How to check the SSL version of a remote server?

B

billybons20062015-04-15 18:15:44

Information Security

billybons2006, 2015-04-15 18:15:44

I want to make sure my mail server is not using SSL2,3 but only using TLS1,1.1,1.2.
To do this, in the console I execute:

openssl s_client -tls1_2 -crlf -connect mail_server_address:465

In response I get something like:

бла-бла
SSL handshake has read 1572 bytes and written 439 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported

бла-бла

220 mailserver ESMTP ready

Seems ok.
Substituting the parameters TLS1, TLS1_1, TLS1_2 everything is ok.
If I set the SSL2 or SSL3 parameter, for example, like this:

openssl s_client -ssl2 -crlf -connect mail_server_address:465

I get in response:

бла-бла

---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 48 bytes
---
New, (NONE), Cipher is (NONE)

бла-бла

Question: Does this mean that SSL 2 and 3 are not used? If not, how can I check in another way?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

X

xmoonlight, 2015-04-15
@xmoonlight

ssllabs.com