Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I check if a server has ssl enable or not

Tags:

ssl

Does anyone of you know, if and if so, how can I check, with my application code, if a server has ssl enabled or not?

like image 651
Bruno Costa Avatar asked Nov 28 '08 12:11

Bruno Costa


People also ask

How do I know if I have an SSL certificate in Windows Server?

In the left pane, click Console Root > Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates. In the right pane, check if the certificate which was created before is available in the store. If the certificate appears in the list, this step is completed.

How do I know if my domain has an SSL certificate?

Checking for a Valid SSL Certificate Step 2: Visit Your Website and Check for the Padlock in the Address Bar. Once you have an SSL certificate from a trusted certificate authority, the first thing you need to check for is the HTTPS padlock in the URL. This padlock is the indicator that SSL/TLS security is in place.


5 Answers

"It's easier to ask forgiveness than permission"

For example, to read stackoverflow.com via SSL, don't ask whether stackoverflow.com supports it, just do it. In Python:

>>> import urllib2
>>> urllib2.urlopen('https://stackoverflow.com')
Traceback (most recent call last):
...
urllib2.URLError: <urlopen error (10060, 'Operation timed out')>
>>> html = urllib2.urlopen('http://stackoverflow.com').read()
>>> len(html)
146271
>>> 

It shows that stackoverflow.com doesn't support SSL (2008).


Update: stackoverflow.com supports https now.

like image 78
jfs Avatar answered Oct 18 '22 19:10

jfs


You don't specify a programming language, but you could do this from the command-line.

bash-3.2$ echo ^D | telnet www.google.com https
Trying 66.102.11.104...
Connected to www.l.google.com.
Escape character is '^]'.
Connection closed by foreign host.
bash-3.2$ echo ^D | telnet www.stackoverflow.com https
Trying 69.59.196.211...
telnet: connect to address 69.59.196.211: Connection refused
telnet: Unable to connect to remote host

There you go... Google does, StackOverflow does not.

like image 22
Johnsyweb Avatar answered Oct 18 '22 21:10

Johnsyweb


11 Years later...

I ended up here, because I had the same question (within terminal).

I suppose the easiest solution would be to use s_client of openssl:

openssl s_client -quiet -connect google.com:443

if this returns an exit status of 0 (check using echo "$?"), the host supports SSL/TLS on given port (here 443).

like image 35
Yan Foto Avatar answered Oct 18 '22 21:10

Yan Foto


This is a C# unit test to perform the detection without having to be on the right HTTPContext:

    [TestMethod]
    public void DetectSslSupport()
    {
        HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://www.someinsecuresite.com");
        try
        {
            using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
            {
                //some sites like stackoverflow will perform a service side redirect to the http site before the browser/request can throw an errror.
                Assert.IsTrue(response.ResponseUri.Scheme == "https");
            }
        }
        catch (WebException)//"The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."}
        {
            Assert.IsTrue(false);
        }
    }
like image 37
Guy Lowe Avatar answered Oct 18 '22 19:10

Guy Lowe


not sure on your language of preference but here it is in c#

public bool IsSecureConnection()
{
    return HttpContext.Current.Request.IsSecureConnection || 
           HttpContext.Current.Request.Headers["HTTP_X_SSL_REQUEST"].Equals("1");
}

Please note this header is custom, but I think you get the idea. I've seen folk simply query request for "https" and besides looking dirty it's probably reasonably acceptable, depends on your security model.

Or are you asking whether it's simply available at all?

I

like image 28
dove Avatar answered Oct 18 '22 21:10

dove