There are various ways to confirm the TLS version that a website is using, from internet services and command-line tools to browser-based applications. Here's how to accomplish it:
1. Using Browser Developer Tools
Modern browsers let you inspect the security details of a connection.
Google Chrome/Edge:
- Open the website.
- Click the lock icon in the address bar.
- Select "Connection is secure" or equivalent.
- Go to Certificate (Valid) → Details → Look for "Protocol" or similar information.
Mozilla Firefox:
- Open the website.
- Click the lock icon.
- Select "Connection secure" → "More Information".
- The "Connection" tab will show the TLS version.
2. Using OpenSSL
You can use the OpenSSL command-line tool to test the TLS version.
Check with Default Protocols:
openssl s_client -connect <website>:443
Look for the Protocol in the output (e.g., TLSv1.2 or TLSv1.3).
Force a Specific TLS Version:
To test TLS 1.2:
openssl s_client -connect <website>:443 -tls1_2
To test TLS 1.3:
openssl s_client -connect <website>:443 -tls1_3
If the connection fails, the server does not support the specified version.
3. Using Curl
Curl can help you determine the TLS version by forcing specific versions.
Check with the default:
curl -v https://<website>
Look for SSL connection using in the output.
Force specific versions:
curl --tlsv1.2 https://<website>
curl --tlsv1.3 https://<website>
4. Using Online Tools
Several online services can provide detailed TLS version information.
SSL Labs (Qualys):
- Visit SSL Labs.
- Enter the website URL.
- The report will include supported TLS versions and their configuration.
Hardenize:
Hardenize also provides a comprehensive analysis of TLS versions and security settings.
5. Using Nmap
The Nmap network scanner can also test TLS versions.
Run the SSL-enum-ciphers script:
nmap --script ssl-enum-ciphers -p 443 <website>
Look for the "TLSv1.2" or "TLSv1.3" in the output under SSL/TLS Protocols.
6. Wireshark
Use Wireshark to analyze TLS handshakes if you have access to the network traffic.
- Start capturing packets.
- Visit the website in a browser.
- Filter by tls.handshake.type == 1 (Client Hello).
- Inspect the handshake details to see the negotiated TLS version.