Obtaining cipher list from OpenSSL 0.9.8zg 14 July 2015.
Testing ADH-SEED-SHA NO (sslv3 alert handshake failure)
Testing DHE-RSA-SEED-SHA NO (sslv3 alert handshake failure)
Testing DHE-DSS-SEED-SHA NO (sslv3 alert handshake failure)
Testing SEED-SHA NO (sslv3 alert handshake failure)
Testing ADH-AES256-SHA NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-SHA YES
Testing DHE-DSS-AES256-SHA NO (sslv3 alert handshake failure)
Testing AES256-SHA NO (sslv3 alert handshake failure)
Testing ADH-AES128-SHA NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES128-SHA YES
Testing DHE-DSS-AES128-SHA NO (sslv3 alert handshake failure)
Testing AES128-SHA NO (sslv3 alert handshake failure)
Testing ADH-DES-CBC3-SHA NO (sslv3 alert handshake failure)
Testing ADH-DES-CBC-SHA NO (sslv3 alert handshake failure)
Testing EXP-ADH-DES-CBC-SHA NO (sslv3 alert handshake failure)
Testing ADH-RC4-MD5 NO (sslv3 alert handshake failure)
Testing EXP-ADH-RC4-MD5 NO (sslv3 alert handshake failure)
Testing EDH-RSA-DES-CBC3-SHA NO (sslv3 alert handshake failure)
Testing EDH-RSA-DES-CBC-SHA NO (sslv3 alert handshake failure)
Testing EXP-EDH-RSA-DES-CBC-SHA NO (sslv3 alert handshake failure)
Testing EDH-DSS-DES-CBC3-SHA NO (sslv3 alert handshake failure)
Testing EDH-DSS-DES-CBC-SHA NO (sslv3 alert handshake failure)
Testing EXP-EDH-DSS-DES-CBC-SHA NO (sslv3 alert handshake failure)
Testing DES-CBC3-SHA NO (sslv3 alert handshake failure)
Testing DES-CBC-SHA NO (sslv3 alert handshake failure)
Testing EXP-DES-CBC-SHA NO (sslv3 alert handshake failure)
Testing EXP-RC2-CBC-MD5 NO (sslv3 alert handshake failure)
Testing RC4-SHA NO (sslv3 alert handshake failure)
Testing RC4-MD5 NO (sslv3 alert handshake failure)
Testing EXP-RC4-MD5 NO (sslv3 alert handshake failure)
Testing DES-CBC3-MD5 NO (sslv3 alert handshake failure)
Testing DES-CBC-MD5 NO (sslv3 alert handshake failure)
Testing EXP-RC2-CBC-MD5 NO (sslv3 alert handshake failure)
Testing RC2-CBC-MD5 NO (sslv3 alert handshake failure)
Testing EXP-RC4-MD5 NO (sslv3 alert handshake failure)
Testing RC4-MD5 NO (sslv3 alert handshake failure)
Testing NULL-SHA NO (sslv3 alert handshake failure)
Testing NULL-MD5 NO (sslv3 alert handshake failure)
-
-
Save pburkholder/b8e5d653fa9bd260f2fa7d343f12e429 to your computer and use it in GitHub Desktop.
Uses OpenSSL to test which SSL ciphers are supported on a given backend
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # OpenSSL requires the port number. | |
| SERVER=${1:-127.0.0.1:443} | |
| DELAY=1 | |
| OPENSSL=/usr/local/opt/openssl/bin/openssl | |
| ciphers=$($OPENSSL ciphers 'ALL:eNULL' | gsed -e 's/:/\n/g' | | |
| egrep 'SEED|ECDHE-RSA-AES128-GCM-SHA256|ECDHE-ECDSA-AES128-SHA') | |
| echo Obtaining cipher list from $($OPENSSL version). | |
| for cipher in ${ciphers[@]} | |
| do | |
| # echo Testing $cipher... | |
| result=$(echo -n | $OPENSSL s_client -cipher "$cipher" -connect $SERVER 2>&1) | |
| if [[ "$result" =~ ":error:" ]] ; then | |
| echo ====== FAIL $cipher ======= | |
| error=$(echo -n $result | cut -d':' -f6) | |
| RES="NO ($error)" | |
| echo ====== FAIL $cipher ======= | |
| else | |
| if [[ "$result" =~ "Cipher is ${cipher}" || "$result" =~ "Cipher :" ]] ; then | |
| RES="YES $cipher" | |
| else | |
| RES="UNKNOWN RESPONSE: $cipher" | |
| fi | |
| fi | |
| printf "Testing %-30s %-30s\n" $cipher "$RES" | |
| sleep $DELAY | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment