Skip to content

Instantly share code, notes, and snippets.

@pexcn
Forked from jahir/ciphercheck.sh
Created July 17, 2022 07:30
Show Gist options
  • Save pexcn/79781320115345d2620b1bc0c21cf044 to your computer and use it in GitHub Desktop.
Save pexcn/79781320115345d2620b1bc0c21cf044 to your computer and use it in GitHub Desktop.
#!/usr/bin/env bash
CIPHERS='ALL:eNULL'
DELAY=${2:-0.1}
SERVER=${1:?usage: $0 <host:port> [delay, default is ${DELAY}s] [ciphers, default is ${CIPHERS}]}
MAXLEN=$(openssl ciphers "$CIPHERS" | sed -e 's/:/\n/g' | awk '{ if ( length > L ) { L=length} }END{ print L}')
echo Using $(openssl version).
declare -A TLSMAP=( [tls1_1]=cipher [tls1_2]=cipher [tls1_3]=ciphersuites )
for tlsver in "${!TLSMAP[@]}"
do
echo "Using $tlsver"
ciphers=$(openssl ciphers -$tlsver -s "$CIPHERS" | sed -e 's/:/ /g')
for cipher in ${ciphers[@]}
do
in=$(openssl s_client -$tlsver -${TLSMAP[$tlsver]} "$cipher" -connect $SERVER </dev/null 2>&1)
if [[ "$in" =~ ":error:" ]] ; then
result="NO ($(echo -n $in | cut -d':' -f6))"
else
if [[ "$in" =~ "Cipher is ${cipher}" || "$in" =~ "Cipher :" ]] ; then
result='YES'
else
result="UNKNOWN RESPONSE\n$in"
fi
fi
printf 'Testing %-*s ... %s\n' "$MAXLEN" "$cipher" "$result"
sleep $DELAY
done
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment