I have a Linux server that has an established TCP port connection to a client. Can I somehow check if the connection on this port supports TLS 1.2 with any of the networking commands on a basic Linux installation or with the command nmap?
Asked
Active
Viewed 1.3k times
2 Answers
2
Ah sorry, at first I missed the phrase "established TCP connection". If you know what the data stream for the application looks like when it is unencrypted, you could just use TCPDump to capture the traffic and check if it looks like the application's data.
If you can see the application data, then you know it is not encrypted.
--- original answer ---
You can use OpenSSL:
openssl s_client -connect hostname:port
You can find further information at https://www.openssl.org/docs/man1.0.2/apps/openssl-s_client.html
Tero Kilkanen
- 36,796
- 3
- 41
- 63
-
I belive this command connects to the client. What if I don’t want to check it by connecting to the client - is it possible to find it out by not connecting to the client? – user8225639 Sep 05 '18 at 20:02
-
@user8225639 You could interrupt the connection and then sniff the network when they reconnect. – Michael Hampton Sep 05 '18 at 21:33
-
I cannot do that either unfortunately. The server must be up and running. Sny other solution? – user8225639 Sep 06 '18 at 04:45
1
No, SSL/TLS isn’t a property of the underlying kernel network socket so it’s not exposed by any of the tools such as netstat, ss, etc.
You would need to use tcpdump to capture the network traffic between the two processes and analyse it, especially the initial connection handshake which should show you what TLS version is proposed and accepted. I’m not sure how visible the version is once the handshake has been performed.
bodgit
- 4,751
- 16
- 27