Skip to content

TLS Protocol version inspection

TLS protocol version inspection refers to the set of practices and tools used to manually verify, analyze, or enforce specific Transport Layer Security (TLS) protocol versions and their handshake details.^[400-devops-02-os-and-linux-basics-ssl-openssl-openssl.md]

Tools and Methods

Inspection is commonly performed using command-line utilities to establish a connection with a remote server and observe the cryptographic parameters negotiated or rejected during the process^[400-devops-02-os-and-linux-basics-ssl-openssl-openssl.md].

OpenSSL

The openssl utility provides a direct method for connecting to a server to inspect its SSL/TLS capabilities^[400-devops-02-os-and-linux-basics-ssl-openssl-openssl.md] :

  • Basic Connection: openssl s_client -connect www.google.com:443
  • Specific Version & Verbose: openssl s_client -connect www.google.com:443 -tls1_2 -msg
  • Listing Ciphers: openssl ciphers -s -psk -srp or openssl ciphers -stdname

cURL

The curl utility allows users to inspect protocol behavior and test specific configurations by enforcing protocol versions and cipher suites^[400-devops-02-os-and-linux-basics-ssl-openssl-openssl.md] :

  • Verbose Handshake: curl -s -S -v -o /dev/null --no-progress-meter https://www.google.com
  • Enforcing Version and Ciphers:
    • curl -s -S -v -o /dev/null --no-progress-meter --tls-max 1.2 --ciphers ECDHE-ECDSA-AES128-GCM-SHA256 https://www.google.com

Sources

  • 400-devops-02-os-and-linux-basics-ssl-openssl-openssl.md