NMAP will be used to validate the cipher suites and TLS versions available, what the server responds to.
Restricting these can be accomplished through both the ouputs.conf and web.conf files - see here: https://docs.splunk.com/Documentation/Splunk/7.0.0/Security/SetyourSSLversion and here http://docs.splunk.com/Documentation/Splunk/7.0.0/Admin/Webconf .
If you adjust these on the server side, you can see the differences in output from these tools, especially in regards to ciphersuites and TLS. Realistically, the outputs on the client should match the web.conf on the server in order to force compliance to a standard protocol and cipher suite. (This will ensure you're compliant at a certain level.) Otherwise there really isnt a way to validate what the connection is using unless you go through the internal logs.
... View more