Get the SSLSession from your SSLSocket on your client and use its getProtocol() method.
Oracle JRE/OpenJDK 6 supports SSLv3 and TLS 1.0. You would need at least the IBM JRE 6/7 or Oracle JRE/OpenJDK 7 to get support for TLS 1.1 and TLS 1.2. (This is also related to the available cipher suites, as mentioned in this question.)
You can use the following snippet to get an array of the supported protocols:
SSLContext.getDefault().getSupportedSSLParameters().getProtocols()
If you want it as a whitespace delimited string, e.g. for SMTP negotiation, pass the array to String.join(), i.e.:
String.join(" ", SSLContext.getDefault().getSupportedSSLParameters().getProtocols())
The latter snippet shows in Java 8 on Windows:
SSLv2Hello SSLv3 TLSv1 TLSv1.1 TLSv1.2
And in Java 11 on Windows:
TLSv1.3 TLSv1.2 TLSv1.1 TLSv1 SSLv3 SSLv2Hello
for tomcat 8.5.38 and 8.5.46 (and probably tomcat 7.0x and newer) adding this to the AccessLogValve pattern (in server.xml) - and enabling that Valve - will show the TLS version in use:
%{org.apache.tomcat.util.net.secure_protocol_version}r
eg
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" %{org.apache.tomcat.util.net.secure_protocol_version}r />
This gets the active protocols:
private static String getActiveProtocols() {
try {
return Arrays.toString(SSLContext.getDefault().createSSLEngine().getEnabledProtocols());
} catch (Exception e) {
StringWriter stringWriter = new StringWriter();
e.printStackTrace(new PrintWriter(stringWriter));
return "Unable to get enabled protocols: " + e.getMessage() + LINE_SEPARATOR + stringWriter;
}
}
