This is a quick post about checking TLS version support using the command line. Of course, there are plenty of GUI tools and online services to do this. Yet, I find it is much easier to use just a simple command to check this.
I'm going to use badssl.com to test this out since it provides various examples with different SSL configurations.
We'll be using openssl command to check this. Openssl is a command-line tool to work with SSL connections. If you don't have it in your machine, you'll have to install it first.
Let's check a website that supports TLS1.0
TLS 1.0 has been deprecated by all web browsers and servers due to security vulnerabilities in that protocol version which you shouldn't use at all. If you have this enabled in your sever/website, please disable ASAP.
openssl s_client -connect tls-v1-0.badssl.com:1010 -tls1
Let's break the command to it's parts
openssl : command line tool
s_client : s_client is the first command of this tool that we are executing.
This is used to make a connection with a server using SSL.
-connect : command option to specify where to connect which follows by the server and the port
tls-v1-0.badssl.com : this is the website or the server name
1010 : this is the port which HTTPS is enabled. Usually this is 443 standard port.
-tls1 : this is to enforce TLS1.0 version to make the connection
If we are using the same command for google.com it would be like;
openssl s_client -connect google.com:443 -tls1
Note the website I'm checking right now is tls-v1-0.badssl.com and the port is 1010 in a typical website this port will be 443 since it is the HTTPS standard port.
If the site is TLS1.0 enabled, it should give an output with a proper HTTPS connection printing out the server certificate and a session ticket.
eg:
Stay safe!
I'm going to use badssl.com to test this out since it provides various examples with different SSL configurations.
We'll be using openssl command to check this. Openssl is a command-line tool to work with SSL connections. If you don't have it in your machine, you'll have to install it first.
Let's check a website that supports TLS1.0
TLS 1.0 has been deprecated by all web browsers and servers due to security vulnerabilities in that protocol version which you shouldn't use at all. If you have this enabled in your sever/website, please disable ASAP.
openssl s_client -connect tls-v1-0.badssl.com:1010 -tls1
Let's break the command to it's parts
openssl : command line tool
s_client : s_client is the first command of this tool that we are executing.
This is used to make a connection with a server using SSL.
-connect : command option to specify where to connect which follows by the server and the port
tls-v1-0.badssl.com : this is the website or the server name
1010 : this is the port which HTTPS is enabled. Usually this is 443 standard port.
-tls1 : this is to enforce TLS1.0 version to make the connection
If we are using the same command for google.com it would be like;
openssl s_client -connect google.com:443 -tls1
If the site is TLS1.0 enabled, it should give an output with a proper HTTPS connection printing out the server certificate and a session ticket.
eg:
If tls1.0 doesn't support it should be something like below. I'll use a random website (moby.lk) to test this out.
Here's the full list of commands to check each TLS version (by the time I'm writing this). Please note that newer OpenSSL versions no longer support SSLv3 since it is discontinued.
Stay safe!
Comments
Post a Comment