Checking remote host TLS / SSL Version with nmap / openssl

Checking SSL / TLS version support of a remote server from the command line in Linux.

Method 1: openssl s_client

The simplest way to check support for a given version of SSL / TLS is via openssl s_client . openssl is installed by default on most Unix systems

If the protocol is supported you will see the remote host certificate and other information.

Here is a sample output for the bbc.co.uk.

If the protocol is not supported you’ll see a message like this:

Method 2: nmap

Our prefered method. First make sure nmap is installed, if it isn’t run apt-get install nmap . Once installed you can use commands to check the SSL / TLS version using the ssl-enum-ciphers script. This script will let you scan a target and list all SSL protocols and ciphers that are available on that server.

The ssl-enum-ciphers script will check SSL / TLS version support, cipher support and provide a grade. See sample output below:

You May Also Like

About the Author: George