We’ll quickly walk you through how to check the TLS version (TLS 1.1, TLS 1.2, TLS 1.3) that a website supports using the Qualys SSL Labs TLS checker tool
Want to know how to check which TLS protocol versions are configured to run on a website’s web server? The process is actually quite easy — simply pick one of the TLS checker tools available on the internet and follow the instructions. Usually, all you need is to provide your website’s domain or IP address.
In this example, we’ll use the SSL Test online tool from Qualys SSL Labs to check our blog’s domain: cheapsslsecurity.com. This method doesn’t cost anything and provides a quick and easy way to check your domain.
How to Check the TLS Version of a Domain in 4 Steps
These directions here are for website users or owners to check to see which version of the TLS protocol a website (moreover, its web server) supports. This way, you know whether your site offers perfect forward secrecy to browsers that support TLS version 1.3 or if it’s using TLS 1.2 as a minimum.
NOTE: Your SSL/TLS certificate really has no bearing on the TLS version that a server uses. The decision about which TLS protocol gets used is decided by the server based on the list of protocols supported by both parties (i.e., the server and the client attempting to connect to it).
- Type the website’s main domain. For example, this would be the information before the top-level domain (i.e., .com, .net, .co.uk).
Image source: This screenshot was captured using the SSL Server Test tool on SSLLabs.com.
- Press the submit button to enable the tool to start analyzing the domain. Note: If you have more than one IP, the tool will analyze all of them one by one. It’ll then provide you with a detailed result for each IP individually.
- Select an IP address in the left-hand column and click on the embedded link. Doing this will enable you to view its detailed results. As you can see (stated in the second-from-the-bottom green box), the first IP address shows that the server supports TLS 1.3.
- Scroll down to the Configuration section to find the TLS version information. Here, you’ll notice in the screenshot below a whole bunch of interesting information relating to the TLS versions supported and which cipher suites the server prefers. For example, it shows that TLS 1.2 and TLS 1.3 are supported but that SSL 2, SSL 3, TLS 1.0, and TLS 1.1 aren’t.
If you scroll down even further, you’ll find a slew of information about the supported protocols. This includes info relating to:
- whether the website is vulnerable to different SSL/TLS vulnerabilities (POODLE, BEAST, etc.)
- if the site is vulnerable to SSL/TLS compression attacks
- which versions of the SSL or TLS protocol the browser supports
It’s your turn now! Find out which TLS protocol versions are supported by your organization’s domain.
Curious to know the TLS version supported by your browser? We’ve got you covered.
How to Check the TLS Versions Supported By Your Browser
This process is even easier than the last. Simply open up a new window in your favorite browser. You’ll next want to enter the website howsmyssl.com into your browser’s address bar, and it’ll tell you straight away which version of TLS your web client supports.
Here’s a quick example of how this looks in Google Chrome:
In this screenshot, you’ll see that my Chrome browser is using TLS 1.3. Likewise, the results are largely the same in the Firefox and Microsoft Edge browsers — all three are listed as using TLS 1.3 for my website connection. If you scroll down on the page in each browser, you’ll find almost entirely the same information. However, there’s a slight variation in terms of which cipher suites each browser supports:
Google Chrome Supported Cipher Suites | Mozilla Firefox Supported Cipher Suites | Microsoft Edge Supported Cipher Suites |
TLS_GREASE_IS_THE_WORD_9A TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA | TLS_AES_128_GCM_SHA256 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA | TLS_GREASE_IS_THE_WORD_DA TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA |
That’s it! We hope you’ve found this information useful. If you want to learn more about the different TLS versions, be sure to check back in a few days for our in-depth article on that topic.