つれづれ日記
TLS サーバーがTLS 1.2 かTLS 1.3で接続し、TLS 1.1以下で接続しないことを確認する テストスクリプト。 batsを使う。

#!/usr/bin/env bats

### bats: bash automated testing system
### https://github.com/sstephenson/bats
### $ sudo dnf install bats 

### Exec: ./t01_tls_versions.bats

HOSTNAME=diary.sshida.com

@test "SSLv3 is rejected" {
  ST=0
  echo | openssl s_client -connect $HOSTNAME:443 -ssl3 > /dev/null || ST=$?
  [ "$ST" -ne 0 ]
}

@test "TLS1 is rejected" {
  ST=0
  echo | openssl s_client -connect $HOSTNAME:443 -tls1 > /dev/null || ST=$?
  [ "$ST" -ne 0 ]
}

@test "TLS1_1 is rejected" {
  ST=0
  echo | openssl s_client -connect $HOSTNAME:443 -tls1_1 > /dev/null || ST=$?
  [ "$ST" -ne 0 ]
}

@test "TLS1_2 is accepted" {
  echo | openssl s_client -connect $HOSTNAME:443 -tls1_2 > /dev/null
}

@test "TLS1_3 is accepted" {
  echo | openssl s_client -connect $HOSTNAME:443 -tls1_3 > /dev/null
}

実行例

$ ./t01_tls_versions.bats
 ✓ SSLv3 is rejected
 ✓ TLS1 is rejected
 ✓ TLS1_1 is rejected
 ✓ TLS1_2 is accepted
 ✓ TLS1_3 is accepted

5 tests, 0 failures