Ad Widget

**cyber** · 22-08-2023, 09:56

There is no built-in thing that would return tls version. But you can create a userparameter which uses (script with) "openssl s_client connect...." and take it from output.. You can force it to use specific version and if it receives an error in return, that version is most probably not supported...

Page not found - Mister PKI

https://www.misterpki.com/openssl-s-client/

**still_at_work** · 22-08-2023, 11:13

Thanks, cyber, you gave me the right direction.

I completed my check by doing what you told me. I preferred NMAP to make my script. For those interested, you can find the code here:

Code:

#!/bin/bash

# Check if the site has been provided as a parameter
if [ -z "$1" ]; then
echo "Usage: $0 <site>"
exit 1
fi

SITE="$1"

# Execute nmap to check SSL/TLS versions
OUTPUT=$(nmap --script ssl-enum-ciphers -p 443 "$SITE")

# Check if outdated TLS versions are present in the output
if [[ "$OUTPUT" == *"SSLv3"* || "$OUTPUT" == *"TLSv1.0"* || "$OUTPUT" == *"TLSv1.1"* ]]; then
echo "Outdated SSL/TLS versions detected on $SITE"
exit 1 # Exit with a return code indicating a problem
else
echo "All SSL/TLS versions are compliant on $SITE"
exit 0 # Exit with a return code indicating success
fi

Ad Widget

How to check old version of SSL/TLS on HTTPS website ?

How to check old version of SSL/TLS on HTTPS website ?

Comment

Comment