agradmin
asked on
Test for TLS support when visiting websites
PCI regulations call for the removal of SSL and TLS1.0 in cardholder environments. This includes removal of SSL/TLS1.0 web browser support on PC's within such environments.
We are enabling TLS1.1 and TLS1.2 on the PC web browser side, but before disabling the insecure protocols I'd like to test websites to see if they comply with the PCI standard.
I have already tested the effect of disabling SSL + TLS1.0 on a test PC (after enabling TLS1.1, TLS1.2) and the user (my boss) was unable to connect to his bank!
Please pass on your experiences and any tools I could use to test.
Thanks!
We are enabling TLS1.1 and TLS1.2 on the PC web browser side, but before disabling the insecure protocols I'd like to test websites to see if they comply with the PCI standard.
I have already tested the effect of disabling SSL + TLS1.0 on a test PC (after enabling TLS1.1, TLS1.2) and the user (my boss) was unable to connect to his bank!
Please pass on your experiences and any tools I could use to test.
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Dave,
Apologies for any confusion. I am not looking to test our own sites (we have used ssltest for that as you describe) but to gauge the effect of disabling TLS1.0/SSL browser support.
Our ultimate goal is to allow browser clients to connect to only secure sites (ie TLS1.1 and above) but this can't happen until there is global support.
Apologies for any confusion. I am not looking to test our own sites (we have used ssltest for that as you describe) but to gauge the effect of disabling TLS1.0/SSL browser support.
Our ultimate goal is to allow browser clients to connect to only secure sites (ie TLS1.1 and above) but this can't happen until there is global support.
There is also a browser test page at https://www.ssllabs.com/ssltest/viewMyClient.html . However... there is more to it. If your browser does not support at least one of the 'Cipher Suites' along with the necessary version of TLS, then it still isn't going to work. This article has a lot of info on TLS support: http://en.wikipedia.org/wiki/Transport_Layer_Security
ASKER
Sorry Dave, I was confusing your earlier ssltest link with the 'viewmyclient' tool (which is the one we have been using). The SSLtest tool does indeed fit our requirements - thanks for the help!
ASKER
Great tool that will help us move along - thanks for the help!
You're welcome, glad to help.
ASKER
https://paranoidsecurity.nl/
This gives a clear indication of the TLS (SSL) level sites support. If there are other tools out there please contribute so we can share.