📕 subnode [[@neil/checking for tls 1 2 support on a server]] in 📚 node [[checking-for-tls-1-2-support-on-a-server]]

Checking for TLS 1.2 support on a server

[[Sysadmin]]

I was doing this to check that Mailgun would continue to work for some of our apps following their deprecation of TLS 1.2.

From what I glean from Mailgun's blog post, you need to check that wherever your app is that sends mail via Mailgun, that that server supports TLS 1.2.

You can do this by scanning it with `nmap`:

nmap --script ssl-enum-ciphers -p 443 domain.example

I guess it does a check on the cipher suites that the server is providing.

It will also tell you if any of the ciphers are vulnerable to attacks (and ergo that you need to update the server).

📖 stoas
⥱ context