New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA SSL handshake has read 4824 bytes and written 289 bytes Issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2 Subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*. NDQ1Yuu9eghqXV/KRQuUbljxt/kqZZaL10Tl9E6yW+VQ0UnV9GoXcjz42k5FjBXR ZyhvCvBPB3/WsqypXh/Kw9GUMfEcAm3SPJR8ahlyrqL8dOjoPlEXm2WceHDlMg3z TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5nī29nbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAth5nKIa7 WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN MIIISDCCBzCgAwIBAgIIG03GHwUBFTowDQYJKoZIhvcNAQELBQAwSTELMAkGA1UEīhMCVVM圎zARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlĬm5ldCBBdXRob3JpdHkgRzIwHhcNMTcwNzI1MDgzOTU5WhcNMTcxMDE3MDgyNzAw I:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority I:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CAĢ s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA I:/C=US/O=Google Inc/CN=Google Internet Authority G2ġ s:/C=US/O=Google Inc/CN=Google Internet Authority G2 If the cipher is supported, you will see a successful handshake: CONNECTED(00000003)ĭepth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authorityĭepth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CAĭepth=1 C = US, O = Google Inc, CN = Google Internet Authority G2ĭepth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = *.Ġ s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*. openssl s_client -cipher 'ECDHE-RSA-AES256-SHA' -connect :443 We can also test for a particular cipher using openssl, in this case we are testing for the cipher ECDHE-RSA-AES256-SHA. | TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong Once installed, you can test a remote server for TLS support by running: nmap -script ssl-enum-ciphers -p 443 If TLS is supported, it will return the TLS version along with the ciphers supported.
#UDING UDL TO TEST TLS 1.2 INSTALL#
It is not usually installed by default on Linux distributions, but you can install it by running: sudo apt install nmap Nmap, or Network Mapper, is an open source Linux command line tool for network exploration and security auditing. New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 SSL handshake has read 3019 bytes and written 463 bytes Issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 NzA4MjEyMTU5MDBaMBcxFTATBgNVBAMTDGluaXNtZWFpbi5pZTCCASI. HvcNAQEBBQADggEPADCCAQoCggEBANLrc8IH2BP51XLhR6L2/IjRuNYcoj6UH58K NzA4MjEyMTU5MDBaMBcxFTATBgNVBAMTDGluaXNtZWFpbi5pZTCCASIwDQYJKoZI MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDĮxpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzA1MjMyMTU5MDBaFw0x MIIFDjCCA/agAwIBAgISA0nt67i+GAazJs4e+bBSMqB6MA0GCSqGSIb3DQEBCwUA I:/O=Digital Signature Trust Co./CN=DST Root CA X3 I:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3ġ s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 CONNECTED(00000003)ĭepth=2 O = Digital Signature Trust Co., CN = DST Root CA X3ĭepth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 You can also test for TLS 1 or TLS 1.1 with -tls1 or -tls1_1 respectively. If you don’t see a certificate chain, and instead something similar to “handshake error”, you know the server does not support TLS 1.2/1.3. If you get a certificate chain and handshake like below, you know the server in question supports TLS 1.2/1.3. Run the following command in terminal, replacing with your own domain:įor TLS 1.2: openssl s_client -connect :443 -tls1_2įor TLS 1.3: openssl s_client -connect :443 -tls1_3 OpenSSL is a full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, and is installed on many distributions of Linux by default.