How do we determine the SSL/TLS version of an HTTP request?
You want to look at the "protocol version" in the ServerHello
message. Consider this image, shamelessly plundered from the Web and that shows a screenshot of a ServerHello
being decoded by Wireshark:
There are two "Version: TLS 1.0 (0x0301)" instances in this picture. The first one is from the header of the record that contains the ServerHello
. The second one is from the contents of the ServerHello
message itself. The second one is the one you are interested in, because it is the way the server informs the client about the protocol version that will be used for this connection.
Have you tried the command?
openssl s_client -connect $host:$sslport
That's an standard output that shows the protocol being used.
CONNECTED(00000003)
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
i:/C=US/O=Google Inc/CN=Google Internet Authority G2
1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEdjCCA16gAwIBAgIIadjDodBFIPEwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODI2MTczMTE1WhcNMTUxMTI0MDAwMDAw
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3
Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL658m
A7raUi5Md0svZq0uIUbLRE0IQT7j5PpNp8d1IL0T2o1vsO//g1vFFlYlRon1zDUr
ku3FKjD9saf+hZ4Xu75zQxTOq6OQn808fsUfORqknUOVuL9/JUBXelQedy5RQCHM
LQ88kCsdFPCZOhM5MoSTFEfBowihnkwaphf0VULzr5mvB+7rhniDB6V/Bg7gNtkY
jkaa4nsVPW4j+mDAdnbsWAyS/3DB70r+lWZCfSCC0g+KBuc/t2+fPxbABpH7G/4j
mJTaPYLC6EK/jvhlbUuKcrkh9lWS+yzk66FxaxJk09rjot9UH+Co57IesCGB5ve5
jPWnB+DmGidrMzfjAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYBBQUHAQEE
XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0
MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G
A1UdDgQWBBRHCy9UAa8aPpibWBmZbfiRehl5KjAMBgNVHRMBAf8EAjAAMB8GA1Ud
IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYKKwYBBAHW
eQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB
RzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAy8TxeKLUaLeHXF0+DlqHs4D/0Jfki
a2bAZw/og6pZ1mDpqjXn1EESHhiEIFz7LUImCDgeQHOMkUYnw2Q16+rhag30yHOp
usHsDs9IZ2jJh/Zdog4Mg38YEB+UC79cNqx65fq81X/fxr1GSAKsEUUtZ8gXLSiu
oisctt+FM5v+t0Cdo9QbV0i5mcTPh4F/JU71ox9UOzt7ST9+rNg45ygqbIvpM/p4
cBWLOaAQYZxjFN2kOUIgEMYpMa7iXWyBrNAi6oRlTTYbr1e1ElU5rr1GqNZJ5TLr
lkcMZpRwGomeFxWMdMWHQxWM1gs9cROAvRq0dz7PpqYHo7kcR61CT2Vl
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
---
No client certificate CA names sent
---
SSL handshake has read 3719 bytes and written 421 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 5832B5186C5F842ED93B49CBFA04C93DA5099ABA72E6D8C2A11EEFCCBCAEC563
Session-ID-ctx:
Master-Key: F5BC199D27A2AFDB16A120AC706DBF68F024129E351E32B6C636AD087A3C775459F4A7941C7D1509B0B115A82BDFEA98
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 100800 (seconds)
TLS session ticket:
0000 - fb b9 4a df 5a 50 e7 ae-14 fe 81 95 04 a7 1f 62 ..J.ZP.........b
0010 - 7c 22 71 99 e8 55 31 f2-53 bb 4b d5 4e b3 0e 8f |"q..U1.S.K.N...
0020 - 7a 75 b3 7f 68 9a ed 25-bb 5e 88 97 26 db cf 7a zu..h..%.^..&..z
0030 - 40 65 65 60 e3 34 b3 15-44 50 a3 57 98 77 ca 6c @ee`.4..DP.W.w.l
0040 - 63 45 84 07 7e cc b4 5c-4d e5 66 d6 df 9a bb 7e cE..~..\M.f....~
0050 - 24 f3 5b 08 5a 7a 03 1c-b4 2d 01 4b 3c 33 f6 34 $.[.Zz...-.K<3.4
0060 - 4c df 5c c9 22 08 b2 94-25 aa 48 07 a2 f6 50 b8 L.\."...%.H...P.
0070 - f7 90 a7 46 25 bf 9e 46-05 62 7e bb 6e 61 8e ef ...F%..F.b~.na..
0080 - ad 37 c4 e1 17 f4 57 42-c9 d0 e9 85 cb 65 cf b2 .7....WB.....e..
0090 - 4c 2e 98 e0 38 6a da 16-62 de 3e 51 e2 2c de 84 L...8j..b.>Q.,..
00a0 - a0 ab b7 e6 ....
Start Time: 1441848276
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
Hope this helps.