IMSoP/cipher-suite-checks.php

## cipher-suite-checks.php
<?php declare(strict_types=1);

$sslLabsData = json_decode(file_get_contents('https://api.ssllabs.com/api/v3/getClients'), true);

$comparisonPolicies = [];

$comparisonPolicies['EC2 FS-1-2-Res-2020-10'] = [
	'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
	'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
	'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
	'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
];

$comparisonPolicies['EC2 FS-1-2-Res-2019-08'] = array_merge(
	$comparisonPolicies['EC2 FS-1-2-Res-2020-10'],
	[
		'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256',
		'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384',
		'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256',
		'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384',
	]
);

$comparisonPolicies['CloudFront TLSv1.2_2021'] = array_merge(
	$comparisonPolicies['EC2 FS-1-2-Res-2020-10'],
	[
		'TLS_AES_128_GCM_SHA256',
		'TLS_AES_256_GCM_SHA384',
		'TLS_CHACHA20_POLY1305_SHA256',
		'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256',
		'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
	]
);

$comparisonPolicies['CloudFront TLSv1.2_2019'] = array_merge(
	$comparisonPolicies['CloudFront TLSv1.2_2021'],
	[
		'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256',
		'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384',
		'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256',
		'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384',
	]
);

$comparisonPolicies['Tenable Recommendation'] = array_merge(
	$comparisonPolicies['CloudFront TLSv1.2_2021'],
	[
		'TLS_RSA_WITH_AES_128_GCM_SHA256',
		'TLS_RSA_WITH_AES_256_GCM_SHA384',
	]
);

echo 'User Agent,Version,', implode(',', array_keys($comparisonPolicies)), "\n";

foreach ( $sslLabsData as $userAgent ) {
	// The "@@@" is a hack to stop Excel trying to be helpful and interpret "8-10" as a date
  // Use find-and-replace in Excel to replace with ' and it will force text format
  // I'm sure there's a better way, but I don't care right now
	echo "{$userAgent['name']},@@@{$userAgent['version']}";
	$uaSuiteNames = array_combine($userAgent['suiteNames'], $userAgent['suiteNames']);

	foreach ($comparisonPolicies as $policyName => $policySuiteNames) {
		$policyMatched = false;
		foreach ( $policySuiteNames as $policySuiteName ) {
			if ( isset($uaSuiteNames[$policySuiteName]) ) {
				$policyMatched = true;
				break;
			}
		}
		echo ',', $policyMatched ? 'Yes' : 'No';
	}
	echo "\n";
}
	<?php declare(strict_types=1);

	$sslLabsData = json_decode(file_get_contents('https://api.ssllabs.com/api/v3/getClients'), true);

	$comparisonPolicies = [];

	$comparisonPolicies['EC2 FS-1-2-Res-2020-10'] = [
	'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
	'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
	'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
	'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
	];

	$comparisonPolicies['EC2 FS-1-2-Res-2019-08'] = array_merge(
	$comparisonPolicies['EC2 FS-1-2-Res-2020-10'],
	[
	'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256',
	'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384',
	'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256',
	'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384',
	]
	);

	$comparisonPolicies['CloudFront TLSv1.2_2021'] = array_merge(
	$comparisonPolicies['EC2 FS-1-2-Res-2020-10'],
	[
	'TLS_AES_128_GCM_SHA256',
	'TLS_AES_256_GCM_SHA384',
	'TLS_CHACHA20_POLY1305_SHA256',
	'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256',
	'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
	]
	);

	$comparisonPolicies['CloudFront TLSv1.2_2019'] = array_merge(
	$comparisonPolicies['CloudFront TLSv1.2_2021'],
	[
	'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256',
	'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384',
	'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256',
	'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384',
	]
	);

	$comparisonPolicies['Tenable Recommendation'] = array_merge(
	$comparisonPolicies['CloudFront TLSv1.2_2021'],
	[
	'TLS_RSA_WITH_AES_128_GCM_SHA256',
	'TLS_RSA_WITH_AES_256_GCM_SHA384',
	]
	);

	echo 'User Agent,Version,', implode(',', array_keys($comparisonPolicies)), "\n";

	foreach ( $sslLabsData as $userAgent ) {
	// The "@@@" is a hack to stop Excel trying to be helpful and interpret "8-10" as a date
	// Use find-and-replace in Excel to replace with ' and it will force text format
	// I'm sure there's a better way, but I don't care right now
	echo "{$userAgent['name']},@@@{$userAgent['version']}";
	$uaSuiteNames = array_combine($userAgent['suiteNames'], $userAgent['suiteNames']);

	foreach ($comparisonPolicies as $policyName => $policySuiteNames) {
	$policyMatched = false;
	foreach ( $policySuiteNames as $policySuiteName ) {
	if ( isset($uaSuiteNames[$policySuiteName]) ) {
	$policyMatched = true;
	break;
	}
	}
	echo ',', $policyMatched ? 'Yes' : 'No';
	}
	echo "\n";
	}