Test advertised ciphersuites from a TLS-enabled server

test_ciphers_with_certs.sh

#!/usr/bin/env bash
#
# By Romeo Ninov: https://superuser.com/a/224263
#

# OpenSSL requires the port number.
SERVER=$1
DELAY=1
ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g')

echo Obtaining cipher list from $(openssl version).

for cipher in ${ciphers[@]}
do
echo -n Testing $cipher...
result=$(echo -n | openssl s_client -cipher "$cipher" -connect $SERVER 2>&1)
if [[ "$result" =~ ":error:" ]] ; then
  error=$(echo -n $result | cut -d':' -f6)
  echo NO \($error\)
else
  if [[ "$result" =~ "Cipher is ${cipher}" || "$result" =~ "Cipher    :" ]] ; then
    echo YES
  else
    echo UNKNOWN RESPONSE
    echo $result
  fi
fi
sleep $DELAY
done

#########################
#
# Sample output showing 3 unsupported ciphers, and 1 supported cipher:
#
#  $ ./test_ciphers 192.168.1.11:443
#
#  Obtaining cipher list from OpenSSL 0.9.8k 25 Mar 2009.
#  Testing ADH-AES256-SHA...NO (sslv3 alert handshake failure)
#  Testing DHE-RSA-AES256-SHA...NO (sslv3 alert handshake failure)
#  Testing DHE-DSS-AES256-SHA...NO (sslv3 alert handshake failure)
#  Testing AES256-SHA...YES
#
# With more modern ciphers, running on Ubuntu 18:
#
#  Obtaining cipher list from OpenSSL 1.1.0g 2 Nov 2017.
#  Testing ECDHE-ECDSA-AES256-GCM-SHA384...YES
#  Testing ECDHE-RSA-AES256-GCM-SHA384...YES
#  Testing DHE-DSS-AES256-GCM-SHA384...YES
#  Testing DHE-RSA-AES256-GCM-SHA384...YES
#  Testing ECDHE-ECDSA-CHACHA20-POLY1305...YES
#  Testing ECDHE-RSA-CHACHA20-POLY1305...YES
#  Testing DHE-RSA-CHACHA20-POLY1305...YES
#  Testing ECDHE-ECDSA-AES256-CCM8...YES
#  Testing ECDHE-ECDSA-AES256-CCM...YES
#  Testing DHE-RSA-AES256-CCM8...YES
#  Testing DHE-RSA-AES256-CCM...YES
#  Testing ADH-AES256-GCM-SHA384...NO (no ciphers available)