Useful Curl Commands

Curl command to check what tls version or cipher the website or webserver supports.

The below command sets the max tls version to 1.2. As of this writing the bankofamerica.com website supports tls 1.2 and hence the connection was successful.

curl https://www.bankofamerica.com/ -verbose --tls-max 1.2

Now lets set the max tls version as 1.1 or 1.0. It will return an error as the BOA website doesn’t support tls 1.1 or 1.0 as of this writing.

$ curl https://www.bankofamerica.com/ -verbose --tls-max 1.1

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 171.161.118.100:443...
* Connected to www.bankofamerica.com (171.161.118.100) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
  CApath: none
} [5 bytes data]
* TLSv1.1 (OUT), TLS handshake, Client hello (1):
} [147 bytes data]
* TLSv1.1 (IN), TLS alert, handshake failure (552):
{ [2 bytes data]
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Closing connection 0
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
Curl command to check what ciphers the webserver supports ?

–cipher ciphername.

curl https://www.bankofamerica.com/ --tls-max 1.2 --cipher AES128-SHA -verbose

curl https://www.bankofamerica.com/ --tls-max 1.2 --cipher ECDHE-RSA-AES128-GCM-SHA256 --verbose
%d bloggers like this: