Skip to main content

How to see if a website supports each TLS version in command line

This is a quick post about checking TLS version support using the command line. Of course, there are plenty of GUI tools and online services to do this. Yet, I find it is much easier to use just a simple command to check this.

I'm going to use badssl.com to test this out since it provides various examples with different SSL configurations.

We'll be using openssl command to check this. Openssl is a command-line tool to work with SSL connections. If you don't have it in your machine, you'll have to install it first.

Let's check a website that supports TLS1.0
TLS 1.0 has been deprecated by all web browsers and servers due to security vulnerabilities in that protocol version which you shouldn't use at all. If you have this enabled in your sever/website, please disable ASAP.

 openssl s_client -connect tls-v1-0.badssl.com:1010 -tls1

 Let's break the command to it's parts

 openssl : command line tool
s_client : s_client is the first command of this tool that we are executing.
                This is used to make a connection with a server using SSL.
-connect : command option to specify where to connect which follows by the server and the port
tls-v1-0.badssl.com : this is the website or the server name
1010 : this is the port which HTTPS is enabled. Usually this is 443 standard port.
-tls1 : this is to enforce TLS1.0 version to make the connection
If we are using the same command for google.com it would be like;

openssl s_client -connect google.com:443 -tls1

Note the website I'm checking right now is tls-v1-0.badssl.com and the port is 1010 in a typical website this port will be 443 since it is the HTTPS standard port.

If the site is TLS1.0 enabled, it should give an output with a proper HTTPS connection printing out the server certificate and a session ticket.

eg:



If tls1.0 doesn't support it should be something like below. I'll use a random website (moby.lk) to test this out.


Here's the full list of commands to check each TLS version (by the time I'm writing this). Please note that newer OpenSSL versions no longer support SSLv3 since it is discontinued.
SSL/TLS versionCommand
TLS 1.0openssl s_client -connect google.com:443 -tls1
TLS 1.1openssl s_client -connect google.com:443 -tls1_1
TLS 1.2openssl s_client -connect google.com:443 -tls1_2
TLS 1.3openssl s_client -connect google.com:443 -tls1_3
SSLV3openssl s_client -connect google.com:443 -ssl3


Stay safe!
Labels:

Comments

Post a Comment

Popular posts from this blog

Java, how to create a list with a single element

 I wanted to create a Java List with a single element. Yet, I wanted to add more elements later. So, I was looking for a couple of ways to do this. So far there are multiple elegant ways to create a list with a single element with a one-liner. Not so much for a modifiable list though. Here's what I gathered so far. Followings are a few ways of creating a list with strictly a single entry. Can't add more elements. 1. Collections.singletonList() This returns an immutable list that cannot be modified or add more elements. // An immutable list containing only the specified object. List<String> oneEntryList = Collections. singletonList ( "one" ) ; oneEntryList.add( "two" ) ; // throws UnsupportedOperationException 2.  Arrays.asList() This returns a fixed-size list consisting of the number of elements provided as arguments. The number of elements provided would be an array hence the size is fixed to the length of the array. // Returns a fixed-size list List...
Post a Comment
Read more

Ubuntu DNS issue fix DNS_PROBE_FINISHED_BAD_CONFIG

Issue  I've been playing with a VPN and somehow it messed up my DNS resolution configurations. Chrome gives  DNS_PROBE_FINISHED_BAD_CONFIG  error and can't ping google. So it seemed to be an issue with the DNS. Of course, restarting didn't fix it. I tried DNS lookup which gave me below. To make sure this is somehting to do with my DNS confgis, I ran the same by providing the google DNS servers.  It works, which means my default DNS is not working for some reason. To make sure this, ran the below command. systemd-resolve --status Output has an entry for DNS Servers, which was  ::1 Fix 1. Edit the file /etc/systemd/resolved.conf. sudo vi /etc/systemd/resolved.conf 2. Add new DNS entries. I added 2 google DNS and the cloudflare DNS sever. [Resolve] DNS=8.8.8.8 8.8.4.4 1.1.1.1 3. Restart the systemd-resolved and check the configuration is persisted in /run/systemd/resolve/resolv.conf file. sudo service systemd-resolved restart cat /run/systemd/resolve/resolv.co...
2 comments
Read more

Install Docker on Windows 11 with WSL Ubuntu 22.04

This is to install Docker within Ubuntu WSL without using the Windows Docker application. Follow the below steps. Install Ubuntu 22.04 WSL 1. Enable Windows Subsystem for Linux and Virtual Machine platform Go to Control Panel -> Programs -> Programs and Features -> Turn Windows features on or off 2. Switch to WSL 2 Open Powershell and type in the below command. wsl --set-default-version 2 If you don't have WSL 2, download the latest WSL 2 package and install it.  3. Install Ubuntu Open Microsoft Store and search for Ubuntu. Select the version you intend to install. I'd use the latest LTS version Ubuntu 22.04. Click on the Get button. It will take a couple of minutes to download and install. 4. Open up the installed Ubuntu version that was installed. If you get an error like the below image, make sure to install the WSL2 Kernel update .  If it's an older Ubuntu version the error message would be something like the image below. Error: WSL 2 requires an update to its ...
1 comment
Read more