Check TLS versions required by a host
Simple and easy: $ nmap --script ssl-enum-ciphers -p 443 www.google.com Will returns: Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-03 15:48 UTC Nmap scan report for www.google.com (142.251.39.100) Host is up (0.020s latency). Other addresses for www.google.com (not scanned): 2a00:1450:400e:811::2004 rDNS record for 142.251.39.100: ams15s48-in-f4.1e100.net PORT STATE SERVICE 443/tcp open https | ssl-enum-ciphers: | TLSv1.0: | ciphers: | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | compressors: | NULL | cipher preference: server | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | TLSv1....