Blue Flower

How To Test An OpenSSL Based Server For SSL And TLS Enabled Versions

Initial Comments

Due to limited time at the time of writing this, I could not elaborate as I would like, and dumped fast info here.  I do not get paid to do these articles.


How To Test An OpenSSL Server For SSL And TLS.



On the server of interest, you would need to be at command level either via monitor, remote KVM, SSH, or some remote connection method.



To test if it communicates via SSL3, enter and execute the following at command line:

openssl s_client -ssl3 -connect localhost:443

If you have a custom port assigned, then you would replace the 443 with your port used.

If the protocol you are testing for is disabled, then you will get an error.  If communication is successful, you will see output of the handshake communicate, and certificate printout that begins with "-----BEGIN CERTIFICATE-----", and other bits of useful information, such as the Cipher.

To check for enabled/disabled SSL2 or TLS1 or other TLS versions, replace the "ssl3" of "-ssl3" portion above with the wanted protocol.   For example, if checking for TLS1, you would have:

openssl s_client -tls1 -connect localhost:443

If you enter just "openssl s_client -connect", which is incomplete, and thus incorrect, you will get a help menu response, and it will list all the different protocol versions you can check with the previous mentioned above command lines.  It will list, -ssl3, -ssl3, -tls1, and so on.  Do not assume the server communicates via those protocols just because they are listed.  A previous admin or by default one or more of those protocols could be disabled.



If you need to DISABLE SSL 3, then please see the article of Disabling SSL 3 Support On Servers And Softwares.


Feel Free To Leave A Good Comment. :)

Look around, and you may find other useful articles.  Add this site to your Bookmarks/Favorites for easy return for new articles.  Consider submitting technical articles for publication, including your embedded links.