Checking which Ciphers a server supports with OpenSSL



Published: 2021-05-26 08:04:27 +0000
Categories: BASH, Misc,

Language

BASH

Description

Sometimes it's helpful to be able to list which SSL/TLS ciphers a remote server supports.

This snippet allows you to connect with OpenSSL in order to generate a list (but can only check those supported by the system you're running it on)

Snippet

#!/usr/bin/bash
#
#
# Usage: test_ciphers.sh [host:port]
#
# Example: test_ciphers.sh www.google.com:443
#
SERVER=${1:-"google.com:443"}
DELAY=${DELAY:-1}
ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g')

echo "Testing $SERVER"
echo "Obtaining cipher list from " $(openssl version).

for cipher in ${ciphers[@]}
do
echo -n Testing $cipher...
result=$(echo -n | openssl s_client -cipher "$cipher" -connect $SERVER 2>&1)
if [[ "$result" =~ ":error:" ]] ; then
  error=$(echo -n $result | cut -d':' -f6)
  echo NO \($error\)
else
  if [[ "$result" =~ "Cipher is ${cipher}" || "$result" =~ "Cipher    :" ]] ; then
    echo YES
  else
    echo UNKNOWN RESPONSE
    echo $result
  fi
fi
sleep $DELAY
done

Usage Example

./test_ciphers.sh www.google.com:443

Requires

Keywords

bash, ssl, tls, ciphers, openssl, test,

Latest Posts


Copyright © 2022 Ben Tasker | Sitemap | Privacy Policy
Available at snippets.bentasker.co.uk, http://phecoopwm6x7azx26ctuqcp6673bbqkrqfeoiz2wwk36sady5tqbdpqd.onion and http://snippets.bentasker.i2p
hit counter