Loading

How to test TLS 1.x compatibility to a URL/HTTP endpoint, using cURL

Fecha de publicación: Jul 15, 2025
Tarea

GOAL


You want to test which TLS version is compatible with certain endpoint. And even though there are certain tools to analyze a tcpdump, the TLS handshake or SSL debug, you don't have access to those tools.
 

Pasos


In this KB article, we'll use the cURL tool, since is already present in most of the operating systems nowadays, or in case of Windows, is very easy to install it.

Considering that you want to analyze the TLS compatible version for the endpoint germancorbetta2-dlb.lb.anypointdns.net, you may run the following commands:

  • To test TLS 1.0 compatibility
curl https://germancorbetta2-dlb.lb.anypointdns.net --insecure --tlsv1.0 --tls-max 1.0
  • To test TLS 1.1 compatibility
curl https://germancorbetta2-dlb.lb.anypointdns.net --insecure --tlsv1.1 --tls-max 1.1
  • To test TLS 1.2 compatibility
curl https://germancorbetta2-dlb.lb.anypointdns.net --insecure --tlsv1.2 --tls-max 1.2
  • To test TLS 1.3 compatibility
curl https://germancorbetta2-dlb.lb.anypointdns.net --insecure --tlsv1.3 --tls-max 1.3

If the endpoint is not compatible with the indicated TLS version, you would get a message like: 
curl: (35) error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure

Otherwise, it is compatible!

The "--insecure" parameter, is to allow HTTPS connection without providing a certificate or trust store.

And the "tlsv1.x" parameter, establish the minimum version of TLS to be used. Please note that you may need to update curl to be able to use "tlsv1.3" properly.

Finally the "--tls-max" parameter, force the HTTP message to only allow a specific version of TLS.

[OPTIONAL] In case you want to read more content on the HTTP message, TLS negotiation, headers, payload and more, you may also add the "--verbose" parameter, like this: 
~ curl https://dev.api01.haieramericas.net --insecure --tls-max 1.1 --verbose
*   Trying 34.206.73.227:443...
* Connected to dev.api01.haieramericas.net (34.206.73.227) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure
* Closing connection 0
curl: (35) error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure


 
Número del artículo de conocimiento

001116399

 
Cargando
Salesforce Help | Article