Get OpenSSL (a list of 3rd party sites here; I went with this one). The connection to your DC thus:
openssl s_client -connect <Domain_Controller>:636
To test a specific version add a switch like -tls1_2 or -tls1_1. If it fails you get an error like this (this was me asking for TLS1.1):
CONNECTED(000002F4)
51720:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:.\ssl\s3_pkt.c:1498:SSL alert number 70
51720:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:.\ssl\s3_pkt.c:659:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 0 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1603452101
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Hope that helps someone!
