How to display TLS server extensions on FreeBSD

Use openssl command-line utility to display TLS server extensions.

#!/usr/local/bin/bash
# Display TLS extensions
#
# Example:
#   $ get_tls_extensions.sh sleeplessbeastie.eu
#   Negotiated TLS version: TLSv1.2
#   TLS extensions:
#     - EC point formats
#     - extended master secret
#     - session ticket
#     - renegotiation info
#
#  $ get_tls_extensions.sh debian.org
#  Negotiated TLS version: TLSv1.2
#  TLS extensions:
#    - server name
#    - EC point formats
#    - session ticket
#    - renegotiation info
#

# temporary file
temp_file=$(mktemp)                                                                           
                                                                                                     
# delete temporary file on exit                                                                      
trap "unlink $temp_file" EXIT    

if [ "$#" -eq "1" ]; then
  website="$1"
  host "$website" >&-
  if [ "$?" -eq "0" ]; then
    echo -n | openssl s_client -servername "$website" -connect "$website":443 -tlsextdebug 2>/dev/null > $temp_file
    tls_version=$(cat $temp_file | awk -F:  '/^\ *Protocol/ {gsub(" ","",$2);print $2}')
    tls_extensions=$(cat $temp_file | gsed -n -e '1,/---/ {s/^TLS server extension \"\(.*\)\" (id=\(.*\)).*/\2:\1/p}' | sort | awk -F: '{print "  - " $2}')

    echo "Negotiated TLS version: $tls_version"
    echo "TLS extensions:"
    echo -e "$tls_extensions"
  fi
fi

You need to have install port textproc/gsed.

Based on sleeplessbeastie.eu