How can I check if a server has ssl enable or not

Question

Does anyone of you know, if and if so, how can I check, with my application code, if a server has ssl enabled or not?

Answer 1

Batch SSL/TLS testing given input file http.parsed in the form

10.31.11.5:443
10.31.11.25:443
10.31.11.37:55000
10.31.11.116:80

Using GNU parallel

parallel -j10 'curl -k https://{} 1> /dev/null 2> /dev/null && echo https://{}' :::: http.parsed

we get output

https://10.31.11.5:443
https://10.31.11.25:443
https://10.31.11.37:55000

Answer 2

11 Years later...

I ended up here, because I had the same question (within terminal).

I suppose the easiest solution would be to use s_client of openssl:

openssl s_client -quiet -connect google.com:443

if this returns an exit status of 0 (check using echo "$?"), the host supports SSL/TLS on given port (here 443).

Answer 3

"It's easier to ask forgiveness than permission"

For example, to read stackoverflow.com via SSL, don't ask whether stackoverflow.com supports it, just do it. In Python:

>>> import urllib2
>>> urllib2.urlopen('https://stackoverflow.com')
Traceback (most recent call last):
...
urllib2.URLError: <urlopen error (10060, 'Operation timed out')>
>>> html = urllib2.urlopen('http://stackoverflow.com').read()
>>> len(html)
146271
>>> 

It shows that stackoverflow.com doesn't support SSL (2008).

---

Update: stackoverflow.com supports https now.

Answer 4

This is a C# unit test to perform the detection without having to be on the right HTTPContext:

    [TestMethod]
    public void DetectSslSupport()
    {
        HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://www.someinsecuresite.com");
        try
        {
            using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
            {
                //some sites like stackoverflow will perform a service side redirect to the http site before the browser/request can throw an errror.
                Assert.IsTrue(response.ResponseUri.Scheme == "https");
            }
        }
        catch (WebException)//"The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."}
        {
            Assert.IsTrue(false);
        }
    }

Answer 5

If you're running PHP or ASP code on a server, the short answer is you don't. You can attempt to make a socket connection to the non-ssl IP address, and see if you get a ssl certificate, and enumerate its Common Name and SubjectAlternativeNames, but in general, the simple answer is you don't. A frequent (mis)configuration of apache is to listen on port 443 without a SSL certificate, so being able to make the connection is no guarantee that there's SSL there. Not being able to make the connection could mean that your application does not have networking privileges. Because setting up SSL is a pain, you know whether you have SSL or not, and that's a configuration decision. It's like wondering how many children you have - you should know.

Answer 6

You don't specify a programming language, but you could do this from the command-line.

bash-3.2$ echo ^D | telnet www.google.com https
Trying 66.102.11.104...
Connected to www.l.google.com.
Escape character is '^]'.
Connection closed by foreign host.
bash-3.2$ echo ^D | telnet www.stackoverflow.com https
Trying 69.59.196.211...
telnet: connect to address 69.59.196.211: Connection refused
telnet: Unable to connect to remote host

There you go... Google does, StackOverflow does not.

Answer 7

You need to specify what protocol you're working with -- there are SSL versions of HTTP, IMAP, POP, etc.

Assuming it's HTTPS you're interested in, you could check to see if something is listening on port 443 on the server and go from there...

Answer 8

not sure on your language of preference but here it is in c#

public bool IsSecureConnection()
{
    return HttpContext.Current.Request.IsSecureConnection || 
           HttpContext.Current.Request.Headers["HTTP_X_SSL_REQUEST"].Equals("1");
}

Please note this header is custom, but I think you get the idea. I've seen folk simply query request for "https" and besides looking dirty it's probably reasonably acceptable, depends on your security model.

Or are you asking whether it's simply available at all?

I