| TLS_ECDHE_RSA_WITH_RC4_128_SHA - strong | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong Once installed, you can test a remote server for TLS support by running: nmap -script ssl-enum-ciphers -p 443 If TLS is supported, it will return the TLS version along with the ciphers supported. It is not usually installed by default on Linux distributions, but you can install it by running: sudo apt install nmap Nmap, or Network Mapper, is an open source Linux command line tool for network exploration and security auditing. ![]() New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 SSL handshake has read 3019 bytes and written 463 bytes ![]() Issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 NzA4MjEyMTU5MDBaMBcxFTATBgNVBAMTDGluaXNtZWFpbi5pZTCCASI. HvcNAQEBBQADggEPADCCAQoCggEBANLrc8IH2BP51XLhR6L2/IjRuNYcoj6UH58K NzA4MjEyMTU5MDBaMBcxFTATBgNVBAMTDGluaXNtZWFpbi5pZTCCASIwDQYJKoZI MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDĮxpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzA1MjMyMTU5MDBaFw0x MIIFDjCCA/agAwIBAgISA0nt67i+GAazJs4e+bBSMqB6MA0GCSqGSIb3DQEBCwUA I:/O=Digital Signature Trust Co./CN=DST Root CA X3 I:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3ġ s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 CONNECTED(00000003)ĭepth=2 O = Digital Signature Trust Co., CN = DST Root CA X3ĭepth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 You can also test for TLS 1 or TLS 1.1 with -tls1 or -tls1_1 respectively. If you don’t see a certificate chain, and instead something similar to “handshake error”, you know the server does not support TLS 1.2/1.3. If you get a certificate chain and handshake like below, you know the server in question supports TLS 1.2/1.3. ![]() Run the following command in terminal, replacing with your own domain:įor TLS 1.2: openssl s_client -connect :443 -tls1_2įor TLS 1.3: openssl s_client -connect :443 -tls1_3 OpenSSL is a full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, and is installed on many distributions of Linux by default.
0 Comments
Leave a Reply. |