How can I see what version of SSL a web server is currently using?

I believe I have disabled SSL 2.0 on my web server (Windows Server 2003). To make sure that it is now using SSL 3.0, how can I check this?

What is the correct way to disable 2.0 and enable 3.0 on a web server?


Solution 1:

IIS will negotiate the SSL version to be used with the client and so should select the highest version that will work with that client. By disabling SSL v2 your are saying that any clients that cannot use V3 will not be able to make an SSL connection, is this what you want?

As far as checking that it is using V3, if you have access to a linux machine (or cygwin on Windows) with openssl installed, you can run this command:

openssl s_client -connect server.com:443 -ssl3

If you can connect, then it is working. Substitute ssl3 for ssl2 if you want to check SSL2.

Solution 2:

Here is the official Microsoft documentation on how to disable a specific SSL protocol.

The openssl test is definitely the easiest. There are binary distributions of openssl available for Windows.