tool:
openssl can help you test which SSL protocols your server is configured to use.
openssl

If a protocol is enabled, the openssl s_client command will wait for input (or Control-D).
If the protocol is disabled, openssl will report an exception similiar to the one reproduced below:
21112:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:

Openssl examples:
openssl s_client -connect ihshostname:443 -ssl2
openssl s_client -connect ihshostname:443 -ssl3
openssl s_client -connect ihshostname:443 -tls1

#openssl s_client -connect www.google.com:443 -ssl3
CONNECTED(00000003)
23569:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:293:

#openssl s_client -connect localhost:1414 -cipher ECDHE-RSA-DES-CBC3-SHA

#openssl s_client -connect localhost:1414 -showcerts

#openssl ciphers  ==> 列出openssl可用的cipher名稱, 以:分隔

**** perl one liner 可用在此處, 把原本用:分隔不易查看的資訊, 改以每筆一行的方式列出

#openssl ciphers|perl -ne 's/:/\n/g;print'


2. online website check tool
https://www.ssllabs.com/ssltest/

3. standalone test tool (TestSSLServer)
https://www.bolet.org/TestSSLServer/

4. IHS v8 or above version command:
Windows:
httpd -t -D DUMP_SSL_CONFIG
Linux:
apachectl -t -D DUMP_SSL_CONFIG

http://publib.boulder.ibm.com/httpserv/ihsdiag/ssl_questions.html#sslprotsupptest


5. use nmap to help to verify which cipherspec is supported by SSL server

nmap --script ssl-enum-ciphers -p port_number ip_address

# nmap --script ssl-enum-ciphers -p 1477 localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-03 10:56 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00018s latency).
Other addresses for localhost (not scanned): ::1

PORT     STATE SERVICE
1477/tcp open  ms-sna-server
| ssl-enum-ciphers:
|   TLSv1.0:
|     ciphers:
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 1024) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 1024) - A
|     compressors:
|       NULL
|     cipher preference: server
|   TLSv1.2:
|     ciphers:
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 1024) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 1024) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 1024) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 1024) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp384r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 1.63 seconds

Ref:

SSL 相關的測試工具

https://www.qa-knowhow.com/?p=3888

SSL handshake concept:
https://support.f5.com/csp/article/K15292