Curl command to check what tls version or cipher the website or webserver supports.
The below command sets the max tls version to 1.2. As of this writing the bankofamerica.com website supports tls 1.2 and hence the connection was successful.
curl https://www.bankofamerica.com/ -verbose --tls-max 1.2
Now lets set the max tls version as 1.1 or 1.0. It will return an error as the BOA website doesn’t support tls 1.1 or 1.0 as of this writing.
$ curl https://www.bankofamerica.com/ -verbose --tls-max 1.1
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 171.161.118.100:443...
* Connected to www.bankofamerica.com (171.161.118.100) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
CApath: none
} [5 bytes data]
* TLSv1.1 (OUT), TLS handshake, Client hello (1):
} [147 bytes data]
* TLSv1.1 (IN), TLS alert, handshake failure (552):
{ [2 bytes data]
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Closing connection 0
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
Curl command to check what ciphers the webserver supports ?
–cipher ciphername.
curl https://www.bankofamerica.com/ --tls-max 1.2 --cipher AES128-SHA -verbose
curl https://www.bankofamerica.com/ --tls-max 1.2 --cipher ECDHE-RSA-AES128-GCM-SHA256 --verbose