IT sec would like to audit the TLS connection type provided by the web servers used by application
These instructions assume that you're using the RHEL or CentOS - like operating Systems.
Instructions
Use the standard openssl commands to check the connection type
TLS version 1.1 openssl s_client -tls1 -connect :443
TLS version 1.1 openssl s_client -tls1_1 -connect :443
TLS version 1.2 openssl s_client -tls1_2 -connect :443
Good Example
For this example, we used a self-signed cert, so your output may be a little different.
openssl s_client -tls1_2 -connect 1.2.3.4:443
CONNECTED(00000003)
depth=0 CN = 10.215.17.68
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = 10.215.17.68
verify return:1
---
Certificate chain
0 s:/CN=10.215.17.68
i:/CN=10.215.17.68
---
Server certificate
----BEGIN CERTIFICATE-----
[Server Certificate]
----END CERTIFICATE-----
subject=/CN=10.215.17.68
issuer=/CN=10.215.17.68
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read X bytes and written Y bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA38
Session-ID: [64 char id]
Session-ID-ctx:
Master-Key: [Key Hash]
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
[Returned TLS Key Hash]
Start Time: 1560364043
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Start Time: 1560364043
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
