How to know the TLS version install and how to upgrade to TLS v1.3

Question

I have a Ubuntu 16.04 Server and I would like to know witch version of TLS is already installed on my server.

And how to upgrade to version 1.3 if version version is under v1.3

Thank you

Answer 1

I would suggest that you use the SSL test website by Qualys. If you ran your webserver with SSLProtocol +All for just a quick test, it would tell you what SSLProtocols are being served with your pages and a recommendation on which ones should and should not be used.

On a side note, I made a recurring task to test my sites; I found something even today that had changed since I last checked 3 months ago.

https://www.ssllabs.com/ssltest/index.html

Answer 2

While you don't specify it you are probably asking about the TLS support in your web and/or mail server. For the common servers on Linux the support is implemented with OpenSSL. Since you are using Ubuntu 16.04 you by default have OpenSSL version 1.0.2 which supports TLS up to TLS 1.2. But note that configuration of the servers might cause the actual protocol support to be limited.

There is no official TLS 1.3 yet, i.e. the protocol is still not finalized. Support for TLS 1.3 is expected to be available in OpenSSL 1.1.1 which is still in development.

Answer 3

Sniffing the packets with some application like Wireshark would reveal the information; the protocol version used in a connection is in the ServerHello message or use http://ssl-checker.online-domain-tools.com tool to verify