How to Check a Server for TLS Support on Linux
Abstract: -tls1_2 for TLSv1.2 -tls1_1 for TLSv1.1 -tls1 for TLSv1 If you see a certificate chain as well as details of a successful handshake in the output of t
TLS is an acronym for Transport Layer Security. TLS facilitates secure communication between computers on the Internet. As of this writing, TLS 1.3 is the latest version. This tutorial explains how you can check which versions of TLS (1.2 or 1.3) your server or website supports from a Linux system, as well as the encryption algorithm (Cipher) that is being used.
Prerequisites- A Linux machine
- A user with sudo privileges
Openssl is an open source tool for implementing secure communications on the Internet. The openssl tool is available on all major Linux distributions.
If the openssl tool is not already installed on your Linux machine, you may install it as follows.
Minecraft - How To Check Server PingTo view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video
Minecraft - How To Check Server PingOn Ubuntu/Debian based distributions:
$ sudo apt install openssl
On CentOS/Red Hat based distributions:
$ sudo yum install openssl
Now, to verify TLSv1.3 support on your server or website, run the following command.
$ sudo openssl s_client -connect cloudindevs.com:443 -tls1_3
Note: Use the domain name of the server or website that you are trying to test instead of 'cloudindevs.com'.
Also, you may replace -tls1_3 with:
- -tls1_2 for TLSv1.2
- -tls1_1 for TLSv1.1
- -tls1 for TLSv1
If you see a certificate chain as well as details of a successful handshake in the output of the command, then the specified TLS version is supported. If not, then the specified TLS version is not supported.
TLS certificate chain TLS version and cipherFurthermore, You may verify if a specific cipher is supported as follows.
$ openssl s_client -cipher 'AES256-GCM-SHA384' -connect cloudindevs.com:443
As before, look out for a certificate chain and a successful handshake which confirms that the specified cipher is supported.
Verify TLS Support with NmapNmap is a tool primarily used to scan for available services and ports on a network. Run the command below to install Nmap.
On Ubuntu/Debian based distributions:
$ sudo apt install nmap
On CentOS/Red Hat based distributions:
$ sudo yum install nmap
Once installed, you may use the nmap tool to test your server or website for TLS support as follows.
$ nmap --script ssl-enum-ciphers -p 443 cloudindevs.com
Below is a sample output showing the TLS version and ciphers supported on my server.
Test TLS support with nmap tool ConclusionIn this tutorial, we covered how to verify if a server or website supports TLS by using openssl and nmap. The TLS test can tell you how strong your website’s security is. We hope that you find this information very useful.