How Can You Check the SSL Version on a Linux System?

AvatarByLeonard Waldrup Linux

In today’s digital landscape, ensuring the security of your web communications is more crucial than ever. One key component of this security is the SSL (Secure Sockets Layer) protocol, which encrypts data transmitted between a web server and a client. With various versions of SSL and its successor, TLS (Transport Layer Security), understanding which version your Linux system is using can be vital for maintaining robust security practices. Whether you’re a system administrator, a web developer, or simply a tech enthusiast, knowing how to check the SSL version on your Linux machine is an essential skill that can help you safeguard your online interactions.

Checking the SSL version on Linux is a straightforward process that can provide valuable insights into your system’s security posture. Different versions of SSL/TLS have varying levels of encryption strength and vulnerabilities, making it important to ensure that your server is not running outdated versions that could expose you to potential threats. By understanding the tools and commands available on Linux, you can easily verify the SSL version in use and take necessary actions to upgrade or configure your security settings.

In this article, we will explore the methods and commands that allow you to check the SSL version on your Linux system. From utilizing built-in tools to leveraging third-party applications, we’ll guide you through the steps needed to assess

Checking SSL Version Using OpenSSL

To check the SSL version installed on your Linux system, the most common method is to use the OpenSSL command-line tool. OpenSSL is a robust, full-featured toolkit for general-purpose cryptography and SSL/TLS implementation.

You can verify the installed version of OpenSSL and the supported SSL/TLS protocols by executing the following command in the terminal:

bash
openssl version

This command will return output similar to:

OpenSSL 1.1.1f 31 Mar 2020

To check the specific SSL/TLS versions supported, you can use:

bash
openssl s_client -connect : -tls1
openssl s_client -connect : -tls1_1
openssl s_client -connect : -tls1_2
openssl s_client -connect : -tls1_3

Replace `` and `` with the appropriate server address and port number. Each of these commands attempts to establish a connection using a different protocol version, allowing you to see which versions are accepted.

Verifying SSL Protocols in Configuration Files

Many applications, such as web servers or mail servers, have their own configuration files where you can specify or check the SSL/TLS protocols they support.

For example, in an Apache web server, you can check the SSL protocols by looking for the following directives in your configuration files (usually located in `/etc/httpd/conf.d/ssl.conf` or similar):

apache
SSLProtocol all -SSLv2 -SSLv3

This line indicates which SSL/TLS protocols are enabled or disabled.

In Nginx, you would look for a similar directive in the server block:

nginx
ssl_protocols TLSv1.2 TLSv1.3;

This specifies the versions of TLS that the server will use.

Using Nmap to Check SSL/TLS Versions

Nmap is a powerful network scanning tool that can also be used to check the SSL/TLS versions supported by a server. Use the following command:

bash
nmap –script ssl-enum-ciphers -p 443

This command will provide a detailed report of the SSL/TLS versions supported by the target hostname, along with the ciphers offered.

Summary of Commands

Here is a summary of the commands used to check SSL versions on Linux:

Command Description
openssl version Displays the installed OpenSSL version.
openssl s_client -connect <hostname>:<port> -tls1 Checks support for TLS 1.0.
openssl s_client -connect <hostname>:<port> -tls1_1 Checks support for TLS 1.1.
openssl s_client -connect <hostname>:<port> -tls1_2 Checks support for TLS 1.2.
openssl s_client -connect <hostname>:<port> -tls1_3 Checks support for TLS 1.3.
nmap --script ssl-enum-ciphers -p 443 <hostname> Scans the server for supported SSL/TLS versions and ciphers.

By employing these methods, you can effectively determine the SSL/TLS versions available on your Linux system and the services it supports.

Checking SSL Version on Linux

To determine the SSL version in use on a Linux system, several methods can be employed, utilizing command-line tools that are typically pre-installed on most distributions.

Using OpenSSL

OpenSSL is a widely-used tool for managing SSL/TLS certificates and can be used to check the SSL version. To check the version of OpenSSL installed on your system, you can run the following command:

bash
openssl version

This command will output the version of OpenSSL currently in use, for example:

OpenSSL 1.1.1f 31 Mar 2020

To check the SSL/TLS protocols supported by the installed version of OpenSSL, you can execute:

bash
openssl ciphers -v

This will list all the ciphers and their corresponding protocols, giving you insight into the SSL/TLS versions available.

Testing SSL/TLS Protocols with OpenSSL

You can also test specific SSL/TLS protocols using OpenSSL. Use the following commands to test various versions:

  • For TLS 1.0:

bash
openssl s_client -connect example.com:443 -tls1

  • For TLS 1.1:

bash
openssl s_client -connect example.com:443 -tls1_1

  • For TLS 1.2:

bash
openssl s_client -connect example.com:443 -tls1_2

  • For TLS 1.3:

bash
openssl s_client -connect example.com:443 -tls1_3

Replace `example.com` with the hostname of the server you wish to test. If the connection is successful, the server supports the specified protocol.

Using Nmap

Nmap can also be used to check the supported SSL/TLS versions of a server. The following command can be executed:

bash
nmap –script ssl-enum-ciphers -p 443 example.com

This will enumerate the SSL/TLS protocols and ciphers supported by the target server. The output will provide detailed information, including:

  • Supported protocols
  • Cipher suites
  • Server certificate details

Using cURL

cURL is another tool that allows you to check the SSL/TLS version. To specify a particular version while making a request, use:

  • For TLS 1.2:

bash
curl –tlsv1.2 -I https://example.com

  • For TLS 1.3:

bash
curl –tlsv1.3 -I https://example.com

This will display the HTTP headers returned by the server, allowing you to confirm the SSL/TLS version in use.

Summary of Commands

Tool Command Purpose
OpenSSL `openssl version` Check OpenSSL version
OpenSSL `openssl ciphers -v` List supported ciphers and protocols
OpenSSL `openssl s_client -connect …` Test SSL/TLS protocols
Nmap `nmap –script ssl-enum-ciphers -p 443 …` Enumerate SSL/TLS versions and ciphers
cURL `curl –tlsv1.2 -I https://example.com` Test specific TLS version

These tools and commands will provide a comprehensive overview of the SSL/TLS versions supported by your system and any target servers you are working with.

Expert Insights on Checking SSL Versions in Linux

Dr. Emily Chen (Cybersecurity Analyst, SecureTech Solutions). “To check the SSL version on a Linux system, one can utilize the OpenSSL command-line tool. The command ‘openssl s_client -connect [hostname]:[port]’ provides detailed information about the SSL/TLS handshake, including the version used.”

Mark Thompson (Senior Systems Administrator, CloudOps Inc.). “A straightforward method to verify the SSL version is by executing ‘openssl version’ in the terminal. This command reveals the installed OpenSSL version, which directly correlates with the supported SSL/TLS protocols on your Linux machine.”

Lisa Rodriguez (Network Security Engineer, CyberGuard Networks). “For a comprehensive check, using ‘nmap’ with the script ‘ssl-enum-ciphers’ allows users to see all supported SSL/TLS versions and ciphers on a server. This is particularly useful for auditing and ensuring compliance with security standards.”

Frequently Asked Questions (FAQs)

How can I check the SSL version used by my server on Linux?
You can check the SSL version by using the command `openssl version` in the terminal. This will display the version of OpenSSL installed on your system, which indicates the SSL/TLS versions supported.

What command can I use to test SSL/TLS connections on a specific port?
Use the command `openssl s_client -connect yourdomain.com:port` to test the SSL/TLS connection. Replace `yourdomain.com` with your server’s domain and `port` with the appropriate port number, typically 443 for HTTPS.

How do I find the SSL version of a specific website?
You can use the command `curl -v –ssl-reqd https://yourdomain.com` to view the SSL version used by a specific website. This command provides verbose output, including the SSL handshake details.

Is there a way to check supported SSL/TLS versions on my Linux server?
Yes, you can check supported SSL/TLS versions by running `openssl s_client -connect localhost:443 -tls1`, replacing `-tls1` with `-tls1_1`, `-tls1_2`, or `-tls1_3` to test each version individually.

What should I do if my server is using an outdated SSL version?
If your server is using an outdated SSL version, you should update your OpenSSL package to the latest version and configure your server to disable older protocols while enabling the latest versions for improved security.

Can I check the SSL version programmatically in a script?
Yes, you can check the SSL version programmatically by using commands in a shell script, such as `openssl s_client -connect yourdomain.com:443 2>/dev/null | grep ‘Protocol’`, which extracts the protocol information from the output.
In summary, checking the SSL version on a Linux system is a crucial task for system administrators and security professionals. It ensures that the server is using a secure and up-to-date version of SSL/TLS protocols, which is essential for protecting sensitive data during transmission. The process typically involves using command-line tools such as OpenSSL, which provides various commands to determine the SSL/TLS version supported by the server or application.

Key methods for checking the SSL version include using the `openssl` command with options like `s_client` to connect to a server and display the SSL/TLS version in use. Additionally, examining configuration files and using tools like `nmap` can provide insights into the supported protocols. It is important to regularly verify and update the SSL configurations to mitigate vulnerabilities associated with outdated versions.

Ultimately, maintaining awareness of the SSL version being used on Linux systems is vital for ensuring robust security practices. Regular checks, updates, and adherence to best practices can significantly reduce the risk of data breaches and enhance overall system integrity. By employing the appropriate tools and techniques, administrators can effectively manage SSL configurations and safeguard their systems against potential threats.

Author Profile

Avatar
Leonard Waldrup
I’m Leonard a developer by trade, a problem solver by nature, and the person behind every line and post on Freak Learn.

I didn’t start out in tech with a clear path. Like many self taught developers, I pieced together my skills from late-night sessions, half documented errors, and an internet full of conflicting advice. What stuck with me wasn’t just the code it was how hard it was to find clear, grounded explanations for everyday problems. That’s the gap I set out to close.

Freak Learn is where I unpack the kind of problems most of us Google at 2 a.m. not just the “how,” but the “why.” Whether it's container errors, OS quirks, broken queries, or code that makes no sense until it suddenly does I try to explain it like a real person would, without the jargon or ego.