Check OpenSSL Version

TL;DR

Find out what version of OpenSSL a server is running using the command line.

How to Check OpenSSL Version

1. Using openssl s_client: This is the most common method.
   • Open your terminal or command prompt.
   • Run the following command, replacing target_host with the server’s address (e.g., example.com) and port with the port number (usually 443 for HTTPS):

     openssl s_client -connect target_host:port

   • Look for a line that starts with “SSL version”. For example:

     SSL version: TLSv1.2 / SSLv3
     

   • Press Ctrl+D to exit the command.
2. Using openssl version (local machine): This shows your *own* OpenSSL version, not the server’s.
   • Open your terminal or command prompt.
   • Run:

     openssl version

   • The output will look something like this:

     OpenSSL 3.0.2 15 Mar 2022
     

3. Using Nmap (if installed): Nmap can also detect OpenSSL versions.
   • Run the following command, replacing target_host with the server’s address:

     nmap -p 443 --script ssl-cert target_host

   • Look for the “TLS/SSL Version” line in the output.
4. Using online tools: Several websites offer OpenSSL version detection.
   • Search on Google for ‘OpenSSL version checker’. Be cautious about entering sensitive information into untrusted sites.

Important Notes

• The openssl s_client method connects to the server and retrieves its certificate, which includes the OpenSSL version used when the certificate was generated.
• The reported version might not be the *current* version of OpenSSL running on the server if the certificate hasn’t been renewed recently.
• Always keep your own OpenSSL installation up to date for cyber security reasons.