How to display TLS server extensions

Use openssl command line utility to display TLS server extensions.

Shell script.

#!/bin/bash
# Display TLS extensions
#
# Example:
#   $ get_tls_extensions.sh sleeplessbeastie.eu
#   Negotiated TLS version: TLSv1.2
#   TLS extensions:
#     - EC point formats
#     - extended master secret
#     - session ticket
#     - renegotiation info
#
#  $ get_tls_extensions.sh debian.org
#  Negotiated TLS version: TLSv1.2
#  TLS extensions:
#    - server name
#    - EC point formats
#    - session ticket
#    - renegotiation info
#

# temporary file
temp_file=$(mktemp)                                                                           
                                                                                                     
# delete temporary file on exit                                                                      
trap "unlink $temp_file" EXIT    

if [ "$#" -eq "1" ]; then
  website="$1"
  host "$website" >&-
  if [ "$?" -eq "0" ]; then
    echo -n | openssl s_client -servername "$website" -connect "$website":443 -tlsextdebug 2>/dev/null > $temp_file
    tls_version=$(cat $temp_file | awk -F:  '/^\ *Protocol/ {gsub(" ","",$2);print $2}')
    tls_extensions=$(cat $temp_file | sed -n -e '1,/---/ {s/^TLS server extension \"\(.*\)\" (id=\(.*\)).*/\2:\1/p}' | sort | awk -F: '{print "  - " $2}')

    echo "Negotiated TLS version: $tls_version"
    echo "TLS extensions:"
    echo -e "$tls_extensions"
  fi
fi

Sample usage.

$ bash get_tls_extensions.sh linux.com
Negotiated TLS version: TLSv1.2
TLS extensions:
  - server name
  - EC point formats
  - extended master secret
  - session ticket
  - renegotiation info
$ bash get_tls_extensions.sh lwn.net
Negotiated TLS version: TLSv1.2
TLS extensions:
  - server name
  - EC point formats
  - session ticket
  - renegotiation info

Additional information

Milosz Galazka's Picture

About Milosz Galazka

Milosz is a Linux Foundation Certified Engineer working for a successful Polish company as a system administrator and a long time supporter of Free Software Foundation and Debian operating system.