Skip to content

Instantly share code, notes, and snippets.

@sleeyax
Created February 29, 2020 19:39
Show Gist options
  • Save sleeyax/36ca4beeb3588b7d40c7ada961765d4a to your computer and use it in GitHub Desktop.
Save sleeyax/36ca4beeb3588b7d40c7ada961765d4a to your computer and use it in GitHub Desktop.
Identifying TLS/SSL cipher suites

Identifying TLS/SSL cipher suites

A few methods to identify TLS/SSL cipher suites of a website.

nmap

nmap -Pn -p 443 --script=ssl-enum-ciphers <domain or ip>

python

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock = ssl.wrap_socket(s,cert_reqs=ssl.CERT_REQUIRED, ca_certs='/etc/ssl/certs/ca-certificates.crt')
ssl_sock.connect((target, port))
print repr(ssl_sock.getpeername())
print ssl_sock.cipher()

-- output
> ssl-info
('12.34.56.78', 443)
('ECDHE-RSA-AES128-GCM-SHA256', 'TLSv1', 128)

openSSL

openssl s_client -host HOST -port PORT

WireShark

Watch for the 'Server Hello' packet from the server.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment