• Test SSL protocols availability using openssl s_client

    3 min read

    To make sure we don't publish an SSL service with vulnerable protocols enabled we can check which protocols the server has enabled using openssl s_client

    Depending on the OpenSSL version we have we will have different procotols available. For example, if we are using OpenSSL 1.0.2j we will have the following options for s_client:

     -ssl2         - just use SSLv2
     -ssl3         - just use SSLv3
     -tls1_2       - just use TLSv1.2
     -tls1_1       - just use TLSv1.1
     -tls1         - just use TLSv1
     -dtls1        - just use DTLSv1

    On the other hand, if we are using OpenSSL 1.1.1f we will only have:

     -tls1                      Just use TLSv1
     -tls1_1                    Just use TLSv1.1
     -tls1_2                    Just use TLSv1.2
     -tls1_3                    Just use TLSv1.3



From pet to cattle
Treat your kubernetes clusters like cattle, not pets