How to Check a Server for TLS Support on Linux

TLS is an acronym for Transport Layer Security. TLS facilitates secure communication between computers on the Internet. As of this writing, TLS 1.3 is the latest version. This tutorial explains how you can check which versions of TLS (1.2 or 1.3) your server or website supports from a Linux system, as well as the encryption algorithm (Cipher) that is being used.

Prerequisites

  • A Linux machine
  • A user with sudo privileges

Verify TLS Support with Openssl

Openssl is an open source tool for implementing secure communications on the Internet. The openssl tool is available on all major Linux distributions.

If the openssl tool is not already installed on your Linux machine, you may install it as follows.

On Ubuntu/Debian based distributions:

$ sudo apt install openssl

On CentOS/Red Hat based distributions:

$ sudo yum install openssl

Now, to verify TLSv1.3 support on your server or website, run the following command.

$ sudo openssl s_client -connect cloudindevs.com:443 -tls1_3

Note: Use the domain name of the server or website that you are trying to test instead of 'cloudindevs.com'.

Also, you may replace -tls1_3 with:

  • -tls1_2 for TLSv1.2
  • -tls1_1 for TLSv1.1
  • -tls1 for TLSv1

If you see a certificate chain as well as details of a successful handshake in the output of the command, then the specified TLS version is supported. If not, then the specified TLS version is not supported.

TLS certificate chain
TLS certificate chain
TLS version and cipher
TLS version and cipher

Furthermore, You may verify if a specific cipher is supported as follows.

$ openssl s_client -cipher 'AES256-GCM-SHA384' -connect cloudindevs.com:443

As before, look out for a certificate chain and a successful handshake which confirms that the specified cipher is supported.

Verify TLS Support with Nmap

Nmap is a tool primarily used to scan for available services and ports on a network. Run the command below to install Nmap.

On Ubuntu/Debian based distributions:

$ sudo apt install nmap

On CentOS/Red Hat based distributions:

$ sudo yum install nmap

Once installed, you may use the nmap tool to test your server or website for TLS support as follows.

$ nmap --script ssl-enum-ciphers -p 443 cloudindevs.com

Below is a sample output showing the TLS version and ciphers supported on my server.

Test TLS support with nmap tool
Test TLS support with nmap tool

Conclusion

In this tutorial, we covered how to verify if a server or website supports TLS by using openssl and nmap. The TLS test can tell you how strong your website’s security is. We hope that you find this information very useful.

Leave a Comment