Skip to content

Instantly share code, notes, and snippets.

@jahir
Last active Apr 6, 2022
Embed
What would you like to do?
#!/usr/bin/env bash
CIPHERS='ALL:eNULL'
DELAY=${2:-0.1}
SERVER=${1:?usage: $0 <host:port> [delay, default is ${DELAY}s] [ciphers, default is ${CIPHERS}]}
MAXLEN=$(openssl ciphers "$CIPHERS" | sed -e 's/:/\n/g' | awk '{ if ( length > L ) { L=length} }END{ print L}')
echo Using $(openssl version).
declare -A TLSMAP=( [tls1_1]=cipher [tls1_2]=cipher [tls1_3]=ciphersuites )
for tlsver in "${!TLSMAP[@]}"
do
echo "Using $tlsver"
ciphers=$(openssl ciphers -$tlsver -s "$CIPHERS" | sed -e 's/:/ /g')
for cipher in ${ciphers[@]}
do
in=$(openssl s_client -$tlsver -${TLSMAP[$tlsver]} "$cipher" -connect $SERVER </dev/null 2>&1)
if [[ "$in" =~ ":error:" ]] ; then
result="NO ($(echo -n $in | cut -d':' -f6))"
else
if [[ "$in" =~ "Cipher is ${cipher}" || "$in" =~ "Cipher :" ]] ; then
result='YES'
else
result="UNKNOWN RESPONSE\n$in"
fi
fi
printf 'Testing %-*s ... %s\n' "$MAXLEN" "$cipher" "$result"
sleep $DELAY
done
done
@nicholaschiasson
Copy link

nicholaschiasson commented Nov 25, 2021

The echo -n messes with the formatting if the result is NO, but I'm not exactly sure how to fix it. 😛

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment