How to display TLS server extensions on FreeBSD
Use openssl command-line utility to display TLS server extensions.
#!/usr/local/bin/bash
# Display TLS extensions
#
# Example:
# $ get_tls_extensions.sh sleeplessbeastie.eu
# Negotiated TLS version: TLSv1.2
# TLS extensions:
# - EC point formats
# - extended master secret
# - session ticket
# - renegotiation info
#
# $ get_tls_extensions.sh debian.org
# Negotiated TLS version: TLSv1.2
# TLS extensions:
# - server name
# - EC point formats
# - session ticket
# - renegotiation info
#
# temporary file
temp_file=$(mktemp)
# delete temporary file on exit
trap "unlink $temp_file" EXIT
if [ "$#" -eq "1" ]; then
website="$1"
host "$website" >&-
if [ "$?" -eq "0" ]; then
echo -n | openssl s_client -servername "$website" -connect "$website":443 -tlsextdebug 2>/dev/null > $temp_file
tls_version=$(cat $temp_file | awk -F: '/^\ *Protocol/ {gsub(" ","",$2);print $2}')
tls_extensions=$(cat $temp_file | gsed -n -e '1,/---/ {s/^TLS server extension \"\(.*\)\" (id=\(.*\)).*/\2:\1/p}' | sort | awk -F: '{print " - " $2}')
echo "Negotiated TLS version: $tls_version"
echo "TLS extensions:"
echo -e "$tls_extensions"
fi
fiYou need to have install port textproc/gsed.
Based on sleeplessbeastie.eu