divergentdave/arctest.py

## arctest.py
#!/usr/bin/env python3

import socket
import ssl

original = 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA'
print(ssl.OPENSSL_VERSION)  # OpenSSL 1.0.2g-fips  1 Mar 2016
ciphers = original.split(':')
print(ciphers.index('DES-CBC3-SHA'))  # 95
ciphers.remove('DES-CBC3-SHA')
for i in range(96):
    new_ciphers = ":".join(ciphers[:i] + ['DES-CBC3-SHA'] + ciphers[i:])
    s = ssl.wrap_socket(socket.socket(), ciphers=new_ciphers)
    try:
        s.connect(('www.arc.gov', 443))
        print("%d: success" % i)
    except ssl.SSLEOFError:
        print("%d: failure" % i)
# success for i <= 70, failure for i >= 71

## output.txt
$ ./arctest.py
OpenSSL 1.0.2g-fips  1 Mar 2016
95
0: success
1: success
2: success
3: success
4: success
5: success
6: success
7: success
8: success
9: success
10: success
11: success
12: success
13: success
14: success
15: success
16: success
17: success
18: success
19: success
20: success
21: success
22: success
23: success
24: success
25: success
26: success
27: success
28: success
29: success
30: success
31: success
32: success
33: success
34: success
35: success
36: success
37: success
38: success
39: success
40: success
41: success
42: success
43: success
44: success
45: success
46: success
47: success
48: success
49: success
50: success
51: success
52: success
53: success
54: success
55: success
56: success
57: success
58: success
59: success
60: success
61: success
62: success
63: success
64: success
65: success
66: success
67: success
68: success
69: success
70: success
71: failure
72: failure
73: failure
74: failure
75: failure
76: failure
77: failure
78: failure
79: failure
80: failure
81: failure
82: failure
83: failure
84: failure
85: failure
86: failure
87: failure
88: failure
89: failure
90: failure
91: failure
92: failure
93: failure
94: failure
95: failure
	#!/usr/bin/env python3

	import socket
	import ssl

	original = 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA'
	print(ssl.OPENSSL_VERSION) # OpenSSL 1.0.2g-fips 1 Mar 2016
	ciphers = original.split(':')
	print(ciphers.index('DES-CBC3-SHA')) # 95
	ciphers.remove('DES-CBC3-SHA')
	for i in range(96):
	new_ciphers = ":".join(ciphers[:i] + ['DES-CBC3-SHA'] + ciphers[i:])
	s = ssl.wrap_socket(socket.socket(), ciphers=new_ciphers)
	try:
	s.connect(('www.arc.gov', 443))
	print("%d: success" % i)
	except ssl.SSLEOFError:
	print("%d: failure" % i)
	# success for i <= 70, failure for i >= 71
	$ ./arctest.py
	OpenSSL 1.0.2g-fips 1 Mar 2016
	95
	0: success
	1: success
	2: success
	3: success
	4: success
	5: success
	6: success
	7: success
	8: success
	9: success
	10: success
	11: success
	12: success
	13: success
	14: success
	15: success
	16: success
	17: success
	18: success
	19: success
	20: success
	21: success
	22: success
	23: success
	24: success
	25: success
	26: success
	27: success
	28: success
	29: success
	30: success
	31: success
	32: success
	33: success
	34: success
	35: success
	36: success
	37: success
	38: success
	39: success
	40: success
	41: success
	42: success
	43: success
	44: success
	45: success
	46: success
	47: success
	48: success
	49: success
	50: success
	51: success
	52: success
	53: success
	54: success
	55: success
	56: success
	57: success
	58: success
	59: success
	60: success
	61: success
	62: success
	63: success
	64: success
	65: success
	66: success
	67: success
	68: success
	69: success
	70: success
	71: failure
	72: failure
	73: failure
	74: failure
	75: failure
	76: failure
	77: failure
	78: failure
	79: failure
	80: failure
	81: failure
	82: failure
	83: failure
	84: failure
	85: failure
	86: failure
	87: failure
	88: failure
	89: failure
	90: failure
	91: failure
	92: failure
	93: failure
	94: failure
	95: failure