openssl s_client will not use SNI by default so your attempt might simply have failed just because of a missing SNI extension. Because of the last part it is possible that the server fails with your specific client even if the server has TLS 1.0 enabled because no SNI extension was used or it was used with the wrong hostname. If there is no SNI extension or if the extension does not match any configured hostname the server will usually either send some default certificate or abort the handshake. This is done by including the target hostname using the SNI TLS extension inside the ClientHello at the start of the TLS handshake. It is common that servers support multiple certificates on the same IP address today. Because of the last part it is possible that the server fails with your specific client even if the server has TLS 1.0 enabled because the server does not like the ciphers offered by the client.Īnd it gets more complex. The handshake will fail if the server does not support TLS 1.0 or lower OR if the server does not support any of the ciphers offered by the client. In your specific case the client offers TLS 1.0 as the best protocol (due to the -tls1 option) and the default cipher set. And the server picks the common cipher based on what the client offers and and what is configured to be acceptable for the server. The server replies with the best SSL/TLS protocol it supports which is equal or lower to the protocol version offered by the client. In the simplest case the client sends at the beginning of the TLS handshake inside the ClientHello message the best TLS version it can and the ciphers it supports. Thus, not getting the CONNECTED says nothing about the ability of the server to support TLS 1.0.Īfter the TCP connection is created the TLS part begins. If you don't get this CONNECTED then the server might be down or might not be reachable from your site, for example because a firewall is blocking the access.
And already if the TCP connection succeeds you will get CONNECTED(00000003). This has nothing to do with TLS itself yet. Initially, the client needs to create a TCP connection to the server. Note that most of what I say here is also true for SSL, which is mainly the earlier name for the same protocol family now known as TLS. To understand what need to be checked to be really sure it is better to have at least a basic understanding of how the TLS-Handshake works. Checking if a server has really TLS 1.0 disabled is not that simple. But you cannot be sure that the server does not support TLS 1.0 if this attempt fails.Īs you already realized the information given in the link you cite are at least partly wrong. You can be sure that the server supports TLS 1.0 if you get a successful connection with TLS 1.0. TL TR: It is far from trivial to verify from the client that a server is not supporting TLS 1.0. How do I interpret the output from openssl? Did I successfully disable TLS1.0 with the config above or since it says "CONNECTED" in both output, I didn't disable it and I'll fail the security scan again? Verify return code: 21 (unable to verify the first certificate) New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA SSL handshake has read 2121 bytes and written 357 bytes Server Temp Key: ECDH, secp521r1, 521 bits Verify error:num=21:unable to verify the first certificate (Output from TLS1.0 enabled) openssl s_client -connect localhost:8443 -tls1 If I allow Tomcat to use TLS1.0, I still see CONNECTED but I also see the certificate info. However, as you can see the messages above, it says both even though I configured Tomcat to use TLS1.2. The link said if the protocol is enabled, it will say "Connected", else "handshake failure". SSL handshake has read 7 bytes and written 0 bytes I found a link that gave me commands to use to check if a specific protocol is used/enabled. Due to a security scan, I was told to not use TLS1.0.