This article describes how to verify what SSL protocols your CloudBees CD (CloudBees Flow) server supports.
Solution
You can get this information using these methods.
Method 1 - Check supported SSL protocols using nmap utility
For Linux:
-
Install the utility nmap. On Ubuntu, you can do this using command
sudo apt-get install nmap
-
Execute the following command
nmap --script ssl-enum-ciphers -p8443 > ssl_protocols_supported.txt
Running this command from the client to the server endpoint will show the SSL ciphers available on the server for the various SSL protocols.
-
Check supported SSL protocols in ssl_protocols_supported.txt file
Method 2 - Check supported SSL protocols using openssl utility
You can use openssl to verify if the server supports that protocol like SSLv3, TLSv1.2 etc.
For Linux:
-
Run "openssl s_client -help" to see to see the different options and openssl supported protocols. It would show options like:
-ssl2 - just use SSLv2 -ssl3 - just use SSLv3 -tls1 - just use TLSv1 -dtls1 - just use DTLSv1 -tls1_2 - just use TLSv1.2
-
Specify the option for the protocol that you would like to use and execute commands from below example with this option. For example, for TLSv1.2 protocol
sudo -i
then
export LD_LIBRARY_PATH=/opt/electriccloud/electriccommander/lib && /opt/electriccloud/electriccommander/bin/openssl s_client -connect :8443 -tls1_2 > connect_handshake.txt 2>&1
Try to use Ctrl+C if the second command is not completing
-
Examine output in file connect_handshake.txt. CloudBees CD (CloudBees Flow) server supports specified SSL protocol if the SSL handshake was successful.
For Windows:
-
Run cmd.exe as Administrator
-
Run "openssl s_client -help" to see to see the different options and openssl supported protocols. It would show options like:
-ssl2 - just use SSLv2 -ssl3 - just use SSLv3 -tls1 - just use TLSv1 -dtls1 - just use DTLSv1 -tls1_2 - just use TLSv1.2
-
Specify the option for the protocol that you would like to use and execute command from below example with this option. For example, for TLSv1.2 protocol
set LD_LIBRARY_PATH="c:\Program Files\Electric Cloud\ElectricCommander\lib" && "c:\Program Files\Electric Cloud\ElectricCommander\bin\openssl.exe" "s_client" "-connect" "" "-tls1_2" > connect_handshake.txt
Try to use Ctrl+C if the command is not completing
-
Examine output in file connect_handshake.txt. CloudBees CD (CloudBees Flow) server supports specified SSL protocol if the SSL handshake was successful.
Applies to
Product versions: All
OS versions: Linux, Windows