How to tell if a server is using TLS 1.0 or 1.1?

1

Recently I received an email requesting to update the TLS version of my site from 1.0 to 1.1 or higher.

I find it strange why my site uses SSL and not TLS .

How can I check which of these protocols are active?

OBS 1. The site is hosted on AWS EC-2 with a self-signed "Let's encrypt" certificate and certbot installed.

OBS 2. I "inherited" the site from another developer, so I do not know all the settings executed.

OBS 3. Site made in PHP using Apache

    
asked by anonymous 15.06.2018 / 13:53

2 answers

3

The TLS protocol is SSL's longtime successor, but the term SSL is often used for both by its popularity.

It is very important to always keep your server up to date with the most recent stable version, avoiding, as far as possible, security problems in connections.

Regardless of which hosting service you are using, you can check the TLS version of many sites by scanning online at the following address:

link

Just enter your domain and scan, an extensive report will be displayed, and you will be able to navigate to the "Settings" section where you will see the supported or unsorted protocols in server preference order.

This question can help you get started with the upgrade: link

Sources:

link

link

    
12.12.2018 / 19:07
2

If the site can be accessed via the internet, use SSLTest . The site will generate a giant report with various information about what the server supports, for example:

  • Protocols
  • Ciphersuites
  • Certifacate Chain (certificate chain?)

You can check here report pro google .

If the site is only accessible on an internal network, you can use nmap. In the security stackexchange the has already been answered :

Translating:

"

You can use nmap to scan the server:

# nmap --script ssl-enum-ciphers example.com
tarting Nmap 6.47 ( http://nmap.org ) at 2014-10-15 03:19 PDT
Nmap scan report for example.com (203.0.113.100)
Host is up (0.090s latency).
rDNS record for 203.0.113.100: edge.example.com
Not shown: 997 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https
| ssl-enum-ciphers: 
|   **SSLv3: No supported ciphers found**
|   TLSv1.0: 

"

Only replace example.com in the command for your website address.

    
07.11.2018 / 23:53