Hwo to test tls 1.2
I:/C=US/O=Google Inc/CN=Google Internet Authority G2ġ s:/C=US/O=Google Inc/CN=Google Internet Authority G2 If the cipher is supported, you will see a successful handshake: CONNECTED(00000003)ĭepth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authorityĭepth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CAĭepth=1 C = US, O = Google Inc, CN = Google Internet Authority G2ĭepth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = *.Ġ s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*. openssl s_client -cipher 'ECDHE-RSA-AES256-SHA' -connect :443 We can also test for a particular cipher using openssl, in this case we are testing for the cipher ECDHE-RSA-AES256-SHA. | TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong Once installed, you can test a remote server for TLS support by running: nmap -script ssl-enum-ciphers -p 443 If TLS is supported, it will return the TLS version along with the ciphers supported.
#Hwo to test tls 1.2 install#
It is not usually installed by default on Linux distributions, but you can install it by running: sudo apt install nmap Nmap, or Network Mapper, is an open source Linux command line tool for network exploration and security auditing. New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 SSL handshake has read 3019 bytes and written 463 bytes Issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 NzA4MjEyMTU5MDBaMBcxFTATBgNVBAMTDGluaXNtZWFpbi5pZTCCASI. HvcNAQEBBQADggEPADCCAQoCggEBANLrc8IH2BP51XLhR6L2/IjRuNYcoj6UH58K NzA4MjEyMTU5MDBaMBcxFTATBgNVBAMTDGluaXNtZWFpbi5pZTCCASIwDQYJKoZI MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDĮxpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzA1MjMyMTU5MDBaFw0x MIIFDjCCA/agAwIBAgISA0nt67i+GAazJs4e+bBSMqB6MA0GCSqGSIb3DQEBCwUA I:/O=Digital Signature Trust Co./CN=DST Root CA X3 I:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3ġ s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 CONNECTED(00000003)ĭepth=2 O = Digital Signature Trust Co., CN = DST Root CA X3ĭepth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 You can also test for TLS 1 or TLS 1.1 with -tls1 or -tls1_1 respectively. If you don’t see a certificate chain, and instead something similar to “handshake error”, you know the server does not support TLS 1.2/1.3.
If you get a certificate chain and handshake like below, you know the server in question supports TLS 1.2/1.3. Run the following command in terminal, replacing with your own domain:įor TLS 1.2: openssl s_client -connect :443 -tls1_2įor TLS 1.3: openssl s_client -connect :443 -tls1_3 OpenSSL is a full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, and is installed on many distributions of Linux by default.