1.8 KiB
1.8 KiB
CipherScan
A very simple way to find out which SSL ciphersuites are supported by a target.
Run: ./CipherScan.sh www.google.com:443 And watch.
The newer your version of openssl, the better results you'll get. Older versions of OpenSSL don't support TLS1.2 ciphers, elliptic curves, etc... Build Your Own!
Options
Enable benchmarking by setting DOBENCHMARK to 1 at the top of the script.
Use '-v' to get more stuff to read.
Use '-a' to force openssl to test every single cipher it know.
Example
prio ciphersuite protocols pfs_keysize
1 ECDHE-RSA-AES128-GCM-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
2 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
3 ECDHE-RSA-AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
4 AES128-GCM-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2
5 RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2
6 RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2
7 ECDHE-RSA-AES256-GCM-SHA384 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
8 ECDHE-RSA-AES256-SHA384 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
9 ECDHE-RSA-AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
10 AES256-GCM-SHA384 SSLv3,TLSv1,TLSv1.1,TLSv1.2
11 AES256-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2
12 AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2
13 ECDHE-RSA-DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
14 DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2
15 ECDHE-RSA-AES128-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
16 AES128-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2
17 AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2