KBEC-00404 - How to check SSL protocols that your ElectricFlow server supports?

Summary 

This article describes how to verify what SSL protocols your ElectricFlow server supports. 

Solution

You can get this information using these methods.

Method 1 - Check supported SSL protocols using nmap utility

For Linux:

  • Install the utility nmap. On Ubuntu, you can do this using command

       sudo apt-get install nmap

  • Execute the following command

      

nmap --script ssl-enum-ciphers -p8443 <EF_SERVER> > ssl_protocols_supported.txt

Running this command from the client to the server endpoint will show the SSL ciphers available on the server for the various SSL protocols.

  • Check supported SSL protocols in ssl_protocols_supported.txt file

 

Method 2 - Check supported SSL protocols using openssl utility

You can use openssl to verify if the server supports that protocol like SSLv3, TLSv1.2 etc.

For Linux:

  • Run “openssl s_client -help” to see to see the different options and openssl supported protocols. It would show options like:

         -ssl2 - just use SSLv2

         -ssl3 - just use SSLv3

        -tls1 - just use TLSv1

        -dtls1 - just use DTLSv1

        -tls1_2 - just use TLSv1.2 

  • Specify the option for the protocol that you would like to use and execute commands from below example with this option. For example, for TLSv1.2 protocol

         sudo -i

        then        

export LD_LIBRARY_PATH=/opt/electriccloud/electriccommander/lib && /opt/electriccloud/electriccommander/bin/openssl s_client -connect <EF_SERVER>:8443 -tls1_2 > connect_handshake.txt 2>&1

Try to use Ctrl+C if the second command is not completing

  • Examine output in file connect_handshake.txt. ElectricFlow server supports specified SSL protocol if the SSL handshake was successful.

For Windows:

  • Run cmd.exe as Administrator
  • Run "openssl s_client -help" to see to see the different options and openssl supported protocols. It would show options like:

           -ssl2 - just use SSLv2

           -ssl3 - just use SSLv3

           -tls1 - just use TLSv1

           -dtls1 - just use DTLSv1

           -tls1_2 - just use TLSv1.2 

  • Specify the option for the protocol that you would like to use and execute command from below example with this option. For example, for TLSv1.2 protocol      
set LD_LIBRARY_PATH="c:\Program Files\Electric Cloud\ElectricCommander\lib" && "c:\Program Files\Electric Cloud\ElectricCommander\bin\openssl.exe" "s_client" "-connect" "<EF_SERVER>" "-tls1_2" > connect_handshake.txt

Try to use Ctrl+C if the command is not completing 

  • Examine output in file connect_handshake.txt. ElectricFlow server supports specified SSL protocol if the SSL handshake was successful.

 

Applies to

    Product versions: All

    OS versions: Linux, Windows

Have more questions? Submit a request

Comments

Powered by Zendesk