Toshimaru's Blog

Check supported TLS version with openssl command

  1. Web TLS Checker
  2. openssl command
    1. Check TLS v1 is supported
    2. Check TLS v1.1 is supported
    3. Check TLS v1.2 is supported
  3. Related Post

Web TLS Checker

You can check if a specific version of TLS is supported with the following TLS Checker.

openssl command

You can also check supported TLS version by using openssl s_client.

$ openssl s_client -connect {domain}:443 -servername {domain} -tls{version}

If supported, valid SSL Certificate is shown.

$ openssl s_client -connect -servername -tls1
depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = *
verify return:1
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google LLC/CN=*
   i:/C=US/O=Google Trust Services/CN=GTS CA 1O1
 1 s:/C=US/O=Google Trust Services/CN=GTS CA 1O1
   i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
Server certificate
subject=/C=US/ST=California/L=Mountain View/O=Google LLC/CN=*
issuer=/C=US/O=Google Trust Services/CN=GTS CA 1O1
No client certificate CA names sent
Server Temp Key: ECDH, X25519, 253 bits
SSL handshake has read 3973 bytes and written 242 bytes
New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES128-SHA
Server public key is 256 bit
Secure Renegotiation IS supported

If not supported, the following messages are shown.

$ openssl s_client -connect -servername -tls1
no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 0 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
    Protocol  : TLSv1
    Cipher    : 0000
    Start Time: 1578292633
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)

Check TLS v1 is supported

$ openssl s_client -connect -servername -tls1

Check TLS v1.1 is supported

$ openssl s_client -connect -servername -tls1_1

Check TLS v1.2 is supported

$ openssl s_client -connect -servername -tls1_2

Related Post

Load more