要使用OpenSSL檢查SSL/TLS協議版本��,您可以使用以下命令:
openssl s_client -connect example.com:443 -tls1_2
將example.com替換為您要檢查的服務器域名���,并將443替換為相應的端口號(如果不是默認的HTTPS端口)��。您可以將-tls1_2替換為其他版本��,如-tls1_1����、-tls1�����、-ssl3等����,以檢查服務器是否支持這些版本���。
例如��,要檢查服務器是否支持TLS 1.2�����,您可以運行:
openssl s_client -connect example.com:443 -tls1_2
如果服務器支持TLS 1.2����,您將看到類似于以下的輸出:
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
---
Certificate chain
0 s:CN = example.com
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
---
Server certificate
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
subject=CN = example.com
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3542 bytes and written 394 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
---
在這個例子中����,您可以看到SSL handshake has read 3542 bytes and written 394 bytes這一行�,它表明使用了TLS 1.2協議���。如果您想檢查其他版本����,請將-tls1_2替換為相應的版本標志����。
