How do I know if a server is using TLS 1.0 or 1.1?

Asked

Viewed 4,619 times

1

I recently received an email asking to update the TLS version of my site from 1.0 to 1.1 or higher.

I find it strange why my site uses SSL and not TLS.

How can I verify which of these protocols are active?

OBS 1. The site is hosted on AWS EC-2 with signed "Let’s Encrypt" and certbot certificate installed.

OBS 2. I "Inherited" the site from another developer, so do not know all executed settings.

OBS 3. Site made in PHP using Apache

  • Your website is made in what language?

  • @Perozzo , Apache PHP

  • Received e-mail from whom? From Amazon?

2 answers

4


The TLS protocol is the successor to SSL some time ago, but the term SSL is often used for both by the popularity of the same.

It is really very important to always keep your server updated with the latest stable version, avoiding as much as possible at the present time security problems on connections.

Regardless of which hosting service you are using, you can check the TLS version of many websites via an online scan at the following address:

https://www.ssllabs.com/ssltest/

Simply enter your domain and scan, an extensive report will appear, and you can navigate to the "Settings" section where you will see the supported or unordered protocols in server preference order.

This question can help you get started with the upgrade: https://stackoverflow.com/questions/32484663/how-should-i-proceed-with-upgrading-to-tls-1-2

Sources:

https://pt.wikipedia.org/wiki/Transport_Layer_Security

https://www.wst.space/ssl-part1-ciphersuite-hashing-encryption/

3

If the site can be accessed via internet, use the Ssltest. The site will generate a giant report with various information about what the server supports, for example:

  • Protocols
  • Ciphersuites
  • Certificate Chain (chain of certificates?)

You can check here the report pro google site.

If the site is only accessible on an internal network, you can use nmap. No stackexchange de security the question has already been answered:

Translating:

"

You can use nmap to scan the server:

# nmap --script ssl-enum-ciphers example.com
tarting Nmap 6.47 ( http://nmap.org ) at 2014-10-15 03:19 PDT
Nmap scan report for example.com (203.0.113.100)
Host is up (0.090s latency).
rDNS record for 203.0.113.100: edge.example.com
Not shown: 997 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https
| ssl-enum-ciphers: 
|   **SSLv3: No supported ciphers found**
|   TLSv1.0: 

"

Only replaces the example.com in the pro address command of your website.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.