Skip to content

Instantly share code, notes, and snippets.

@mtigas

mtigas/ciphertest.sh

Last active February 12, 2018 13:22
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save mtigas/7608221 to your computer and use it in GitHub Desktop.
Save mtigas/7608221 to your computer and use it in GitHub Desktop.
Download ZIP
test what SSL ciphersuites a given server supports
Raw
ciphertest.sh
#!/usr/bin/env bash
#
# Modified version of http://superuser.com/a/224263
#
# You should make sure you have an OpenSSL 1.0.1+ installed. (Mac OS X? Use homebrew.
# This script automatically hooks into homebrew's installation of 1.0.1e, see line 22.)
#
#######
#
# usage:
# ./ciphertest.sh $server
# where $server is a server:port combination for an website on an SSL port (almost always 443)
#
# i.e.:
# ./ciphertest.sh mike.tig.as:443
# ./ciphertest.sh www.propublica.org:443
# ./ciphertest.sh projects.propublica.org:443
#
#######
# for homebrew-installed openssl 1.0.1, so you can test as many ciphers as possible.
# you'll want to install homebrew and then "brew install openssl" first.
export PATH=/usr/local/Cellar/openssl/1.0.1e/bin:$PATH
SERVER=$1
DELAY=0.25
ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g')
echo Obtaining cipher list from $(openssl version).
for cipher in ${ciphers[@]}
do
#echo -n Testing $cipher...
result=$(echo -n | openssl s_client -cipher "$cipher" -connect $SERVER 2>&1)
if [[ "$result" =~ "Cipher is $cipher" ]] ; then
#echo YES
echo $cipher
else
if [[ "$result" =~ ":error:" ]] ; then
error=$(echo -n $result | cut -d':' -f6)
#echo NO \($error\)
#else
#echo UNKNOWN RESPONSE
#echo $result
fi
fi
sleep $DELAY
done
Raw
z1.txt
$ ./ciphertest.sh mike.tig.as:443
Obtaining cipher list from OpenSSL 1.0.1e 11 Feb 2013.
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-RSA-AES256-SHA
AES256-GCM-SHA384
AES256-SHA256
AES256-SHA
ECDHE-RSA-DES-CBC3-SHA
EDH-RSA-DES-CBC3-SHA
DES-CBC3-SHA
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA
AES128-GCM-SHA256
AES128-SHA256
AES128-SHA
Raw
z2.txt
$ ./ciphertest.sh www.propublica.org:443
Obtaining cipher list from OpenSSL 1.0.1e 11 Feb 2013.
DHE-RSA-AES256-SHA
AES256-SHA
EDH-RSA-DES-CBC3-SHA
DES-CBC3-SHA
DHE-RSA-AES128-SHA
AES128-SHA
RC4-SHA
RC4-MD5
RC4-MD5
EDH-RSA-DES-CBC-SHA
DES-CBC-SHA
EXP-DES-CBC-SHA
EXP-RC2-CBC-MD5
EXP-RC2-CBC-MD5
EXP-RC4-MD5
EXP-RC4-MD5
Raw
z3.txt
$ ./ciphertest.sh projects.propublica.org:443
Obtaining cipher list from OpenSSL 1.0.1e 11 Feb 2013.
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-RSA-AES256-SHA
DHE-RSA-CAMELLIA256-SHA
AES256-GCM-SHA384
AES256-SHA256
AES256-SHA
CAMELLIA256-SHA
ECDHE-RSA-DES-CBC3-SHA
EDH-RSA-DES-CBC3-SHA
DES-CBC3-SHA
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-RSA-CAMELLIA128-SHA
AES128-GCM-SHA256
AES128-SHA256
AES128-SHA
CAMELLIA128-SHA
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment