Last active
September 3, 2020 11:28
-
-
Save pedroamador/19c8b58ba85747452ba969c9350e88f0 to your computer and use it in GitHub Desktop.
Check all SSL ciphers for a particular server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# usage: ./check-all-ciphers.sh server:port | |
# Credits to https://superuser.com/a/224263 | |
# Disable all proxy env vars | |
unset $(export|grep proxy -i|cut -f 3 -d " "|cut -f 1 -d "=") | |
# OpenSSL requires the port number. | |
SERVER=$1 | |
# You can add a delay between the individual checks | |
DELAY=0 | |
# Get cipher list | |
ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g') | |
echo Obtaining cipher list from $(openssl version). | |
# Check loop | |
for cipher in ${ciphers[@]} | |
do | |
echo -n Testing $cipher... | |
result=$(echo -n | openssl s_client -cipher "$cipher" -connect $SERVER 2>&1) | |
cipherinfo="$(echo -e "$result"|grep "^New,")" | |
if [[ "$result" =~ "Cipher is (NONE)" ]] ; then | |
error=$(echo -n $result | cut -d':' -f6) | |
echo -e "NO [Cipher info: $cipherinfo] [Error: $error]" | |
else | |
if [[ "$result" =~ "Cipher is ${cipher}" || "$result" =~ "Cipher :" ]] ; then | |
echo -e "YES [Cipher info: $cipherinfo]" | |
else | |
echo UNKNOWN RESPONSE | |
echo $result | |
fi | |
fi | |
sleep $DELAY | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment