CipherScan ========== A very simple way to find out which SSL ciphersuites are supported by a target. Run: ./cipherscan www.google.com:443 And watch. The newer your version of openssl, the better results you'll get. Older versions of OpenSSL don't support TLS1.2 ciphers, elliptic curves, etc... Build Your Own! Options ------- Enable benchmarking by setting DOBENCHMARK to 1 at the top of the script. You can use one of the options below (only one. yes, I know...) Use '-v' to get more stuff to read. Use '-a' to force openssl to test every single cipher it know. Use '-json' to output the results in json format ``` $ ./cipherscan www.google.com:443 -json ``` Example ------- ``` $ ./cipherscan www.google.com:443 prio ciphersuite protocols pfs_keysize 1 ECDHE-RSA-AES128-GCM-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 2 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 3 ECDHE-RSA-AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 4 AES128-GCM-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 5 RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 6 RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 7 ECDHE-RSA-AES256-GCM-SHA384 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 8 ECDHE-RSA-AES256-SHA384 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 9 ECDHE-RSA-AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 10 AES256-GCM-SHA384 SSLv3,TLSv1,TLSv1.1,TLSv1.2 11 AES256-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 12 AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 13 ECDHE-RSA-DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 14 DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 15 ECDHE-RSA-AES128-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 16 AES128-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 17 AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ```