CipherScan ========== A very simple way to find out which SSL ciphersuites are supported by a target. Run: ./CipherScan.sh www.google.com:443 And watch. The newer your version of openssl, the better results you'll get. Older versions of OpenSSL don't support TLS1.2 ciphers, elliptic curves, etc... Build Your Own! Options ------- Enable benchmarking by setting DOBENCHMARK to 1 at the top of the script. Use '-v' to get more stuff to read. Use '-a' to force openssl to test every single cipher it know. Example ------- ``` $ ./CiphersScan.sh www.google.com:443 -a prio ciphersuite protocol 1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 2 ECDHE-RSA-RC4-SHA TLSv1.2 3 ECDHE-RSA-AES128-SHA TLSv1.2 4 AES128-GCM-SHA256 TLSv1.2 5 RC4-SHA TLSv1.2 6 RC4-MD5 TLSv1.2 7 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 8 ECDHE-RSA-AES256-SHA384 TLSv1.2 9 ECDHE-RSA-AES256-SHA TLSv1.2 10 AES256-GCM-SHA384 TLSv1.2 11 AES256-SHA256 TLSv1.2 12 AES256-SHA TLSv1.2 13 ECDHE-RSA-DES-CBC3-SHA TLSv1.2 14 DES-CBC3-SHA TLSv1.2 15 ECDHE-RSA-AES128-SHA256 TLSv1.2 16 AES128-SHA256 TLSv1.2 17 AES128-SHA TLSv1.2 18 (NONE) All accepted ciphersuites KO ADH-AES128-GCM-SHA256 KO ADH-AES128-SHA KO ADH-AES128-SHA256 KO ADH-AES256-GCM-SHA384 KO ADH-AES256-SHA KO ADH-AES256-SHA256 KO ADH-CAMELLIA128-SHA KO ADH-CAMELLIA256-SHA KO ADH-DES-CBC3-SHA KO ADH-DES-CBC-SHA KO ADH-RC4-MD5 KO ADH-SEED-SHA KO AECDH-AES128-SHA KO AECDH-AES256-SHA KO AECDH-DES-CBC3-SHA KO AECDH-NULL-SHA KO AECDH-RC4-SHA OK AES128-GCM-SHA256 OK AES128-SHA OK AES128-SHA256 OK AES256-GCM-SHA384 OK AES256-SHA OK AES256-SHA256 KO CAMELLIA128-SHA KO CAMELLIA256-SHA KO DES-CBC3-MD5 OK DES-CBC3-SHA KO DES-CBC-MD5 KO DES-CBC-SHA KO DH-DSS-AES128-GCM-SHA256 KO DH-DSS-AES128-SHA KO DH-DSS-AES128-SHA256 KO DH-DSS-AES256-GCM-SHA384 KO DH-DSS-AES256-SHA KO DH-DSS-AES256-SHA256 KO DH-DSS-CAMELLIA128-SHA KO DH-DSS-CAMELLIA256-SHA KO DH-DSS-DES-CBC3-SHA KO DH-DSS-DES-CBC-SHA KO DH-DSS-SEED-SHA KO DHE-DSS-AES128-GCM-SHA256 KO DHE-DSS-AES128-SHA KO DHE-DSS-AES128-SHA256 KO DHE-DSS-AES256-GCM-SHA384 KO DHE-DSS-AES256-SHA KO DHE-DSS-AES256-SHA256 KO DHE-DSS-CAMELLIA128-SHA KO DHE-DSS-CAMELLIA256-SHA KO DHE-DSS-SEED-SHA KO DHE-RSA-AES128-GCM-SHA256 KO DHE-RSA-AES128-SHA KO DHE-RSA-AES128-SHA256 KO DHE-RSA-AES256-GCM-SHA384 KO DHE-RSA-AES256-SHA KO DHE-RSA-AES256-SHA256 KO DHE-RSA-CAMELLIA128-SHA KO DHE-RSA-CAMELLIA256-SHA KO DHE-RSA-SEED-SHA KO DH-RSA-AES128-GCM-SHA256 KO DH-RSA-AES128-SHA KO DH-RSA-AES128-SHA256 KO DH-RSA-AES256-GCM-SHA384 KO DH-RSA-AES256-SHA KO DH-RSA-AES256-SHA256 KO DH-RSA-CAMELLIA128-SHA KO DH-RSA-CAMELLIA256-SHA KO DH-RSA-DES-CBC3-SHA KO DH-RSA-DES-CBC-SHA KO DH-RSA-SEED-SHA KO ECDH-ECDSA-AES128-GCM-SHA256 KO ECDH-ECDSA-AES128-SHA KO ECDH-ECDSA-AES128-SHA256 KO ECDH-ECDSA-AES256-GCM-SHA384 KO ECDH-ECDSA-AES256-SHA KO ECDH-ECDSA-AES256-SHA384 KO ECDH-ECDSA-DES-CBC3-SHA KO ECDH-ECDSA-NULL-SHA KO ECDH-ECDSA-RC4-SHA KO ECDHE-ECDSA-AES128-GCM-SHA256 KO ECDHE-ECDSA-AES128-SHA KO ECDHE-ECDSA-AES128-SHA256 KO ECDHE-ECDSA-AES256-GCM-SHA384 KO ECDHE-ECDSA-AES256-SHA KO ECDHE-ECDSA-AES256-SHA384 KO ECDHE-ECDSA-DES-CBC3-SHA KO ECDHE-ECDSA-NULL-SHA KO ECDHE-ECDSA-RC4-SHA OK ECDHE-RSA-AES128-GCM-SHA256 OK ECDHE-RSA-AES128-SHA OK ECDHE-RSA-AES128-SHA256 OK ECDHE-RSA-AES256-GCM-SHA384 OK ECDHE-RSA-AES256-SHA OK ECDHE-RSA-AES256-SHA384 OK ECDHE-RSA-DES-CBC3-SHA KO ECDHE-RSA-NULL-SHA OK ECDHE-RSA-RC4-SHA KO ECDH-RSA-AES128-GCM-SHA256 KO ECDH-RSA-AES128-SHA KO ECDH-RSA-AES128-SHA256 KO ECDH-RSA-AES256-GCM-SHA384 KO ECDH-RSA-AES256-SHA KO ECDH-RSA-AES256-SHA384 KO ECDH-RSA-DES-CBC3-SHA KO ECDH-RSA-NULL-SHA KO ECDH-RSA-RC4-SHA KO EDH-DSS-DES-CBC3-SHA KO EDH-DSS-DES-CBC-SHA KO EDH-RSA-DES-CBC3-SHA KO EDH-RSA-DES-CBC-SHA KO EXP-ADH-DES-CBC-SHA KO EXP-ADH-RC4-MD5 KO EXP-DES-CBC-SHA KO EXP-DH-DSS-DES-CBC-SHA KO EXP-DH-RSA-DES-CBC-SHA KO EXP-EDH-DSS-DES-CBC-SHA KO EXP-EDH-RSA-DES-CBC-SHA KO EXP-RC2-CBC-MD5 KO EXP-RC4-MD5 KO IDEA-CBC-MD5 KO IDEA-CBC-SHA KO NULL-MD5 KO NULL-SHA KO NULL-SHA256 KO PSK-3DES-EDE-CBC-SHA KO PSK-AES128-CBC-SHA KO PSK-AES256-CBC-SHA KO PSK-RC4-SHA KO RC2-CBC-MD5 OK RC4-MD5 OK RC4-SHA KO SEED-SHA KO SRP-3DES-EDE-CBC-SHA KO SRP-AES-128-CBC-SHA KO SRP-AES-256-CBC-SHA KO SRP-DSS-3DES-EDE-CBC-SHA KO SRP-DSS-AES-128-CBC-SHA KO SRP-DSS-AES-256-CBC-SHA KO SRP-RSA-3DES-EDE-CBC-SHA KO SRP-RSA-AES-128-CBC-SHA KO SRP-RSA-AES-256-CBC-SHA ```