One of the EMS Servers in my project needs SSL3 disabled. Quickly the question arises how do I test a connection for SSL3 or TLS 1, 1.1 or 1.2 explicitly. There are two tools that can help you there: openssl and nmap. Both tools are available for free and can be used remotely to test your server.
OpenSSL
openssl s_client -connect SERVER:PORT -ssl3 -CApath PATH_TO_TRUSTED_CERTIFICATES -certform DER
For SERVER you enter the hostname or IP Adress of the server you want to test
PORT will be the port that will have SSL or TLS enabled.
PATH_TO_TRUSTED_CERTIFICATES will be path to the trusted certificates. This may be useful for self-signed certificates your server is used. The certform parameter sets the format of the trusted certificates.
Use -ssl3 flag to test explicitly for SSL3. -tls1, -tls1_1 or -tls1_2 is for testing explicitly for TLS 1.0, 1.1 or 1.2.
The output may look like this
SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA
You can deduce a TLS 1.0 connection was made with the DHE-RSA-AES256-SHA cipher suite.
NMAP
nmap is an useful tool too. Here you will be presented with a list of available cipher suites for each protocol.
nmap --script ssl-enum-ciphers SERVER -p PORT
Insert for SERVER the server name or IP adress of your server and for PORT the port number running SSL or TLS.