Wednesday, April 26, 2023

Command to check if particular server URL supports forward secrecy

 These ciphers are employed if Forward Secrecy is supported by server

 openssl s_client -connect server.com:443 -cipher "ECDHE, EECDH"

 openssl s_client -connect server.com:443 -cipher "DHE, EDH"

If the command results in a “sslv3 alert handshake failure” error, the Forward Secrecy property is not supported by the server. 

Command to check ATS configuration of URL in mac

 The below terminal command helps us get detailed ATS check on specific URL

nscurl --ats-diagnostics <URL>