Created
July 12, 2023 06:22
-
-
Save rdkls/e768a22e8cc46db3c9328694e7ca11e5 to your computer and use it in GitHub Desktop.
list tls ciphers supported by a host
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Check if the host argument is provided | |
| if [ -z "$1" ]; then | |
| echo "Usage: $0 host" | |
| exit 1 | |
| fi | |
| # Get the host name | |
| host=$1 | |
| # Get the list of all ciphers supported by openssl | |
| ciphers=$(openssl ciphers 'ALL:eNULL') | |
| # Initialize two arrays to store the supported and unsupported ciphers | |
| supported=() | |
| unsupported=() | |
| # Loop through each cipher | |
| for cipher in ${ciphers//:/ }; do | |
| # Try to connect to the host using the cipher | |
| result=$(echo -n | openssl s_client -cipher "$cipher" -connect $host:443 2>&1) | |
| # Check if the connection was successful | |
| if [[ "$result" =~ "Cipher is ${cipher}" ]]; then | |
| # Add the cipher to the supported array | |
| supported+=("$cipher") | |
| else | |
| # Add the cipher to the unsupported array | |
| unsupported+=("$cipher") | |
| fi | |
| done | |
| # Print the supported ciphers with a header | |
| printf "\nSupported ciphers:\n" | |
| printf "%s\n" "${supported[@]}" | |
| # Print the unsupported ciphers with a header | |
| printf "\nUnsupported ciphers:\n" | |
| printf "%s\n" "${unsupported[@]}" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment