![]() Nmap done: 1 IP address (1 host up) scanned in 1.04 seconds Let’s bump up the TLS version to 1.2 and try again: This means that the server rejected our request because it cannot support TLS version 1.1. Specifically, we’re hit by the protocol version error, as per the documentation. In the first line of the output, we can see that the command raises an error SSL alert number 70. What if the host doesn’t support the TLS version we request? Let’s now connect to the host with TLS 1.1: $ openssl s_client -connect :443 -tls1_1ġ39944872509888:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version./ssl/record/rec_layer_s3.c:1528:SSL alert number 70 ![]() In other words, the server has no problem supporting TLS version 1.1, as per our request. In the first line of the output, the message CONNECTED(00000005) means that we’ve successfully established a secure channel between us and the host. Additionally, using the -tls1_1, we are telling the host that as the client, we can only support up to TLS version 1.1. The command above initiates a TLS connection to the host on port 443. ![]() MIIOPDCCDSSgAwIBAgIRAIL1YOXCpi0SCR8u2Lz1CqMwDQYJKoZIhvcNAQELBQAw I:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA I:C = US, O = Google Trust Services LLC, CN = GTS Root R1Ģ s:C = US, O = Google Trust Services LLC, CN = GTS Root R1 ![]() I:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3ġ s:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3 Verify error:num=20:unable to get local issuer certificate These options correspond to the TLS versions 1.0, 1.1, 1.2, and 1.3 respectively.įor example, we can initiate a TLS connection with and offer only TLS version 1.1 to the server: $ openssl s_client -connect :443 -tls1_1ĭepth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1 The s_client subcommand allows us to specify the specific TLS version to offer to the server using -tls1, -tls1_1, -tls1_2, -tls1_3 options. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |