SUSE Support

Here When You Need Us

Verifying supported OpenSSL Transport Layer Security protocols

This document (000021475) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 12

Situation

How to determine which Transport Layer Security (TLS) protocols are available from an installed OpenSSL package in SUSE Linux Enterprise Server (SLES).

Resolution

There are two ways to verify which protocol (TLS or SSL) an openssl client supports.

Method 1 : 'openssl ciphers' command. Example (from a SLES 15 Service Pack 5):
openssl ciphers -v | awk '{print $2}' | sort | uniq
SSLv3
TLSv1
TLSv1.2
TLSv1.3

Note: On a SLES 12 SP5 the output is slightly different, partly caused by inconsistent reporting by the openssl command-line tool in the different versions of the package:
 
openssl ciphers -v | awk '{print $2}' | sort | uniq SSLv3 TLSv1.2

First of all the openssl package in SLES 12 SP5 does not support TLS v. 1.3.
But also SSLv3 covers SSLv3, TLS 1.0 and 1.1 (as the supported ciphers for those 3 are the same).
So, while TLSv1 is not listed, the openssl package does in fact support it.

Method 2: openssl SSL/TLS client program by specifying the SSL/TLS protocol to connect with to remote host.
Usage : openssl s_client -connect ;:443 -

Relevant protocols : ssl3, tls1, tls1_1, tls1_2, tls1_3

Run a command like the below and look/grep for TLS :
 
> openssl s_client -connect updates.suse.com:443 -tls1_2
...
issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = GeoTrust TLS RSA CA G1
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
  Protocol ;: TLSv1.2
...


In case the openssl package does not support the protocol, an error like the following (from a SLES 12 SP5) will be returned :
 
openssl s_client -connect updates.suse.com:443 -tls1_3
unknown option -tls1_3
 

Additional Information

For completeness :
  • TLSv1.2 covers TLS 1.2.
  • TLSv1.3 covers TLS 1.3.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000021475
  • Creation Date: 27-Jun-2024
  • Modified Date:01-Jul-2024
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.