Checking which Ciphers a server supports with OpenSSL (BASH)

Ben Tasker

2021-05-26 08:04

Category: BASH

Sometimes it's helpful to be able to list which SSL/TLS ciphers a remote server supports.

This snippet allows you to connect with OpenSSL in order to generate a list (but can only check those supported by the system you're running it on)

Details

Language: BASH

Snippet

#!/usr/bin/bash
#
#
# Usage: test_ciphers.sh [host:port]
#
# Example: test_ciphers.sh www.google.com:443
#
SERVER=${1:-"google.com:443"}
DELAY=${DELAY:-1}
ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g')

echo "Testing $SERVER"
echo "Obtaining cipher list from " $(openssl version).

for cipher in ${ciphers[@]}
do
echo -n Testing $cipher...
result=$(echo -n | openssl s_client -cipher "$cipher" -connect $SERVER 2>&1)
if [[ "$result" =~ ":error:" ]] ; then
  error=$(echo -n $result | cut -d':' -f6)
  echo NO \($error\)
else
  if [[ "$result" =~ "Cipher is ${cipher}" || "$result" =~ "Cipher    :" ]] ; then
    echo YES
  else
    echo UNKNOWN RESPONSE
    echo $result
  fi
fi
sleep $DELAY
done

Usage Example

./test_ciphers.sh www.google.com:443