Check OpenSSL Version

TL;DR

Find out what version of OpenSSL a server is running using the command line.

Using openssl s_client: This is the most common method.
- Open your terminal or command prompt.
- Run the following command, replacing target_host with the server’s address (e.g., example.com) and port with the port number (usually 443 for HTTPS):
```
openssl s_client -connect target_host:port
```
- Look for a line that starts with “SSL version”. For example:
```
SSL version: TLSv1.2 / SSLv3
```
- Press Ctrl+D to exit the command.
Using openssl version (local machine): This shows your *own* OpenSSL version, not the server’s.
- Open your terminal or command prompt.
- Run:
```
openssl version
```
- The output will look something like this:
```
OpenSSL 3.0.2 15 Mar 2022
```
Using Nmap (if installed): Nmap can also detect OpenSSL versions.
- Run the following command, replacing target_host with the server’s address:
```
nmap -p 443 --script ssl-cert target_host
```
- Look for the “TLS/SSL Version” line in the output.
Using online tools: Several websites offer OpenSSL version detection.
- Search on Google for ‘OpenSSL version checker’. Be cautious about entering sensitive information into untrusted sites.

The openssl s_client method connects to the server and retrieves its certificate, which includes the OpenSSL version used when the certificate was generated.
The reported version might not be the *current* version of OpenSSL running on the server if the certificate hasn’t been renewed recently.
Always keep your own OpenSSL installation up to date for cyber security reasons.