Does anyone of you know, if and if so, how can I check, with my application code, if a server has ssl enabled or not?
In the left pane, click Console Root > Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates. In the right pane, check if the certificate which was created before is available in the store. If the certificate appears in the list, this step is completed.
Checking for a Valid SSL Certificate Step 2: Visit Your Website and Check for the Padlock in the Address Bar. Once you have an SSL certificate from a trusted certificate authority, the first thing you need to check for is the HTTPS padlock in the URL. This padlock is the indicator that SSL/TLS security is in place.
"It's easier to ask forgiveness than permission"
For example, to read stackoverflow.com
via SSL, don't ask whether stackoverflow.com
supports it, just do it. In Python:
>>> import urllib2
>>> urllib2.urlopen('https://stackoverflow.com')
Traceback (most recent call last):
...
urllib2.URLError: <urlopen error (10060, 'Operation timed out')>
>>> html = urllib2.urlopen('http://stackoverflow.com').read()
>>> len(html)
146271
>>>
It shows that stackoverflow.com
doesn't support SSL (2008).
Update: stackoverflow.com
supports https now.
You don't specify a programming language, but you could do this from the command-line.
bash-3.2$ echo ^D | telnet www.google.com https
Trying 66.102.11.104...
Connected to www.l.google.com.
Escape character is '^]'.
Connection closed by foreign host.
bash-3.2$ echo ^D | telnet www.stackoverflow.com https
Trying 69.59.196.211...
telnet: connect to address 69.59.196.211: Connection refused
telnet: Unable to connect to remote host
There you go... Google does, StackOverflow does not.
11 Years later...
I ended up here, because I had the same question (within terminal).
I suppose the easiest solution would be to use s_client
of openssl
:
openssl s_client -quiet -connect google.com:443
if this returns an exit status of 0
(check using echo "$?"
), the host supports SSL/TLS on given port (here 443
).
This is a C# unit test to perform the detection without having to be on the right HTTPContext:
[TestMethod]
public void DetectSslSupport()
{
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://www.someinsecuresite.com");
try
{
using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
{
//some sites like stackoverflow will perform a service side redirect to the http site before the browser/request can throw an errror.
Assert.IsTrue(response.ResponseUri.Scheme == "https");
}
}
catch (WebException)//"The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."}
{
Assert.IsTrue(false);
}
}
not sure on your language of preference but here it is in c#
public bool IsSecureConnection()
{
return HttpContext.Current.Request.IsSecureConnection ||
HttpContext.Current.Request.Headers["HTTP_X_SSL_REQUEST"].Equals("1");
}
Please note this header is custom, but I think you get the idea. I've seen folk simply query request for "https" and besides looking dirty it's probably reasonably acceptable, depends on your security model.
Or are you asking whether it's simply available at all?
I
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With