As of the time of writing, TLS 1.0 and 1.1 are not deemed safe anymore and prone to mane-in-the-middle attacks. It is recommended to only support TLS 1.2+.
On Linux you can check if your webserver accepts TLS 1.0 or TLS 1.1 via the following command:
Check TLS 1.0 / 1.1 / 1.2 / 1.3
openssl s_client -connect lanedirt.tech:443 -tls1 # tls 1.0 openssl s_client -connect lanedirt.tech:443 -tls1_1 # tls 1.1 openssl s_client -connect lanedirt.tech:443 -tls1_2 # tls 1.2 openssl s_client -connect lanedirt.tech:443 -tls1_3 # tls 1.3
If the server does NOT support the tested TLS version, you should get a message like follows which states “no peer certificate available”.
CONNECTED(00000003) 140295707531072:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:ssl/record/rec_layer_s3.c:1544:SSL alert number 70 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 104 bytes Verification: OK ---
If the server DOES support the tested TLS version, you will get a different message which shows the SSL certificate chain, like follows:
openssl s_client -connect lanedirt.tech:443 -tls1_2 CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = lanedirt.tech verify return:1 --- Certificate chain 0 s:CN = lanedirt.tech i:C = US, O = Let's Encrypt, CN = R3 1 s:C = US, O = Let's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 ---