Verifica la versione TLS/SSL di un tuo sito

Vediamo come scoprire facilmente quale versione TLS

Quale versione TLS sta usando il tuo sito? Basta il comando openssl lanciato da una macchina Linux che abbia accesso al tuo sito, per scoprirlo. Ecco il comando:

ostrich@myserver:~# openssl s_client -connect www.google.com:443

Grazie google! Vediamo l’output del comando (ho rimosso alcune parti):

ostrich@myserver:~# openssl s_client -connect www.google.com:443
CONNECTED(00000003)

depth=0 CN = www.google.com
verify return:1
---
Certificate chain
0 s:CN = www.google.com
---
Server certificate
-----BEGIN CERTIFICATE-----
certificate
-----END CERTIFICATE-----
subject=CN = www.google.com

---
No client certificate CA names sent
SSL handshake has read 4108 bytes and written 396 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384

---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384

---
read R BLOCK
HTTP/1.0 400 Bad Request
Content-Length: 54
Content-Type: text/html; charset=UTF-8
Date: Tue, 08 Oct 2024 10:06:09 GMT

<html><title>Error 400 (Bad Request)!!1</title></html>808B6E37EC7F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:../ssl/record/rec_layer_s3.c:317:

Come puoi vedere, il sito di questo esempio usa TLS v1.3, qundi col comando:
openssl s_client -connect websitename:port
puoi verificare in modo veloce il livello di sicurezza TLS del tuo sito o del tuo server web.