Back to Learning Center
TLS

How to Check the TLS Version of a Website (5 Methods)

5 min read
Updated June 2026By CertNotify Team

Knowing which TLS version a website uses is essential for security audits and compliance. TLS 1.0 and 1.1 are deprecated and insecure. TLS 1.2 is acceptable. TLS 1.3 is the current standard with better performance and security. Here are five ways to check.

TLS 1.0
Deprecated
TLS 1.1
Deprecated
TLS 1.2
Acceptable
TLS 1.3
Recommended

Method 1 — OpenSSL (Most Reliable)

Terminal
# Check negotiated TLS version
openssl s_client -connect example.com:443 -servername example.com 2>/dev/null | grep "Protocol"
# Output example:
Protocol : TLSv1.3
# Force TLS 1.3 specifically to test support
openssl s_client -connect example.com:443 -tls1_3 2>/dev/null | grep "Protocol"
# Force TLS 1.2
openssl s_client -connect example.com:443 -tls1_2 2>/dev/null | grep "Protocol"

Method 2 — curl with Verbose Output

curl -v --silent https://example.com 2>&1 | grep -E "TLSv|SSL"
# Output example:
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384

Method 3 — nmap SSL Enum Script

nmap with the ssl-enum-ciphers script shows all supported TLS versions and cipher suites:

nmap --script ssl-enum-ciphers -p 443 example.com

Look for sections labeled "TLSv1.0", "TLSv1.1", "TLSv1.2", "TLSv1.3". If TLS 1.0 or 1.1 appear, they need to be disabled.

Method 4 — Browser Developer Tools

Chrome / EdgeOpen DevTools (F12) → Security tab → View certificate → scroll to Connection section
FirefoxClick the padlock icon in the address bar → Click "More Information" → Technical Details section
SafariOpen Web Inspector → Network tab → click on the HTTPS request → Headers section

Method 5 — Online Tools

For a quick check without a terminal, use these online tools:

CertNotify SSL Checker
Shows TLS version, cipher suite, and certificate details
SSL Labs SSL Test
Comprehensive test with A–F grade
testssl.sh
Open source CLI tool, excellent for CI/CD pipelines

How to Disable TLS 1.0 and 1.1

Nginx
ssl_protocols TLSv1.2 TLSv1.3;
Apache
SSLProtocol -all +TLSv1.2 +TLSv1.3
AWS ALB
# Use ELBSecurityPolicy-TLS13-1-2-2021-06 security policy

Monitor TLS configuration changes

TLS configurations can change after server updates. Run regular TLS checks and set up monitoring with CertNotify to catch regressions automatically.