3 min read
To make sure we don't publish an SSL service with vulnerable protocols enabled we can check which protocols the server has enabled using openssl s_client
Depending on the OpenSSL version we have we will have different procotols available. For example, if we are using OpenSSL 1.0.2j we will have the following options for s_client:
-ssl2 - just use SSLv2
-ssl3 - just use SSLv3
-tls1_2 - just use TLSv1.2
-tls1_1 - just use TLSv1.1
-tls1 - just use TLSv1
-dtls1 - just use DTLSv1
On the other hand, if we are using OpenSSL 1.1.1f we will only have:
-tls1 Just use TLSv1
-tls1_1 Just use TLSv1.1
-tls1_2 Just use TLSv1.2
-tls1_3 Just use TLSv1.3
06/07/2021
Read more...