Skip to content

Instantly share code, notes, and snippets.

@irgeek
Last active March 2, 2016 05:29
Show Gist options
  • Save irgeek/0a41fd8bf4e29e67c6f4 to your computer and use it in GitHub Desktop.
Save irgeek/0a41fd8bf4e29e67c6f4 to your computer and use it in GitHub Desktop.
Script to test SSL cipher availability
#!/bin/bash
#_red() { echo '\e[31m'"$1"'\e[m'; }
#_grn() { echo '\e[32m'"$1"'\e[m'; }
#_ylw() { echo '\e[33m'"$1"'\e[m'; }
test_cipher_proto() {
local cipher endpoint proto proto_flag result ret
cipher=${1}
endpoint=${2}
proto=${3}
proto_flag=$(tr -d v <<< "${proto}" | tr '[A-Z].' '[a-z]_')
result=$(openssl s_client -"${proto_flag}" -cipher "${cipher}" -connect "${SERVER}" 2>&1 <<< "")
ret=$?
if [[ ${ret} -eq 0 ]]; then
printf "\e[32m%-9s\e[m" "${proto}"
else
if [[ "$result" =~ ":error:" ]]; then
printf "\e[31m%-9s\e[m" "${proto}"
else
printf "\e[33m%-9s\e[m" "${proto}"
fi
fi
sleep "${DELAY}"
}
test_cipher() {
local cipher endpoint
cipher=${1}
endpoint=${2}
echo -e "Testing ${cipher}..."
printf " "
for proto in SSLv{2,3} TLSv1{,.1,.2}; do
test_cipher_proto "${cipher}" "${endpoint}" ${proto}
done
printf "\n"
}
SERVER=${1} # needs to be <host>:<port>
DELAY=${2:-1}
echo "Obtaining cipher list from $(openssl version)."
for cipher in $(openssl ciphers 'ALL:eNULL' | tr ':' '\n' | sort -u); do
test_cipher "${cipher}" "${SERVER}"
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment