0

I'd like to use openssl s_client in order to see if a site supports a specific TLS version. In this case, I'd like to test for the deprecated TLS 1.1 (to make sure it's not active). After reading the docs, I thought that I could use something like this (ex: using badssl tls 1.1 site):

> openssl s_client -connect tls-v1-1.badssl.com:1011 -tls1_1


CONNECTED(00000003)
40C7E140617D0000:error:0A0000BF:SSL routines:tls_setup_handshake:no protocols available:../ssl/statem/statem_lib.c:104:


no peer certificate available


No client certificate CA names sent


SSL handshake has read 0 bytes and written 7 bytes
Verification: OK


New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

I'm running this on an Ubuntu 23.10 box. What am I missing?

Edit: I've updated the box to Ubuntu 24.04 and got the same results.

Thanks.

Luis Abreu
  • 197
  • BTW Ubuntu 23.10 goes EOL in 11 days and after that will be off topic on this site. It is also more complex to update an OS after it has pasted its EOL. Suggest update now or very soon. – David DE Jun 20 '24 at 15:06
  • It says failed. tls_setup_handshake:no protocols available... I think that confirmed it's not available. – JayCravens Jun 20 '24 at 19:02
  • Well, that's why I'm missing something. Notice that I'm connecting to badssl's TLS 1.1 site (that is, if I didn't get the URL wrong). – Luis Abreu Jun 20 '24 at 20:57

0 Answers0