How to test if a web-services client application supports TLS?

3

I have a client app that accesses an HTTPS web-service. It uses an external library for SSL support.

The service provider has advised they are dropping SSL 3 support and, from a specific date, will only support TLS 1.0 (or later) connections.

I can configure the client to, for example, access a test web-server on my PC (or a Linux server) using an HTTPS GET request.

How can I set up a test service, using something like Apache, or maybe Perl, to positively test whether the client supports TLS 1.0 or later?

RedGrittyBrick

Posted 2015-09-09T14:58:25.670

Reputation: 70 632

Answers

3

I have not yet found a solution along the lines I was looking for. However there are online web-sites that report what level of SSL your client supports.

One (there may be others, I am not endorsing this one) is howsmyssl.com whose reports are like this:

Your SSL client is Bad.

Version: Good

Your client is using TLS 1.2, the most modern version of the encryption protocol. It gives you access to the fastest, most secure encryption possible on the web.
...

Insecure Cipher Suites: Bad

Your client supports cipher suites that are known to be insecure:
...

Which, in this case, shows that my client software supports >= TLS 1.0 and is not restricted to <= SSL 3

I'm posting this answer on the off-chance that someone else might, now or in future find it useful to verify protocol levels.

Footnote: See malgassar's later answer for a link to GitHub source code in Go language that could be used to implement a local test server along the lines I was originally looking for.

RedGrittyBrick

Posted 2015-09-09T14:58:25.670

Reputation: 70 632

I check is always useful :) Is there any specific reason why you didn't put a followable link for howsmyssl.com?

– Hastur – 2015-09-17T16:28:49.557

1

It might not have been available at the time the original post was made back in 2015, but the website that you mentioned (howsmyssl.com) provides an API in the form of a REST service link (https://www.howsmyssl.com/s/api.html) that you can use with any client code (for example a c# .NET windows application in my case) through a web request. You can also type in the link in your browser and look at the returned result after submitting the request within your browser.

malqassar

Posted 2015-09-09T14:58:25.670

Reputation: 11

Thanks, +1. The link leads to a page that has links to their open-source code on GitHub. So it is feasible to run this locally. Happy coincidence that it is written in Go (golang) which I am using for a different project. – RedGrittyBrick – 2017-11-28T12:03:40.873

Asked: 2015-09-09T14:58:25.670

Viewed: 6 972 times

Active: 2017-11-28T12:09:38.053