How to check SSL/TLS Cipher Suites a Server Offer – Guidelines

list SSLTLS Cipher Suites

Today in this article, we will learn how to List The SSL/TLS Cipher Suites A Website Offers or supports.

We will also see a few approaches like using various approaches like OpenSSL (if your server is not publicly accessible) or SSLLabs (If servers are publicly accessible) to verify the TLS/SSL configuration.

  • As per recent security guidelines, SSL v2 protocols are insecure and must not be used.
  • SSL v3 is secured but behaves insecurely when used with HTTP
  • TLS v1.2 or TLS v1.3 should be used as the main protocol on your servers.

We will cover the below aspects in today’s article,

OpenSSL is an open-source CLI (command line interface) tool that is used as a Cryptography toolkit implementing the Secure Sockets Layer and Transport Layer Security network protocols, It supports cryptography functions of the crypto library from the shell.

This tool is mainly used for,

  • Creation and management of private and public keys
  • Creating certificates X.509 c, CSRs, and CRLs
  • Encryption and Decryption with Ciphers o
  • SSL/TLS Client and Server Tests etc

OpenSSL Command Pattern

openssl [ list-standard-commands | list-message-digest-commands | list-cipher-commands | list-cipher-algorithms | list-message-digest-algorithms | list-public-key-algorithms]

OpenSSL- How to check SSL or TLS protocol versions supported on Linux

OpenSSL comes with very handy commands which let you check the version of SSL/TLS easily

List The SSL/TLS Cipher Suites

The above shows my website OR API supporting the SSL v3.0 version and TLS 1.2.

That means my server is supporting the latest SSL which is v3.0 and also TLS protocol suites which is TLS 1.2.

OpenSSL – Get a List of ALL cipher Suites

openssl ciphers -v | column -t

tls cipher suites list, tls 1.2 strong ciphers list, how to check cipher suites in windows server 2016, how to check cipher suites in windows server 2012 r2, openssl list ciphers

OpenSSL – Check SSL or TLS protocol versions supported for a Website

We can use OpenSSL s_client command to implement a generic SSL/TLS client to connect to the remote host.

openssl s_client -connect www.TheCodeBuzz.com:443 

check supported tls ssl version ciphers linux

If you need to verify tls 1.2 strong ciphers list,

 openssl s_client -connect www.TheCodeBuzz.com:443  -tls1_2


SSLLab – Check SSL or TLS protocol versions supported using SSLLab

If your server is publicly accessible, then one can use the online tool SSLLabs to run your set tests providing the SSL or TLS Cipher suites supported by your server.


Below discussed techniques list ciphers supported by the server.

  • Enter the URL in the hostname and click Submit
tls 12 weak ciphers listrecommended cipher suites 2022
  • After submission, the report will be displayed for Protocol support.

Below shows the TLS1.2 as the highest version supported on the server.

check cipher suites on server, recommended cipher suites 2022, list ciphers supported by server,
  • Similarly, once can view all the supported Strong and Weak Cipher on the server
openssl list ciphers supported by server

As a best practice, you must disable or remove weak ciphers on the server.

You should see only good ciphers enabled. The below examples show the details for the thecodebuzz,

tls cipher suites list

There are a number of online tools to quickly validate the configuration of a server.

A few examples are listed below,

Online tools – identify the SSL/TLS Cipher suites

Offline tools – identify the SSL/TLS Cipher suites

Additionally, a Few offline tools can be used:

Hope you find this information useful,

That’s all! Happy coding!

Does this help you fix your issue?

Do you have any better solutions or suggestions? Please sound off your comments below.



Please bookmark this page and share it with your friends. Please Subscribe to the blog to receive notifications on freshly published(2024) best practices and guidelines for software design and development.



Leave a Reply

Your email address will not be published. Required fields are marked *