Created
January 22, 2020 22:33
-
-
Save diegoperini/170e326126df2117fcc6c2077630aa42 to your computer and use it in GitHub Desktop.
How to get supported ciphers list from an endpoint
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Source: https://superuser.com/a/224263 | |
| # Usage: bash test_ciphers.bash example.com:443 | |
| # OpenSSL requires the port number. | |
| SERVER=$1 | |
| DELAY=1 | |
| ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g') | |
| echo Obtaining cipher list from $(openssl version). | |
| for cipher in ${ciphers[@]} | |
| do | |
| echo -n Testing $cipher... | |
| result=$(echo -n | openssl s_client -cipher "$cipher" -connect $SERVER 2>&1) | |
| if [[ "$result" =~ ":error:" ]] ; then | |
| error=$(echo -n $result | cut -d':' -f6) | |
| echo NO \($error\) | |
| else | |
| if [[ "$result" =~ "Cipher is ${cipher}" || "$result" =~ "Cipher :" ]] ; then | |
| echo YES | |
| else | |
| echo UNKNOWN RESPONSE | |
| echo $result | |
| fi | |
| fi | |
| sleep $DELAY | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment