AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Uding udl to test tls 1.23/30/2023 The post Testing for Specific Versions of TLS Protocols Using curl appeared first on Centino Systems Blog. Object MovedThis document may be found here* * subjectAltName: host "matched cert's "* issuer: C=US O=DigiCert Inc CN=DigiCert SHA2 Secure Server CA * subject: C=US ST=ILLINOIS L=CHICAGO O=IT CN=* start date: May 14 00:00:00 2020 GMT * ALPN, server did not agree to a protocol * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * TLSv1.2 (IN), TLS handshake, Finished (20): Azure Active Directory Connect version 1.2.65.0 and later now fully support using only TLS 1.2 for communications with Azure. TLS has gone through many iterations, with version 1.2 being defined in RFC 5246. * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): The TLS protocol aims primarily to provide privacy and data integrity. * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (OUT), TLS handshake, Client hello (1): The output below shows a successful TLS 1.2 TLS handshake and some output from the webserver. * LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to * Closing connection 0Ĭurl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to Now, let’s tell curl to use TLS protocol version of 1.2 with the parameters -tlsv1.2 -tls-max 1.2 and see if we can successfully access the webserver. * TLSv1.1 (OUT), TLS handshake, Client hello (1): * successfully set certificate verify locations: So in the output, when forcing curl to use TLS version 1.1, the SSL_connect fails since the webserver only permits 1.2+ curl -verbose -tlsv1.1 -tls-max 1.1 The webserver here has a policy that allows only TLS version 1.2+. Using the -verbose parameter gives you the ability to see the TLS handshake and get the output sent to standard out. This code here uses curl with the parameters -tlsv1.1 -tls-max 1.1, which will force the max TLS protocol version to 1.1. Ever need to set your web server a specific protocol version of TLS for web servers and need a quick way to test that out to confirm? Let’s check out how to use curl to go just that.
0 Comments
Read More
Leave a Reply. |