Question

I have a droplet. How do I check my TLS version?

Hi all, this is related to not being able to connect to stripe webhooks. It may be because of my TLS version. Stripe webhooks don’t support TLS 1.3. If my version is 1.3, how do I downgrade to TLS 1.2?

Thanks in advance!


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSys
Site Moderator
Site Moderator badge
June 14, 2024

There are a few ways to go about this.

Using NMAP:

nmap --script ssl-enum-ciphers -p 443 <hostname or IP>

You might need to install nmap:

apt install nmap

Using OpenSSL

openssl s_client -connect <hostname or IP>:443 -tls1

For example, if we need to check TLS 1.2 for google.com, the following command can be used:

openssl s_client -connect www.google.com:443 -tls1_2

Another way to check the TLS version is by using the following command:

openssl ciphers -v
alexdo
Site Moderator
Site Moderator badge
June 13, 2024

Heya, @swimminglapiswalrus

You can use online tools like SSL Labs’ SSL Test or use curl from the command line:

curl -I -v --tlsv1.2 https://your_domain

This should confirm that your server is using TLS 1.2 for secure connections.

To downgrade your TLS version to 1.2 on a DigitalOcean droplet, you’ll need to adjust the configuration of your web server (e.g., Nginx or Apache) to ensure it uses TLS 1.2 instead of TLS.

The process will be slightly different if you use Apache or Nginx. If you can share more information I can give you some details on how to set this.

Hope that this helps!

Bobby Iliev
Site Moderator
Site Moderator badge
June 13, 2024

Hey!

To check the TLS version that your server is using, you can use the openssl command from a terminal.

openssl s_client -connect yourdomain.com:443 -tls1_2

If it connects successfully, it indicates that TLS 1.2 is supported. You can change -tls1_2 to -tls1_3 to test for TLS 1.3.

For the configuration itself, if you find out that your server is using TLS 1.3 and you need to downgrade to TLS 1.2, you’ll need to modify the server’s configuration.

This will depend on if you are using Nginx or Apache:

For Nginx:

  1. Edit the Nginx configuration file, usually found at /etc/nginx/nginx.conf or under /etc/nginx/sites-available/. This will depend on the OS that you are using.
  2. Then in that config file modify the SSL protocol settings:
    ssl_protocols TLSv1.2;  # This disables TLSv1.3 and uses only TLSv1.2
    
  3. Then run a config test with sudo nginx -t and if you get Syntax OK, restart Nginx to apply the changes:
    sudo systemctl restart nginx
    

For Apache:

  1. Edit the Apache SSL configuration file, typically located at /etc/apache2/mods-enabled/ssl.conf.
  2. Update the SSLProtocol directive:
    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.3
    
    This configuration enables TLS 1.2 while disabling TLS 1.3 and older versions.
  3. Run a config test with apachectl -t and if you get Syntax OK, restart Apache**:
    sudo systemctl restart apache2
    

After you’ve made these changes, you can re-run the openssl command or use an online service like SSL Labs’ SSL Test to verify the server’s SSL/TLS configuration.

Let me know how it goes!

- Bobby

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel