90

I want to know whether my browser is using SSL or TLS connection if I see HTTPS.

I want to know for IE, Firefox, Chrome and Safari. I want to know the protocol version.

Zuly Gonzalez
  • 394
  • 3
  • 21
zhtway
  • 1,143
  • 1
  • 8
  • 9
  • 7
    btw TLS is essentially SSL 3.1, so you want to know the protocol version. – CodesInChaos Aug 22 '12 at 21:23
  • 1
    please, specify what browser you are using – eversor Aug 22 '12 at 21:33
  • 2
    I want to know on all the famous browsers; IE, Firefox, Chrome, Safari. Yes, I want to know the protocol version. – zhtway Aug 22 '12 at 21:35
  • 1
    Are you concerned with benchmarking browsers or are you concerned with the actual traffic? You can capture traffic with Wireshark and see its encrypted. Otherwise, you need to consult each vendor's website. – Eric G Aug 22 '12 at 22:07
  • 2
    if its google chrome https://support.google.com/chrome/bin/answer.py?hl=en&answer=95617&p=ui_security_indicator – BlueBerry - Vignesh4303 Aug 23 '12 at 04:46

4 Answers4

75

There are several protocol versions : SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2. Internally, TLS 1.0/1.1/1.2 are SSL 3.1/3.2/3.3 respectively (the protocol name was changed when SSL became a standard). I assume that you want to know the exact protocol version that your browser is using.

Internet Explorer

According to what is described on this blog post, Internet Explorer can display the protocol version information. Just hit File->Properties or Right-click -> Properties, and a window would open, under Connection, you'd see something like:

TLS 1.2, RC4 with 128 bit encryption (High); RSA with 2048 bit exchange

Firefox

As of today, Firefox supports TLS 1.0, TLS 1.1 and TLS 1.2. You can see the negotiated protocol version if you click the padlock icon (on the left of the URL), then More Information and then under the Technical Details.

Chrome

Chrome can display the version. On earlier versions of Chrome, click on the padlock icon; a popup appears, which contains some details, including the protocol version. example: (verified on version 21.0.1180.82)

The connection uses TLS 1.0

On later versions of Chrome, this information in the security tab of the developer tools. (Credit to nickd)

Opera

Opera shows the protocol version in a way similar to Chrome: click on the padlock icon, then click on the "Details" button. e.g. (verified on version 12.01):

TLS v1.0 256 bit AES (1024 bit DHE_RSA/SHA)

Others

For browsers which do not show the information, you can always obtain it running a network analyzer like Wireshark or Network Monitor: they will happily parse the public headers of the SSL/TLS packets, and show you the version (indeed, all of the data transfers in SSL/TLS are done in individual "records" and the 5-byte header of each record begins with the protocol version over two bytes).

And, of course, the actual protocol version is a choice of the server, based on what the server is configured to accept and the maximum version announced by the client. If the server is configured to do TLS 1.0 only then any connection which actually happens will use TLS 1.0, necessarily.

(Edit: I have incorporated some information from the comments; done a few tests myself. Feel free to enhance this answer as needed.)

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
  • Interesting that the Firefox extension shows the cipher, but not the SSL version. – Polynomial Aug 23 '12 at 07:40
  • In firefox clicking on the favicon in the address bar and clicking more info shows the same info as the extension. In chrome clicking the icon also shows that info in a popup. – ewanm89 Aug 23 '12 at 12:13
  • @ewanm89: for the Firefox I am presently using (14.0.1 on a Linux/Ubuntu system), all the information is _not_ present. I can get the server certificate and the used symmetric cipher, but _not_ the exact protocol version (i.e. I don't know if it is SSL 3.0, TLS 1.0, TLS 1.1 or TLS 1.2). – Thomas Pornin Aug 23 '12 at 12:26
  • @ThomasPornin as Polynomial has already pointed out, neither does the extension. I'd add that current versions of firefox are SSL 3.0/TLS 1.0 only – ewanm89 Aug 23 '12 at 12:39
  • In opera you can click on the icon to the left of the address bar – CodesInChaos Aug 23 '12 at 19:28
  • On Chrome, if you click on the lock icon, you'll get details about the certificate first, followed by SSL/TLS version and cipher suite (AFAIK, it also warns you if the server doesn't support at least TLS 1.0). – Bruno Aug 25 '12 at 16:57
  • possibly a helpful link: http://www9.atwiki.jp/kurushima/pub/pkimisc/SSLTLS_CipherSuite_Support_Table_.html (lists supported versions by browser) – Tate Hansen Aug 26 '12 at 01:55
  • 17
    Later versions of Chrome have this information in the security tab of the developer tools. – nickd Mar 27 '17 at 17:33
  • How-to use ***Network Monitor*** ? – Kiquenet Apr 06 '18 at 22:28
  • 4
    @nickd Indeed; Chrome currently no longer shows any encryption information or certificate information by clicking the padlock, only whether the connection is "secure" or not. – TylerH May 10 '18 at 18:54
  • Now we have TLS 1.3 too. – Juraj Martinka Jul 12 '19 at 08:30
32

From Google Chrome version 56 up

Open Chrome developer tools using F12 shortcut key and select Security tab that would provide the security info as shown below.

enter image description here

srk
  • 103
  • 3
Dijkgraaf
  • 443
  • 4
  • 10
27

Google Chrome

  1. Click on the padlock at the left of the address bar

enter image description here

Mozilla Firefox

  1. Click on the padlock at the left of the address bar
  2. Then click 'more information'

enter image description here

Internet Explorer

The padlock is to the right of the address bar, but it won't help. Instead

  1. (On a blank bit of the page) right click
  2. Properties

enter image description here

It would be neat if Internet Explorer were consistent with the other browsers. Under the padlock indicator is sensible place to look.

Colonel Panic
  • 2,214
  • 2
  • 22
  • 23
  • This must be a very recent version of Firefox -- I checked 31 ESR, and it looks exactly the same right up through `128 bit keys`, but does not include the TLS version. – Coderer Aug 21 '15 at 12:13
  • 1
    How can you do it in Chrome Version 57.0.2987.110 (64-bit)? This worked for me in previous versions, but not in this one. – Tadej Mar 24 '17 at 13:18
  • 2
    @JedatKinports See the answer that starts with "From Google Chrome version 56 up" as the above is no longer valid for Chrome. – Dijkgraaf Feb 19 '18 at 20:11
11

I am still unable to find add-ons or extensions to check ssl protocol version directly from browser session. But what I found is here.

openssl s_client -connect <<domain name>>:443 -ssl2
openssl s_client -connect <<domain name>>:443 -ssl3

openssl command give ssl information. I don't know much detail on openssl command.

This site use openssl to get extensive information. http://www.serversniff.net/sslcheck.php

zhtway
  • 1,143
  • 1
  • 8
  • 9
  • 1
    That tells you a little, and can be fixed to tell you more, about what the *server* supports. It does not tell what a *browser* supports or gets, which is the question. Also that link is dead: it 302s to https://cloud.hochnebel.net/sslcheck.php which 404s. – dave_thompson_085 Feb 10 '15 at 10:11
  • The key here is that is will tell you if the negotiation and ssl handshake fails. This is really important information if you're testing to see whether or not you want to enable SSLv2, SSLv3, TLSv1, etc. – zmonteca Apr 27 '15 at 18:27
  • Can't comment on above (need higher reputation), so I'll add to `zhtway`'s comment above. For newer versions of TLS (1.0, 1.1 and 1.2) just use these newer parameters: # Test for TLS 1.0, 1.1 and 1.2 respectively. openssl s_client -connect <>:443 -tls1 openssl s_client -connect <>:443 -tls1_1 openssl s_client -connect <>:443 -tls1_2 You'll be able to tell if it's supported or not if you get a long detailed response including the server certificate. – patricknelson Dec 06 '18 at 20:06