Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Command prompt to check TLS version required by a host

Tags:

https

ssl

tls1.2

Is there a command to check the TLS version required by a host site? Right now, the only way I know to check is by adjusting the max TLS version of my browser and checking if I can still access the site. However, I suspect there is a more sophisticated way to do this.

like image 356
LakeMichigan Avatar asked Nov 11 '16 22:11

LakeMichigan

People also ask

How do you check what version of TLS is being used on a server?

1. Click on: Start -> Control Panel -> Internet Options 2. Click on the Advanced tab 3. Scroll to the bottom and check the TLS version described in steps 3 and 4: 4.

How do I check TLS version on ESXI host?

Details. From the vSphere Web Client, select the host and click Configure >> System >> Advanced System Settings. If the value is not set as above or it does not exist, this is a finding. If the value returned is not "tlsv1,tlsv1.

How do I check TLS version in Windows PowerShell?

3 Answers. @CallMeD-9066 I use powershell command Get-TlsCipherSuite on a windows server to list all cipher suites. If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.

2 Answers

You can check using following commands.

For TLS 1.2:

openssl s_client -connect www.google.com:443 -tls1_2

For TLS 1.1:

openssl s_client -connect www.google.com:443 -tls1_1

For TLS 1:

openssl s_client -connect www.google.com:443 -tls1

If you get the certificate chain and the handshake then the TLS version is supported. If you don't see the certificate chain, and something similar to "handshake error" then its not.

like image 119
root Avatar answered Sep 20 '22 08:09

root

From https://maxchadwick.xyz/blog/checking-ssl-tls-version-support-of-remote-host-from-command-line:

nmap ssl-enum-ciphers

Another option for checking SSL / TLS version support is nmap. nmap is not typically installed by default, so you’ll need to manually install it. Once installed you can use the following command to check SSL / TLS version support…

nmap --script ssl-enum-ciphers -p 443 www.google.com

nmap’s ssl-enum-ciphers script will not only check SSL / TLS version support for all versions (TLS 1.0, TLS 1.1, and TLS 1.2) in one go, but will also check cipher support for each version including giving providing a grade.

like image 26
Colin Curtin Avatar answered Sep 20 '22 08:09

Colin Curtin
Sign in to Comment

Related questions

javax.net.ssl.SSLException: No PSK available. Unable to resume
How secure is SSL?
Self-signed SSL certificates not working with MAMP and Chrome
Now that SSLSocketFactory is deprecated on Android, what would be the best way to handle Client Certificate Authentication?
Force SSL with expressjs 3
Allow unverified ssl certificate in UIWebview
how to ignore server cert error in javamail
How can ASP.NET or ASP.NET MVC be protected from related domain cookie attacks?
Switching between HTTP and HTTPS pages with secure session-cookie
How to make Java 6, which fails SSL connection with "SSL peer shut down incorrectly", succeed like Java 7?
How Chrome browser know which client certificate to prompt for a site?
LetsEncrypt SSL on IP Address
Programmatically Obtain KeyStore from PEM
cURL not working (Error #77) for SSL connections on CentOS for non-root users
Problems with SSL and multi level subdomains
SSL error : routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
CloudFront distribution and AWS issued certificate gives SSL_ERROR_NO_CYPHER_OVERLAP
Let's encrypt SSL couldn't start by "Error: EACCES: permission denied, open '/etc/letsencrypt/live/domain.net/privkey.pem'"
pip always fails ssl verification
Android SSL HttpGet (No peer certificate) error OR (Connection closed by peer) error

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!