List supported SSL/TLS versions for a specific OpenSSL build

Question

I have, for example, OpenSSL version 1.0.0o on my Linux system, and I want to know which SSL/TLS versions are supported with this build.

Is there a shell command to accomplish this?

Answer 1

When you run OPENSSL command using s_client this is the output. See the Cipher, if the cipher NULL it means that version of TLS is not supported.

TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : ECDHE-RSA-AES256
    Session-ID: A84600002D4945DE6
    Session-ID-ctx:
    Master-Key:  
    Start Time: 15852343333860
    Timeout   : 2343 (sec)
    Verify return code: 0 (ok)

Answer 2

It's clumsy, but you can get this from the usage messages for s_client or s_server, which are #ifed at compile time to match the supported protocol versions. Use something like

 openssl s_client -help 2>&1 | awk '/-ssl[0-9]|-tls[0-9]/{print $1}' 
 # in older releases any unknown -option will work; in 1.1.0 must be exactly -help

Answer 3

You can not check for version support via command line. Best option would be checking OpenSSL changelog.

Openssl versions till 1.0.0h supports SSLv2, SSLv3 and TLSv1.0. From Openssl 1.0.1 onward support for TLSv1.1 and TLSv1.2 is added.

Answer 4

This worked for me:

openssl s_client -help 2>&1  > /dev/null | egrep "\-(ssl|tls)[^a-z]"

Please let me know if this is wrong.

Answer 5

Use this

openssl ciphers -v | awk '{print $2}' | sort | uniq

Answer 6

Try the following command:

openssl ciphers

This should produce a list of all of the ciphers supported in your version of openssl.

To see just a particular set of ciphers (e.g. just sslv3 ciphers) try:

openssl ciphers -ssl3

See https://www.openssl.org/docs/apps/ciphers.html for more info.