Skip to content

Instantly share code, notes, and snippets.

@divergentdave divergentdave/arctest.py
Last active Sep 9, 2016

Embed
What would you like to do?
ARC TLS cipher suite list test
#!/usr/bin/env python3
import socket
import ssl
original = 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA'
print(ssl.OPENSSL_VERSION) # OpenSSL 1.0.2g-fips 1 Mar 2016
ciphers = original.split(':')
print(ciphers.index('DES-CBC3-SHA')) # 95
ciphers.remove('DES-CBC3-SHA')
for i in range(96):
new_ciphers = ":".join(ciphers[:i] + ['DES-CBC3-SHA'] + ciphers[i:])
s = ssl.wrap_socket(socket.socket(), ciphers=new_ciphers)
try:
s.connect(('www.arc.gov', 443))
print("%d: success" % i)
except ssl.SSLEOFError:
print("%d: failure" % i)
# success for i <= 70, failure for i >= 71
$ ./arctest.py
OpenSSL 1.0.2g-fips 1 Mar 2016
95
0: success
1: success
2: success
3: success
4: success
5: success
6: success
7: success
8: success
9: success
10: success
11: success
12: success
13: success
14: success
15: success
16: success
17: success
18: success
19: success
20: success
21: success
22: success
23: success
24: success
25: success
26: success
27: success
28: success
29: success
30: success
31: success
32: success
33: success
34: success
35: success
36: success
37: success
38: success
39: success
40: success
41: success
42: success
43: success
44: success
45: success
46: success
47: success
48: success
49: success
50: success
51: success
52: success
53: success
54: success
55: success
56: success
57: success
58: success
59: success
60: success
61: success
62: success
63: success
64: success
65: success
66: success
67: success
68: success
69: success
70: success
71: failure
72: failure
73: failure
74: failure
75: failure
76: failure
77: failure
78: failure
79: failure
80: failure
81: failure
82: failure
83: failure
84: failure
85: failure
86: failure
87: failure
88: failure
89: failure
90: failure
91: failure
92: failure
93: failure
94: failure
95: failure
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.