ssl-ciphers.sh

#! /bin/bash

set -e

function usage() {
	echo "Usage: $0 [-OPENSSL_FLAG...] SERVER:PORT" >&2
	exit 1
}

# Romeo Ninov
# Oct 26 '17 at 15:47
# https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers

flags=()

while (( $# )) ; do
    opt="$1"
    shift
    case "${opt}" in
        -h)
            usage
            ;;
        -*)
            flags+=("${opt}")
            ;;
        *)
            server="${opt}"
            break
            ;;
    esac
done
! (( $# )) || usage
echo "Obtaining cipher list from $(openssl version)".
ciphers=($(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g'))

successful_ciphers=()

for cipher in "${ciphers[@]}" ; do
    printf "%-40s " "${cipher}"
    message=
    err=0
    message=$(openssl s_client "${flags[@]}" -cipher "${cipher}" -connect "${server}" -quiet -no_ign_eof < /dev/null 2>&1) || err=$?
    mapfile -t messages <<< "${message}"
    if (( err )) ; then
        if [[ "${messages[-1]}" =~ ^([^:]+):(error):([^:]+):([^:]+):([^:]+):([^:]+):.* ]] ; then
            printf "%s\n" "NO (${BASH_REMATCH[6]})"
        else
            printf "%s\n" "NO (exit code ${err}, output ends with: ${messages[-1]})"
        fi
    else
        if [[ "${messages[-1]}" == "DONE" ]] ; then
            printf "%s\n" "YES"
            successful_ciphers+=("${cipher}")
        else
            printf "%s\n" "SEEMS OK (exit code 0, output ends with: ${messages[-1]})"
        fi
    fi
done

printf "\n\n%s\n\n" "Successful ciphers:"
for cipher in "${successful_ciphers[@]}" ; do
    printf "%s\n" "${cipher}"
done