howtouselinux

SSL vs TLS and how to check TLS version in Linux

Table of Contents

Both SSL and TLS protocols aim to protect sensitive information used during transactions such as payment processing that requires authentication to prove the identity of our server to the users.

TLS 1.3 is the latest version of the TLS protocol.  It is a descendent of SSL and is regarded to be more powerful and effective. OpenSSL command is the easiest way to check TLS version. The following commands can be used to find TLS version:

  • openssl s_client -connect host.com:443 -tls1
  • openssl s_client -connect host.com:443 -tls1_1
  • openssl s_client -connect host.com:443 -tls1_2
  • openssl s_client -connect host.com:443 -tls1_3
  • nmap –script ssl-enum-ciphers -p 443 host.com

 

Understanding SSL

SSL stands for “Secure Socket Layer.”

  • Netscape developed the first version of SSL in 1995.
  • SSL is a cryptographic protocol that uses explicit connections to establish secure communication between web server and client.
  • Three versions of SSL have been released: SSL 1.0, 2.0, and 3.0.
  • All versions of SSL have been found vulnerable, and they all have been deprecated.

Understanding TLS

TLS stands for “Transport Layer Security.”

  • The first version of TLS was developed by the Internet Engineering Taskforce (IETF) in 1999.
  • Four versions of TLS have been released: TLS 1.0, 1.1, 1.2, and 1.3.
  • TLS is also a cryptographic protocol that provides secure communication between web server and client via implicit connections. It’s the successor of SSL protocol.
  • TLS 1.0 and 1.1 have been “broken” and are deprecated as of March 2020. TLS 1.2 is the most widely deployed protocol version.

Which is more secure for SSL and TLS?

TLS provides a more robust message authentication system, key material generation along other encryption algorithms when compared to SSL. Thus, TLS provides support with remote passwords, elliptical curve keys and pre-shared keys which are not supported by SSL. TLS still provides backward compatibility for older devices.

The TLS protocol works on two layers where the TLS record protocol provides security to connections. The TLS handshake protocol brings together the client and the server for security key negotiation. Both client and the server authenticate each other before any data transmission.

Understanding SSL Certificates and TLS Certificates

That’s because both “SSL certificate” and “TLS certificate” essentially mean the same thing: They’re both X.509 digital certificates that help to authenticate the server and facilitate the handshake process to create a secure connection.

Some people call them “SSL certificates,” while others refer to them as “TLS certificates.” The name doesn’t matter much because a certificate isn’t the same thing as the protocol. Whatever we call them, what matters is the protocol that it operates on. And these protocols are determined by our server configuration, not by the digital certificates.

Latest TLS version

TLS 1.3 is the latest version of the TLS protocol. TLS, which is used by HTTPS and other network protocols for encryption, is the modern version of SSL. TLS 1.3 dropped support for older, less secure cryptographic features, and it sped up TLS handshakes, among other improvements.

Check the TLS version in Linux

Some vendors already have terminated the support for earlier TLS versions (TLS 1.0 and TLS 1.1) and have completely migrated to TLS version 1.2 even 1.3.

We can use the following command to check if which TLS version google.com supports.

#openssl s_client -connect www.google.com:443 -tls1
#openssl s_client -connect www.google.com:443 -tls1_1
#openssl s_client -connect www.google.com:443 -tls1_2
#openssl s_client -connect www.google.com:443 -tls1_3

  • -tls1 for TLSv1
  • -tls1_1 for TLSv1.1
  • -tls1_2 for TLSv1.2

 

We can also use nmap command to check the TLS version in Linux. nmap –script ssl-enum-ciphers -p 443 www.google.com

 

4 Ways to Check SSL Certificate Expiration date

Related:

David Cao
David Cao

Hey there! I am David, a Cloud & DevOps Enthusiast and 18 years of experience as a Linux engineer. I work with AWS, Git & GitHub, Linux, Python, Ansible, and Bash. I am a technical blogger and a Software Engineer, enjoy sharing my learning and contributing to open-source.