Created
February 24, 2021 10:36
-
-
Save gmaslowski/9731593f820bf1c8f17b81ee658795be to your computer and use it in GitHub Desktop.
Check supoported SLL ciphers via provided OpenSSL binary.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Usage ./openssl_check_ciphers.sh host [/path/to/openssl/binary] | |
| set -o errtrace | |
| set -o nounset | |
| set -o pipefail | |
| if ! [ $1 ]; | |
| then | |
| echo syntax: $0 host [-v] | |
| exit | |
| fi | |
| SERVER=$1:443 | |
| OPENSSL_LOCATION=${2:-openssl} | |
| DELAY=0 | |
| ciphers=`openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g'` | |
| echo Obtaining cipher list from `$OPENSSL_LOCATION version`. | |
| for cipherLine in `${OPENSSL_LOCATION} ciphers -v | awk '{print $1,":: "$5}' | sed -e "s/ :: Enc=[^(]*(/,/" -e "s/)$//"`; | |
| do | |
| cipher=`echo $cipherLine | sed "s/,.*//"` | |
| bits=`echo $cipherLine | sed "s/[^,]*,//"` | |
| result=`echo -n | ${OPENSSL_LOCATION} s_client -cipher "$cipher" -connect $SERVER 2>&1` | |
| if [[ "$result" =~ "Cipher is $cipher" ]] ; then | |
| echo "$cipher ($bits bits)... YES" | |
| else | |
| if [[ "$result" =~ "Cipher is (NONE)" ]] ; then | |
| error=`echo -n $result | cut -d':' -f6` | |
| echo "$cipher ($bits bits)... NO ($error)" | |
| else | |
| echo "$cipher ($bits bits)... UNKNOWN RESPONSE" | |
| fi | |
| fi | |
| sleep $DELAY | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment