testssl.sh VS sslyze

You’re in luck because such a tool exists :) https://testssl.sh/

Run https://testssl.sh/ and see what ciphers are being offered.

There is https://github.com/drwetter/testssl.sh utility. It can help diagnose issues (e.g. diffs between working and non-working sites).

For internal use, there's https://testssl.sh/

The current configuration allows for TLSv1 to TLSv1.3 connections. I can verify those using testssl.sh, the tests will succeed (although correctly mentioning, that TLSv1 and TLSv1.1 should be disabled). Running the tests again after about 5 minutes, the results are different. TLSv1.2 now shows "not offered and downgraded to a weaker protocol".

testssl.sh

For Internally and Externally accessible websites – Can use hostname or IP address Sslyze command line tool - https://github.com/nabla-c0d3/sslyze/releases - current version is 4.1.0

3) If you are technically skilled then there are programs/scripts you can run that will tell you exactly what TLS/SSL settings your router supports by scanning it. I have used https://github.com/nabla-c0d3/sslyze in the past but that was a long time ago so not sure it still works well

There are many notable open-source projects (SSLyze, CipherScan, testssl.sh, tls-scan, …) and several SaaS solutions (CryptCheck, CypherCraft, Hardenize, ImmuniWeb, Mozilla Observatory, SSL Labs, …) to do a security setting analysis, especially when we are talking about TLS, which is the most common and popular cryptographic protocol. However, most of these tools heavily depend on one or more versions of one or more cryptographic protocol libraries, like GnuTLS, OpenSSL, or wolfSSL. But why is this such a problem?

SSLyze - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.