I have googled and find https://serverfault.com/questions/638691/how-can-i-verify-if-tls-1-2-is-supported-on-a-remote-web-server-from-the-rhel-ce, the command: <pre class="prettyprint"><code>openssl s_client -connect google.com:443 -tls1_2 </code></pre> does not work on MacOS because of "unknown option -tls1_2" error.

You could try something like this: <pre class="prettyprint"><code>nmap --script ssl-cert,ssl-enum-ciphers -p 443,465,993,995 www.google.com </code></pre>

How to test if a remote server support tls1.2 on Mac OS

I have googled and find

https://serverfault.com/questions/638691/how-can-i-verify-if-tls-1-2-is-supported-on-a-remote-web-server-from-the-rhel-ce,

the command:

openssl s_client -connect google.com:443 -tls1_2

does not work on MacOS because of "unknown option -tls1_2" error.

How do I know if TLS 1.2 is enabled Mac?

Scroll to the System section, then click Open your computer's proxy settings. Select the Advanced tab. Scroll to the Security section, then check Use TLS 1.2. Click OK, then close Chrome.

How do you test if TLS 1.2 is active?

In the Windows menu search box, type Internet options. Under Best match, click Internet Options. In the Internet Properties window, on the Advanced tab, scroll down to the Security section. Check the User TLS 1.2 checkbox.

How do you check if TLS 1.2 is disabled?

How to check if TLS 1.2 is enabled? If the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\DisabledByDefault is present, the value should be 0.

You could use curl to test it. I believe curl is installed with command line tools on OS X.

$ curl https://google.com/ --tlsv1.2 --verbose
*   Trying 46.134.192.54...
* Connected to google.com (46.134.192.54) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* Server certificate: *.google.com
* Server certificate: Google Internet Authority G2
* Server certificate: GeoTrust Global CA
> GET / HTTP/1.1
> Host: google.com
> User-Agent: curl/7.43.0
> Accept: */*

Thanks to this great answer on this page, I wrote this simple script to test a server for TLS 1.0, 1.1, and 1.2 support. This should work on any linux/unix flavor, I suspect, and definitely works on Mac, as that's what I'm using to test it

$ tls_test.sh tls1test.salesforce.com
TLS1.2 is supported on tls1test.salesforce.com
TLS1.1 is supported on tls1test.salesforce.com
### TLS1.0 is NOT SUPPORTED on tls1test.salesforce.com ###

tls_test.sh

#!/usr/bin/env bash

die()
{
  echo "$*"
  exit;
}

# Get server to test, and timeout in seconds
server=$1
timeout_in_seconds=${2:-20}
case "$timeout_in_seconds" in
  ''|*[!0-9]*) die "Your timeout value should be an integer value, not '$2'"
esac

# where to log full responses to
dump_file=${3:-/tmp/__dump_tls_info}
rm -f "$dump_file"

show_help()
{
  me=$(basename "$0")
  info=$(cat <<EOF
  Shows which versions of TLS a server supports.

  usage: $me SERVER {TIMEOUT_IN_SECONDS} {DUMP_FILE}

  e.g.  The following are public test servers that demonstrate
  support for various TLS versions.

  $ $me tls1test.salesforce.com       # validate TLS 1.0 is blocked
  $ $me tls-v1-0.badssl.com:1010      # validate only TLS 1.0 enabled
  $ $me tls-v1-1.badssl.com:1011      # validate only TLS 1.1 enabled
  $ $me smtp.gmail.com:465            # validate TLS 1.0+ are all supported

  Note: default timeout in seconds is 20, and it dumps full output to $dump_file
EOF
  )
  echo "$info"
  exit
}

if [ -z "$server" ]; then
  show_help
fi

testTLS()
{
  tls="$1"
  tlsDisplay=${2:-$1}
  if [ -n "$tls" ]; then
    tls_cmd="--tlsv$1"
  else
    tls_cmd=""
  fi

  CMD="curl --max-time "$timeout_in_seconds" -v -I --silent "$tls_cmd" "https://$server/""
  OUT=$($CMD 2>&1)
  CURL_VERSION=$(curl --version)
  OUT_CURL_OLD=$(echo "$OUT" | grep "option --tls" | grep "unknown")
  OUT_TLS=$(echo "$OUT" | grep "topped the pause stream")
  OUT_TLS_HANDSHAKE=$(echo "$OUT" | grep "handshake fail")
  OUT_TIMEOUT=$(echo "$OUT" | grep "onnection timed out after")

  {
    echo 
    echo "#######################################"
    echo "testing TLS$tls is supported on $server"
    echo "curl version: $CURL_VERSION"
    echo "curl location: `which curl`"
    echo "os version: `sw_vers`"
    echo "ran the following:"
    echo "$CMD"
    echo "$OUT"
    echo 
  } >> "$dump_file"

  if [ -n "$OUT_TIMEOUT" ]; then
    echo "connection to $server timed out after $timeout_in_seconds seconds"
  fi
  if [ -n "$OUT_CURL_OLD" ]; then
    echo "Your version of curl is too old, and can't test for TLS $tls support"
    return;
  fi

  if [ -n "$OUT_TLS" ]; then
    echo "### TLS $tlsDisplay is NOT SUPPORTED on $server ###"
  else
    if [ -n "$OUT_TLS_HANDSHAKE" ]; then
      echo "### TLS $tlsDisplay is NOT SUPPORTED on $server ###"
    else
      echo "TLS $tlsDisplay is supported on $server"
    fi
  fi
}

testTLS 1.2
testTLS 1.1
testTLS 1.0

You could try something like this:

nmap --script ssl-cert,ssl-enum-ciphers -p 443,465,993,995 www.google.com

This is probably because your openssl is old, which does not have TLSv1.2 updates. Please consider upgrading your openssl then it should work. I have tested this on my Mac works fine. Similarly now there is TLSv1.3 in the market but I've not upgraded my Openssl to latest so, for -tls1_3 I get the same error

How to test if a remote server support tls1.2 on Mac OS

Tags:

macos

openssl

Damon Yuan

People also ask

4 Answers

baf

tls_test.sh

Brad Parks

Rukmal Dias

abhijeet104

Recent Activity

Donate For Us

How to test if a remote server support tls1.2 on Mac OS

Tags:

macos

openssl

Damon Yuan

People also ask

4 Answers

baf

tls_test.sh

Brad Parks

Rukmal Dias

abhijeet104

Related questions

Recent Activity

Donate For Us