Test for TLS support when visiting websites

PCI regulations call for the removal of SSL and TLS1.0 in cardholder environments.  This includes removal of SSL/TLS1.0 web browser support on PC's within such environments.

We are enabling TLS1.1 and TLS1.2 on the PC web browser side, but before disabling the insecure protocols I'd like to test websites to see if they comply with the PCI standard.

I have already tested the effect of disabling SSL + TLS1.0 on a test PC (after enabling TLS1.1, TLS1.2) and the user (my boss) was unable to connect to his bank!

Please pass on your experiences and any tools I could use to test.

Thanks!
LVL 1
agradminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
Only your PCI scanning company can tell you whether you pass PCI scans.  I have been using https://www.ssllabs.com/ssltest/ to test servers for SSL/TLS.  The only version of IE that supports TLS 1.2 is IE11.  The current versions of Firefox and Chrome do also as does Opera.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
agradminAuthor Commented:
I have found the following tool;

https://paranoidsecurity.nl/

This gives a clear indication of the TLS (SSL) level sites support. If there are other tools out there please contribute so we can share.
0
agradminAuthor Commented:
Dave,
Apologies for any confusion. I am not looking to test our own sites (we have used ssltest for that as you describe) but to gauge the effect of disabling TLS1.0/SSL browser support.
Our ultimate goal is to allow browser clients to connect to only secure sites (ie TLS1.1 and above) but this can't happen until there is global support.
0
Hey MSSPs! What's your total cost of ownership?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

Dave BaldwinFixer of ProblemsCommented:
There is also a browser test page at https://www.ssllabs.com/ssltest/viewMyClient.html .   However... there is more to it.  If your browser does not support at least one of the 'Cipher Suites' along with the necessary version of TLS, then it still isn't going to work.  This article has a lot of info on TLS support:  http://en.wikipedia.org/wiki/Transport_Layer_Security
0
agradminAuthor Commented:
Sorry Dave, I was confusing your earlier ssltest link with the 'viewmyclient' tool  (which is the one we have been using). The SSLtest tool does indeed fit our requirements - thanks for the help!
0
agradminAuthor Commented:
Great tool that will help us move along - thanks for the help!
0
Dave BaldwinFixer of ProblemsCommented:
You're welcome, glad to help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.