Verify if curl is using TLS

Question

In my PHP app I use PHP\'s CURL and openssl, to connect and talk using SOAP. Until now, remote server supported SSL and TLS but because of \"poodle\" bug, admin decided to d

Answer 1

Short Answer

Make a request with curl to https://www.howsmyssl.com/

tls_version;

that should output what TLS version was used to connect.

Digging Deeper

Curl relies on the underlying OpenSSL (or NSS) library to do the negotiation of the secure connection. So I believe the right question to ask here is what is the OpenSSL library capable of. If it can handle a TLS connection, then curl can handle a TLS connection.

So how to figure out what the openssl (or NSS) library is capable of?

which is going to dump out something like

OpenSSL/1.0.1k

Then you can go and have a look at the release notes for that version and see if it includes TLS support.

OpenSSL Release notes - https://www.openssl.org/news/changelog.html

NSS Release notes - https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases

Spoiler Alert

• openssl includes support for TLS v1.1 and TLS v1.2 in OpenSSL 1.0.1 [14 Mar 2012]
• NSS included support for TLS v1.1 in 3.14
• NSS included support for TLS v1.2 in 3.15