Command prompt to check TLS version required by a host

You can check using following commands.

For TLS 1.2:

openssl s_client -connect www.google.com:443 -tls1_2

For TLS 1.1:

openssl s_client -connect www.google.com:443 -tls1_1

For TLS 1:

openssl s_client -connect www.google.com:443 -tls1

If you get the certificate chain and the handshake then the TLS version is supported. If you don't see the certificate chain, and something similar to "handshake error" then its not.


From https://maxchadwick.xyz/blog/checking-ssl-tls-version-support-of-remote-host-from-command-line:

nmap ssl-enum-ciphers

Another option for checking SSL / TLS version support is nmap. nmap is not typically installed by default, so you’ll need to manually install it. Once installed you can use the following command to check SSL / TLS version support…

nmap --script ssl-enum-ciphers -p 443 www.google.com

nmap’s ssl-enum-ciphers script will not only check SSL / TLS version support for all versions (TLS 1.0, TLS 1.1, and TLS 1.2) in one go, but will also check cipher support for each version including giving providing a grade.

Tags:

Ssl

Https

Tls1.2