You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: JCtech2025
JCtech2025 Author
User level: Level 1
12 points

How to Verify and Enable TLS Versions on macOS for Network Connection?

Hi All,


Recently at one of our clients, they had a security device installed. To connect to the device over the network, it uses TLS 1.0 and 1.1. I had to enable both of those on Windows to load the web page. In Windows OS you can go to the Internet properties and enable TLS.


Question is on MacOS, how would I verify what version of tls is enabled, and enable the version needed? Can it be done in MacOS? I know it's an outdated protocol, also a different os, however they do need the ability to connect to the device while onsite. Also not everyone in the building uses Windows.


Thanks


[Re-Titled by Moderator]

Posted on May 6, 2024 11:53 AM

Reply
6 replies
User profile for user: Tesserax
Tesserax
User level: Level 10
151,653 points

May 6, 2024 12:29 PM in response to JCtech2025

Just be aware that both TLS 1.0 & 1.1 are no longer considered secure. Apple added TLS 1.2 support way back with OS X 10.9 Mavericks. I believe all current macOS releases now support TLS 1.3. Your client should be very wary at using a security device that only supports TLS 1.x.


To verify which versions of TLS are supported on a Mac, you have at least two options:


Option #1: Use the openssl command in the Terminal app

  • Open Terminal on your Mac.
  • Type one of the following commands:
    • For TLSv1: openssl s_client -connect example.com:443 -tls1
    • For TLSv1.1: openssl s_client -connect example.com:443 -tls1_1
    • For TLSv1.2: openssl s_client -connect example.com:443 -tls1_2
    • For TLSv1.3: openssl s_client -connect example.com:443 -tls1_3
  • If the connection is successful, you will see the last line in the results as: Verify return code: 0 (ok)
  • Use <ctrl><C> to exit the command, or just wait for it to exit by itself.
  • Enter exit, then press the <enter> key to close the Terminal window.


Option #2: Using a web browser

  1. Open your preferred web browser.
  2. Navigate to a website like https://www.ssllabs.com/ssltest/viewMyClient.html. This site will analyze the connection and report the highest version of TLS that your browser supports.
  3. This method reflects the TLS support of your browser rather than the entire operating system, but since browsers use system libraries for TLS, it's a good approximation.
Reply
User profile for user: JCtech2025
JCtech2025 Author
User level: Level 1
12 points

May 6, 2024 1:40 PM in response to Tesserax

Thanks for the info. I understand it's no longer considered secure. The vendor of the device, I guess has no plans to update the device to support the more secure tls. The staff need access to the device while onsite. I know my way around Windows still better than MacOS right now, and since I setup access to the device on their Windows machines, I was to replicate the same functionality if you will for the Mac users, for now, if that makes sense.


In the example above where it says example.com, I'm guessing I replace that with the ip of the device? Also if a version of tis does not work, does that mean there is no way to (enable support) if you will?


Thanks again

Reply
User profile for user: Tesserax
Tesserax
User level: Level 10
151,653 points

May 6, 2024 3:27 PM in response to JCtech2025

JCtech2025 wrote:

In the example above where it says example.com, I'm guessing I replace that with the ip of the device?

No, it's an actual "placeholder" website that you can test TLS connectivity to ... and, yes, you can certainly substitute the IP address of the device you want to the test. This command is checking to see if the test "site" will allow TLS connectivity between the Mac and the site for each TLS version.


FWIW, I just tested it from my Mac for all versions and it was successful. That Mac is a 2023 M2 Pro Mac mini, running macOS Sonoma 14.4.1.


Also if a version of tis does not work, does that mean there is no way to (enable support) if you will?

If a particular version does not work, that would mean that version is currently not supported. All variations of the command can be found in the MAN.

Reply

How to Verify and Enable TLS Versions on macOS for Network Connection?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up