1/31/2020

TLS openssl check connection



IT sec would like to audit the TLS connection type provided by the web servers used by application

These instructions assume that you're using the RHEL or CentOS - like operating Systems.

Instructions

Use the standard openssl commands to check the connection type


TLS version 1.1 openssl s_client -tls1 -connect :443
TLS version 1.1 openssl s_client -tls1_1 -connect :443
TLS version 1.2 openssl s_client -tls1_2 -connect :443

Good Example

For this example, we used a self-signed cert, so your output may be a little different.

openssl s_client -tls1_2 -connect 1.2.3.4:443

CONNECTED(00000003)

depth=0 CN = 10.215.17.68
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = 10.215.17.68
verify return:1
---
Certificate chain

0 s:/CN=10.215.17.68

i:/CN=10.215.17.68

---

Server certificate

----BEGIN CERTIFICATE-----

[Server Certificate]

----END CERTIFICATE-----
subject=/CN=10.215.17.68
issuer=/CN=10.215.17.68

---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read X bytes and written Y bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA38
Session-ID: [64 char id]
Session-ID-ctx:
Master-Key: [Key Hash]
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
[Returned TLS Key Hash]
Start Time: 1560364043
Timeout : 7200 (sec)

Verify return code: 18 (self signed certificate)

Popular Posts